Hi Dave,
I replied the same in a separate thread. For your convenience, I
copied it below:
We don't allow custom scheme as per our security policy, so only
HTTP/HTTPS URL is allowed. Probably our recent changes to our
OAuth servers plugged some holes that we left earlier.
I would suggest you use the following workaround that should work
with our security policies.
- Register your application as Web-based and have your domain verified,
say mysite.com
- Use the standard Web flow to get request token and have oauth_callback
URL to be something like
http://mysite.com/oauth- Once you get the authorized request token and the verifier in the above
oauth_callback URL, do another redirect from your Web server to your
application's custom protocol handler:
http://mysite.com/oauth?oauth_token=<to...lt;verifier> =>
mycoolapp://mysite.com/oauth?oauth_token=<token>&oauth_verifier=<verifier>
- Then your application should be able to use the request token and verifier
to get the access token and then use it to call the Yahoo! APIs.
I know this means extra work for you, however it will ensure that your
application will work with our security policies. Also if your site can
proxy OAuth requests for your applications, then you don't need to embed
the consumer secret in your application that is installed on your users'
computers.
Thanks,
Yu Wang
Yahoo! Membership Team
