Back to OAuth General Discussion YDN SDKs Forum
0

Going from bbauth to oauth

I currently have a successful app with many hundreds of users that uses bbauth. I would like to switch over to oauth. What's the best way to do this with minimal inconvenience to current users?

by
Report Abuse
7 Replies
  • Hi,

    Presently we don't have any guide or approach doc which we can share on such migrations. We can definetly work with you in every stage to help you get started.
    Few things which I can think of are:
    1. Make sure you follow these OAuth steps and have your application support it.
    2. There should be changes in your app for getting a one time authorization from your end users so that they can continue using your OAuth enabled app.
    3. Also you may need to think about storing the retrieved access tokens so that you can request new access token after its expiry.

    If you need any specific info do let us know. Thanks.

    --R


    QUOTE (ymailfeed @ Apr 17 2010, 06:24 PM) <{POST_SNAPBACK}>
    I currently have a successful app with many hundreds of users that uses bbauth. I would like to switch over to oauth. What's the best way to do this with minimal inconvenience to current users?
    Report Abuse
    0
  • Thanks. One thing that I can't seem to get by reading the docs:

    I used to use the userhash property as a unique way to identify users. What's the equivalent of this in Oauth?

    QUOTE (yMailJanitor @ Apr 20 2010, 02:55 PM) <{POST_SNAPBACK}>
    Hi,

    Presently we don't have any guide or approach doc which we can share on such migrations. We can definetly work with you in every stage to help you get started.
    Few things which I can think of are:
    1. Make sure you follow these OAuth steps and have your application support it.
    2. There should be changes in your app for getting a one time authorization from your end users so that they can continue using your OAuth enabled app.
    3. Also you may need to think about storing the retrieved access tokens so that you can request new access token after its expiry.

    If you need any specific info do let us know. Thanks.

    --R
    Report Abuse
    0
  • I can't think of anything other than user's email id being unique. Any reason on why you are using userhash property? Not sure if OAuth has any such thing.

    --R


    QUOTE (ymailfeed @ Apr 20 2010, 03:54 PM) <{POST_SNAPBACK}>
    Thanks. One thing that I can't seem to get by reading the docs:

    I used to use the userhash property as a unique way to identify users. What's the equivalent of this in Oauth?
    Report Abuse
    0
  • Well, I use the userhash property to identify users cross-session. In other words, when someone logs in for their second time, I have a simple way to identify whether they already have an account with us, and then can just update their record. [users log in a second time to change their settings].

    I noticed the that at http://developer.yahoo.com/oauth/guide/oau...ccesstoken.html you identify oauth_session_handle as "The persistent credential used by Yahoo! to identify the Consumer after a User has authorized access to private data." So would this be the equivalent of what I want?
    Report Abuse
    0
  • QUOTE (yMailJanitor @ Apr 21 2010, 02:02 PM) <{POST_SNAPBACK}>
    I can't think of anything other than user's email id being unique.


    Also, I can't seem to find a way to get the user's email id. Can you help with that?
    Report Abuse
    0
  • I will move this topic to OAuth forums.

    --R



    QUOTE (ymailfeed @ Apr 22 2010, 01:06 PM) <{POST_SNAPBACK}>
    Also, I can't seem to find a way to get the user's email id. Can you help with that?
    Report Abuse
    0
  • Hi,

    The recommended way is to use OpenID with OAuth as documented
    in the Yahoo! OpenID + OAuth Quick Start Guide:
    http://developer.yahoo.com/oauth/guide/ope...auth-guide.html

    With that, users can sign into your web site with their Yahoo!
    OpenID and you can use that to identify these users. Because
    we support the OpenID Attribute Exchange (AX) extension, you can
    also request for user's name, email address, profile pic, gender,
    timezone, and language preference during the sign-in flow. You can
    check this post for details:

    http://developer.yahoo.net/forum/index.php?showtopic=3696

    I hope this helps.

    Thanks,
    Yu Wang
    Yahoo! Membership
    Report Abuse
    0
Ask a Question

Recent Posts

in OAuth General Discussion YDN SDKs