SodaHead is a leading opinions-based online community focused on the day's hottest entertainment, politics, and news discussion topics, exceeding over 6.8 million monthly unique users. As of this week, SodaHead enables users to register or login with their Yahoo! account(s). Here's how it works, according to this Guest Post blog post by SodaHead's Michael Rosen, SodaHead product manager, and
Michael Kalas, SodaHead senior software engineer and lead third-party API developer.
Yahoo! registration lets users connect with their Yahoo! contacts on SodaHead, and include them in their social polls. SodaHead then uses Yahoo! Updates to push content to the user's stream when he or she uses the site.
Sodahead has integrated the Yahoo! Login button (alongside Facebook and Twitter) throughout the site, as well as within its registration/login modal process.
During registration, SodaHead gives users the opportunity either to merge their existing SodaHead accounts after Yahoo! authentication, or to create new accounts via Yahoo!, pulling in their public profile information (avatar, status, interests, and so on).
Clicking the Yahoo! button (as shown in the following screenshot) within the login container triggers the Yahoo! authorization process.
Clicking "Get started now!" or "Login" triggers applicable modal views. The Yahoo! button is displayed on right side of the modal dialog box.
Clicking the Yahoo! button within the login container triggers the Yahoo! authorization process.
We initialize an OpenID + OAuth Hybrid Extension process — using an open-source python-openid library — to perform Yadis discovery, handle Yahoo! associations, and guarantee nonce and signature authenticity.
We utilize an NFS mount (File Store, Memory, Database, and general interface Stores also available) to share association and nonce states between our clustered tier of applications and SodaHead servers (Apache-WSGI-Python).
Using the identity returned by the Yahoo! authorization process, we discover if we have already associated this identity (and OAuth token) with a SodaHead user. We allow multiple identities (including other providers) to be associated with a single SodaHead user.
When not merging with an existing SodaHead account, we utilize the authorized OAuth token to perform requests with the Yahoo! Social Directory API, to fill the new user's profile with attributes.
In the future, if unauthenticated with SodaHead, the merged interstitial page with returning OAuth identities is not displayed; identities already associated with a SodaHead user will be simply logged in.
Utilizing the signed OAuth token and Yahoo! Contacts API, we discover SodaHead users' friends who are already SodaHeads.
Utilizing the signed OAuth token and Yahoo! Updates API, we post to users' Update streams — fed throughout their Yahoo! Pulse profile and Yahoo! Messenger actions — giving visibility to users' friends about their joining, expressing themselves, and contributing content on SodaHead.
We further utilize OAuth and Updates API to continue assisting users in notifying their Yahoo! friends (on Pulse and Messenger) of their interactions on SodaHead.