Back to OAuth General Discussion YDN SDKs Forum

desktop application and oauth

hello,

i have a desktop application that fetch yahoo mails to my users.
the POC that i have done until now was a server to server call and i did mange to receive the user emails and folders data, all went great.

the next stage that i want is to:

store access token + secret + session handle that i got from doing server to server calls in a DB

then my desktop application will fetch it from the DB
pass it to my web page, this web page will generate a Authorization header string using my application shared secret and return it to the desktop application.

the desktop application will call yahoo email API using AJAX and send the Authorization header.

is this flow allow?
what should i do in order to use the API with oauth from my desktop application?

note: i did register the application as a desktop application in 'MY PROJECTS' area.

thanks
Elad

Icq
Apr 22, 2010

8 Replies

- omiga
- Apr 22, 2010
Hi Elad,

The flow in your post is allowed though it incurs extra roundtrip time
from your client to your server and then from your client to Yahoo! WS
APIs while in fact your client can just generate the request by itself.
In that way, you don't actually maintain your own Web server or you can
use your own Web server for other purposes such as checking and downloading
updates. I believe the OS that your client runs provides all the necessary
libraries to generate and process OAuth requests and responses.

Thanks,
Yu Wang

Report Abuse

0
- Icq
- Apr 22, 2010
QUOTE (omiga @ Apr 22 2010, 09:23 AM) <{POST_SNAPBACK}>
Hi Elad,

The flow in your post is allowed though it incurs extra roundtrip time
from your client to your server and then from your client to Yahoo! WS
APIs while in fact your client can just generate the request by itself.
In that way, you don't actually maintain your own Web server or you can
use your own Web server for other purposes such as checking and downloading
updates. I believe the OS that your client runs provides all the necessary
libraries to generate and process OAuth requests and responses.

Thanks,
Yu Wang

thanks again Yu Wang,

my concern is generating the signature with my consumer shared secret and key.
i don't want it on the desktop application as there is no good way to hide it from the user.

is it possible to use anonymous/anonymous for example?
is there a link for a snippet / docs?

thanks
Elad

Report Abuse

0
- omiga
- Apr 23, 2010
Hi Elad,

I see your point: If you do want to protect the consumerkey secret,
then you will need to have your server to generate the request.

Unfortunately it is impossible to have an anynomous one for
both accountability and user data protection reasons.

Thanks,
Yu Wang

Report Abuse

0

Icq
Apr 23, 2010

QUOTE (omiga @ Apr 23 2010, 12:07 AM) <{POST_SNAPBACK}>

Hi Elad,

I see your point: If you do want to protect the consumerkey secret,
then you will need to have your server to generate the request.

Unfortunately it is impossible to have an anynomous one for
both accountability and user data protection reasons.

Thanks,
Yu Wang

great thanks.
is there any snippet about AJAX call to mail API or maybe you guys support JSONP?
is authorization header + function parameters is enough? something like this:

CODE

var sAuthorizationHeader = 'THIS IS THE VALUE THAT RETURNS FROM MY WEB APP';
var sUrl = 'http://mail.yahooapis.com/ws/mail/v1.1/jsonrpc';
var sApiMethod = 'ListMessages';
var params = 'fid=inbox&numMid=10';
var oAjax = new XMLHttpRequest();
oAjax.open("POST", url, true);
oAjax.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
oAjax.setRequestHeader("Content-length", params.length);
oAjax.setRequestHeader("Authorization", "sAuthorizationHeader");
oAjax.setRequestHeader("Connection", "close");

http.onreadystatechange = function() {
	if(oAjax.readyState != 4)
               return;
        if (oAjax.status != 200){
               /** report error code /**/
               return;
        }
	/**display the emails:/**/
}
http.send(params);

thanks
Elad

Icq
Apr 23, 2010

QUOTE (icqdev @ Apr 23 2010, 02:01 AM) <{POST_SNAPBACK}>

CODE

var sAuthorizationHeader = 'THIS IS THE VALUE THAT RETURNS FROM MY WEB APP';
var sUrl = 'http://mail.yahooapis.com/ws/mail/v1.1/jsonrpc';
var sApiMethod = 'ListMessages';
var params = 'fid=inbox&numMid=10';
var oAjax = new XMLHttpRequest();
oAjax.open("POST", url, true);
oAjax.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
oAjax.setRequestHeader("Content-length", params.length);
oAjax.setRequestHeader("Authorization", "sAuthorizationHeader");
oAjax.setRequestHeader("Connection", "close");

http.onreadystatechange = function() {
	if(oAjax.readyState != 4)
               return;
        if (oAjax.status != 200){
               /** report error code /**/
               return;
        }
	/**display the emails:/**/
}
http.send(params);

i improved the snippet above, it looks like this now:

CODE

function getYahooEmails(){
	var aParams		= [{'fid':'inbox','startInfo':0,'numInfo':10}];
	var oRequest	= {'method':'ListMessages','params': aParams};
	var sRequest	= json_encode(oRequest); //i took json_encode from here: http://phpjs.org/functions/json_encode:457
	var sUrl		        = 'http://mail.yahooapis.com/ws/mail/v1.1/jsonrpc';
	var sHeader		= 'OAuth oauth_nonce="f65670481f2282ddc82607e148de374a",oauth_timestamp="1272050828",oauth_version="1.0",oauth_signature_method="HMAC-SHA1",oauth_consumer_key="MYKEY",oauth_token="TOKEN",oauth_signature="SIG"'; //this value is from my  web page application
	var oAjax		= new XMLHttpRequest();
	oAjax.open("POST",sUrl,true);
	oAjax.setRequestHeader("Content-Type", "application/json");
	oAjax.setRequestHeader("Accept", "application/json");
	oAjax.setRequestHeader("Authorization", sHeader);
	oAjax.setRequestHeader("Connection", "close");
	oAjax.onreadystatechange=function(){
		if(oAjax.readyState != 4) return;
		if(oAjax.status != 200) return;		
		document.getElementById('result').innerText = oAjax.responseText;
	}
	oAjax.send(sRequest);
}

i use fiddler to see the call:
my request header:

CODE

POST /ws/mail/v1.1/jsonrpc HTTP/1.1
Accept: application/json
Accept-Language: he
Pragma: no-cache
Authorization: OAuth oauth_nonce="f65670481f2282ddc82607e148de374a",oauth_timestamp="1272050828",oauth_version="1.0",oauth_signature_method="HMAC-SHA1",oauth_consumer_key="MYKEY",oauth_token="TOKEN",oauth_signature="SIG"
Content-Type: application/json
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: mail.yahooapis.com
Content-Length: 117
Connection: Keep-Alive

this is the response:

CODE

HTTP/1.1 500 Internal Server Error 88
Date: Fri, 23 Apr 2010 19:27:44 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Accept-Encoding
Content-Type: application/json
Cache-Control: private
Age: 0
Transfer-Encoding: chunked
Connection: keep-alive
Server: YTS/1.17.23
     
{"result":null,"error":{"code":"Client.FolderIdDoesntExist","message":"Folder ID doesn't exist.","detail":null}}

what can be the problem?
when i do server to server call i use the same params

thanks
Elad

- omiga
- Apr 23, 2010
Hi Elad,

Sorry I don't work in the team that manages the Mail WS API.
I guess probably JSONP is not supported yet and in case you
need to make AJAX call, then you will need to proxy the request on your
server due to cross-domain security constraint:
http://developer.yahoo.com/javascript/howto-proxy.html

I would suggest you ask these questions directly on the
Yahoo! Mail API forum there where you can get expert answers:
http://developer.yahoo.net/forum/index.php?showforum=89

Thanks,
Yu Wang

Report Abuse

0
- Icq
- Apr 24, 2010
QUOTE (omiga @ Apr 23 2010, 08:36 PM) <{POST_SNAPBACK}>
Hi Elad,

Sorry I don't work in the team that manages the Mail WS API.
I guess probably JSONP is not supported yet and in case you
need to make AJAX call, then you will need to proxy the request on your
server due to cross-domain security constraint:
http://developer.yahoo.com/javascript/howto-proxy.html

I would suggest you ask these questions directly on the
Yahoo! Mail API forum there where you can get expert answers:
http://developer.yahoo.net/forum/index.php?showforum=89

Thanks,
Yu Wang

thanks Yu Wang for you answers you have been a great help.
i will try Yahoo Mail API forum.

just a note, i have no cross domain issue because my application is desktop application and the ajax call is from "localhost" to yahoo.
localhost have no cross domain issues in ajax.

thanks
Elad

Report Abuse

0

Donna T
May 11, 2010

QUOTE (icqdev @ Apr 23 2010, 02:01 AM) <{POST_SNAPBACK}>

great thanks.
is there any snippet about AJAX call to mail API or maybe you guys support JSONP?
is authorization header + function parameters is enough? something like this:

CODE

var sAuthorizationHeader = 'THIS IS THE VALUE THAT RETURNS FROM MY WEB APP';
var sUrl = 'http://mail.yahooapis.com/ws/mail/v1.1/jsonrpc';
var sApiMethod = 'ListMessages';
var params = 'fid=inbox&numMid=10';
var oAjax = new XMLHttpRequest();
oAjax.open("POST", url, true);
oAjax.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
oAjax.setRequestHeader("Content-length", params.length);
oAjax.setRequestHeader("Authorization", "sAuthorizationHeader");
oAjax.setRequestHeader("Connection", "close");

http.onreadystatechange = function() {
	if(oAjax.readyState != 4)
               return;
        if (oAjax.status != 200){
               /** report error code /**/
               return;
        }
	/**display the emails:/**/
}
http.send(params);

thanks
Elad

Ask a Question

Yahoo! Developer Network

desktop application and oauth

Recent Posts