Yes, there is a workaround. I was/am building an FF mobile app when I was faced with the same question. Here's what you can do:
1. Direct your user to
http://mlogin.yahoo.com. This page contains authentication for Yahoo, Google and Facebook.
Note: After your user logs in, irrelevant of the provider, they will be "Yahoo" authenticated, and redirected to a Yahoo landing page.
2. Allow your mobile platform's web browser control to detect when the user has been navigated to the Yahoo landing page. When you detect this specific redirect (assume that the user has successfully authenticated) begin the oauth process (i.e. make your initial call to get an oauth request token).
3. After the request comes back, retrieve the oauth_request_auth_url and automatically redirect the browser to that url. In other words, the flow is: mlogin.yahoo.com -> user auths -> your app gets request token and url -> your app redirects to auth url
4. Since the user has already authenticated (within the same browser session; cookie support is required), then the auth url from step 2 will not prompt your user with the Yahoo-only login. Instead, it will prompt your user to authorize your app (i.e. requesting permission to share such-and-such data, etc).
At this point, you've successfully oauth'ed your user regardless if they authenticated via Yahoo, Google or Facebook. The rest is the normal oauth flow of getting an auth token and exchanging it for an access token. This is clearly documented by Yahoo.
For the record, I am successfully using this "flow" for my FF mobile app. Let me know if you have any questions.
jgo
