0

Integration with Yahoo Connected TV Widget

I am looking to create a widget for my Yahoo Connected TV to display some information from the Fantasy Sports API.  I know the Fantasy API generally requires 3 legged OAuth.  Is there any way to do this from a TV widget?  I have managed to do 2 legged OAuth from my TV.  I can also use profiles to login to my Yahoo account.  However, I don't know if there is any way to tell the API that it is ok to access my personal information.

Can anyone help me? 

by
2 Replies
  • That's a really interesting question. All of our OAuth schemes require that the user be booted to a browser at some point to grant you permission, and I'm actually not sure if there's any way to avoid that. At the end of the day, you just need to be able to generate that request token URL and get a verifier back from it, so you could always message that to users in some other way -- in the dumbest implementation, send an email with the correct URL over to them, have them go through that flow on, I dunno, their smart phone, and then ask them to type back in the verifier that's displayed (if you specify "oob" as the callback URL, which will present a page that tells the user the verifier at the end). That would be the dumbest way, but certainly a functional way.

    Also, if this is only for your own personal use, then you could certainly just generate the access token yourself using other scripts (for reference, there are similar concepts at play in the Getting Started guide -- once the script gets an access token, it keeps refreshing it so that it never needs to prompt for user input again). That only really works if you can seed the initial access token, though.

    Otherwise, yeah, I'm not sure, either. Has anyone else played with 3-legged OAuth solutions in environments that don't have browser access?
    0
  • Thanks for your response and suggestions!  This is most likely just for my personal use - so I may be able to get by using one of the methods you suggested.  Thanks!

    QUOTE(Sean Montgomery @ 31 Aug 2011 10:47 PM)
    That's a really interesting question. All of our OAuth schemes require that the user be booted to a browser at some point to grant you permission, and I'm actually not sure if there's any way to avoid that. At the end of the day, you just need to be able to generate that request token URL and get a verifier back from it, so you could always message that to users in some other way -- in the dumbest implementation, send an email with the correct URL over to them, have them go through that flow on, I dunno, their smart phone, and then ask them to type back in the verifier that's displayed (if you specify "oob" as the callback URL, which will present a page that tells the user the verifier at the end). That would be the dumbest way, but certainly a functional way.

    Also, if this is only for your own personal use, then you could certainly just generate the access token yourself using other scripts (for reference, there are similar concepts at play in the Getting Started guide -- once the script gets an access token, it keeps refreshing it so that it never needs to prompt for user input again). That only really works if you can seed the initial access token, though.

    Otherwise, yeah, I'm not sure, either. Has anyone else played with 3-legged OAuth solutions in environments that don't have browser access?
    0

Recent Posts

in Fantasy Sports API