Back to OAuth General Discussion YDN SDKs Forum
0

Live vs development domain and hostnames

I registered an application, uploaded the verification files and successfully got API keys for our domain (say, example.com)

Now, I'm not too keen on developing code on our live servers, and would like to prototype, develop and test code locally before uploading polished and stable code to our live environment. Sadly, I get this error:

- Custom port is not allowed or the host is not registered with this consumer key.

The hostname:port we're using looks like "example.local:9123" - something we settled on to help us work with cookies better (e.g. to share cookies between images.example.local and example.local. Something you can't do with images.localhost and localhost.)

As our development hostnames are local and private (using entires in /etc/hosts) - we're unable to sign-up for a separate key to use on 'example.local' as the verification process fails (Yahoo's server can't verify "example.local/asdf987as9s8d7aa98s.html" as it can't resolve the hostname)

To get to the point - is there any way we can sign-up for a key to use on a private host? And what about a custom port?

Barring that, can anyone state whether consumer keys work when developing on "localhost" (port 80)

I'm sure we can tit around with our development environment if we have to - but the idea of using consumer keys on private domain names would (I'd think) be an issue for anyone developing intranet applications that hook into OAuth services...?

by
Report Abuse
5 Replies
  • After changing our configuration to use 'localhost' as the domain-name, we still couldn't authenticate with Yahoo.

    I think it's a general OAuth thing rather than a yahoo problem, but note that Google seems to offer a special consumer key & secret for people to develop oauth apps locally

    I also see there's a couple of things in the pipeline that may help in future - i.e. the OAuth Discovery draft, and an extension proposal for "unregistered consumers".

    In the meantime, I ended up resorting to hacking our /etc/hosts file, flushing our DNS cache then accessing my local server using the real domain name "example.com" on port 80.

    The only thing to worry about for anyone who cares to copy setup is that you'll need to verify the domain-name by uploading files to the real server.

    (and for ye olde Mac Tiger users, after editting /etc/hosts you can use "$ lookupd -flushcache" in the Terminal to make Safari forget what the real server's IP address is.)
    Report Abuse
    0
  • Hi ash.searle,

    Yes, unfortunately you can't authenticate your keys in a regular method from a development box with a custom port, a private location, or from localhost. The method you described of getting around the domain authentication is one method that others have used in the past. The only other method I can see to bypass this process is to obtained keys for a "desktop application" as opposed to a "web application" so that you will not have to validate a domain name.

    Jonathan LeBlanc
    Senior Software Engineer
    Yahoo! Developer Network
    Twitter: jcleblanc
    Report Abuse
    0
  • I've been looking at this very same problem for a few hours now, giving up for tonight, very frustrated. I hope it's not your intention to make it as difficult as possible to develop applications using Yahoo services (I'm trying with Placemarker). Honestly, how are we supposed to develop if we can't access the service from (preferably a localhost) development server? I don't know what development cycles you have over at Yahoo but please... We can't possibly be expected to do development on a live server; doing code changes first locally, then deploying to the live box, checking the errors, cleaning the live deployment, doing code changes locally, deploying again, what ever you additionally do... In my years of experience of doing web development, systems integrations, etc I've never seen such a rigid setup that seems intended on making it difficult for developers to do what we want to do, develop! I have a great mashup in the doings for which Yahoo Placemarker would have been just the right tool. Really, how do people develop for Yahoo services, I'm curious (no sarcasm)...

    (In hacking the hosts file I failed, maybe you could lend me a hand at bypassing your own security, in the name of programming?)
    Report Abuse
    0
  • This should be fixed now.

    Thanks,

    Robyn Tippins
    @duzins on Twitter
    Community Manager, YDN

    ***Follow YDN on Twitter and Facebook***
    Report Abuse
    0
  • Indeed it is working! Thank you so much. I still have a few things to solve in the project aside from this, but the major obstacle is out of the way. This Yahoo PlaceMaker is pure magic, I'm getting back the geographical locations from any text passed to the service, woa!
    Report Abuse
    0
Ask a Question

Recent Posts

in OAuth General Discussion YDN SDKs