OAuth Update

Note: Please check out OAuth Update #2 for the most recent status of OAuth on Yahoo!.

As you may know, several Yahoo! APIs use OAuth, an open standard that lets users give a service permission to access the information they?ve stored with a third-party website without exposing their password and account information. The Yahoo! APIs that leverage OAuth include our Y!OS Social Directory, Contacts, Status, and Updates APIs, as well as Fire Eagle.

Recently, the folks at OAuth let us know about a potential security issue within the protocol. At Yahoo! we take the security and privacy of our users very seriously, and so for the time being we?ve disabled the ability for users to authorize new applications via OAuth. Applications that have already been authorized will not be affected.

We recognize the impact this has on you as developers and appreciate your patience. We?re continuing to evaluate the best way to move forward and are actively working with the OAuth community to resolve the issue.

Rest assured, we?re hoping to re-enable OAuth on Yahoo! as soon as practically possible. Please check back for updates on our progress, which will be posted here.

Allen Tom
Architect, Yahoo! Membership