All Yahoo! services using OAuth are now upgraded to the new OAuth 1.0a
version of the protocol, resolving the session fixation security issue
. The upgraded services include all Y!OS APIs
(Contacts, Updates, Status, and Social Directory) and Fire Eagle
. Users authorizing applications using OAuth 1.0a will not see the security interstitial screen
that is displayed for apps that are still using the older 1.0 version of the protocol.
For a short transitional period, we will continue to display the security interstitial screen for applications using OAuth 1.0, however we will soon require all applications to use 1.0a.
Developers using Y!OS services should check out our updated OAuth documentation
to see what?s changed in 1.0a, or you can just download and install the latest version of the Y!OS SDK
to automatically upgrade your app to OAuth 1.0a, without any code changes.
Open standards like OAuth benefit from Havi Hoffmanng security professionals throughout the industry review and Read More »from OAuth Update #3, Revision A