Get a Pre-approved Request Token (OpenID)
URL:
https://open.login.yahooapis.com/openid/op/auth
Supported Methods:
GET, POST
As a result of peforming discovery, you will also obtain the above OpenID request URL.
Make an authentication request to this URL using checkid_setup mode. Use an
additional two OAuth specific parameters: openid.oauth.consumer and
openid.oauth.scope. This step corresponds to OpenID
OAuth Spec., Section 8.
Tip
Since the above request URL is unlikely to change, you can cache it to optimize your requests.
The following is an example of an authentication request using checkid_setup:
For an explanation of the parameters used above, refer to the following table:
Table 2.1. Pre-approved Request Token, Request Parameters
| Request Parameter | Request Type | Description |
|---|---|---|
openid.ns |
OpenID | This parameter should always be http://specs.openid.net/auth/2.0
for OpenID 2.0 requests.
|
openid.mode |
OpenID | Yahoo! only supports checkid_setup. If you use
checkid_immediate, the response will instead direct you to use
checkid_setup.
|
openid.claimed_id |
OpenID | (optional) The OpenID that the user provided. |
openid.identity |
OpenID | (optional) The OP-Local identifier, or if equal to:
http://specs.openid.net/auth/2.0/identifier_select, the OP should choose
an identifier for the user.
|
openid.assoc_handle |
OpenID | (optional) The Association handle. You can set this association if your app and Yahoo have established an association. For more information, refer to OpenID 2.0 Final Spec, Section 8. |
openid.return_to |
OpenID | After signing in, the user is taken to this URL. |
openid.realm |
OpenID | URL pattern of the domain that a user should trust. Example:
*.domain.com |
openid.ns.oauth |
OpenID + OAuth Hybrid | This OAuth-specific parameter should always be:
http://specs.openid.net/extensions/oauth/1.0 |
openid.oauth.consumer |
OpenID + OAuth Hybrid | This OAuth-specific parameter is the OAuth Consumer Key provided by Yahoo upon registration. |
Note
Yahoo! does not support the optional OpenID-OAuth Hybrid request parameter
openid.oauth.scope. Since this information is already included within the
Consumer Key, this parameter is unnecessary to determine user authorization scopes. If you
send this parameter as part of your request, Yahoo! silently ignores it.
Tip
Yahoo! supports custom name extensions, so aside from using the OAuth-specific
parameters above, you can also use an extension. For example, instead of
openid.ns.oauth, you can also use openid.ns.ext1, and instead of
openid.oauth.consumer, you can use openid.ext1.consumer.
Tip
Yahoo! OpenID supports Attribute Exchange, which enables users to share their Yahoo! Profile data when they sign into sites using their Yahoo! ID. Yahoo! supports the following fields:
Sites wishing to use Attribute Exchange should use the schema defined at axschema.org.
In response to your authentication request using checkid_setup mode, Yahoo!
provides a response as described in OpenID
OAuth Spec, Section 10, similar to the following:
The following parameters in the response are specific to the OpenID + OAuth flow:
Table 2.2. Pre-approved Request Token, Key Response Parameters
| Request Parameter | Request Type | Description |
|---|---|---|
openid.ns.oauth |
OpenID + OAuth Hybrid | This parameter should always be:
http://specs.openid.net/extensions/oauth/1.0 |
openid.oauth.request_token |
OpenID + OAuth Hybrid | A pre-approved Request Token. |
Note
Yahoo! does not provide the optional OpenID + OAuth Hybrid response parameter
openid.oauth.scope, since this information is already included within the
Consumer Key.
Note
In case there is an error with an OAuth-specifc portion of the request, such as an invalid Consumer Key, Yahoo! will not return an error message to the Relying Party because the current OpenID OAuth extension spec does not include an error reporting mechanism. Instead, the request falls back to an OpenID request because all necessary and correct OAuth parameters are present.