If we log into a site using OpenID+OAuth "Hybrid Auth", then authorize an OAuth app or install a Yahoo! Application Platform (YAP) app, and grant access to our protected Yahoo! data, how can we revoke or control access later?
It is important for users and developers to understand how to do this. Users may change their minds about allowing an app to access their data. Developers need to build apps that can handle such changes.
You can see and manage all the apps you have granted access to via OAuth and Hybrid Auth here: https://api.login.yahoo.com/WSLogin/V1/unlink.
To get there, follow these steps:
- Go to profiles.yahoo.com.
- Click View Account Info under the Account Info tab on the Profiles page.
- Click Manage Apps and Website Connections under Sign-In and Security.
- Click an app name to see scopes provided.
- Click Remove to revoke accesss.
At a more granular level, you can control which apps are allowed to publish updates for your account on the Manage Updates page of your Yahoo! Profile, and in the Settings dialog of an app (shown in the following screenshot).
You can see all the Yahoo! applications you have installed, and remove individual apps, on the My Apps page.
Removing an app revokes its access to your data.
Co-authored by Erik Eldridge and Christine Dorffi