Having reviewed the workflow, I have a question that I hope you can assist me with.
The program we're working on is a Win32 application, which is not tied to a browser in any way. Ideally, people would have to enter their YahooID and password and the program will do the rest, without opening additional windows (especially windows belonging to other software, specifically - a browser).
However, the workflow described in the documentation is designed in such a way that a person must provide some input via a browser in order to complete the process. This disrupts our application's modus operandi - now we have to tell the user that "a browser window will open now, don't worry, it's not a bug- it's a feature; input your credentials there; it's safe; it's not phishing". Besides, this adds some dependencies - now we have to make sure that a browser is present in the system, that they have the right to start it, etc.
I am wondering what the rationale for this rule is, and whether it would be acceptable to automate this step. What the browser does is capture the credentials via the keyboard, then pass them to the server. We can extend our program to do the same thing.
After all, the browser is also 'just a program' that 'knows' the HTTP protocol and uses it to exchange data. We could train our software to perform the same actions, and pretend that it is a browser by using a fake 'UserAgent' string in the request.