2 OAuth call back url bugs


I think I found two bugs with the OAuth logic.
  • First registery a domain of mydomain.com and then try to get a token with the call back url set to http:://www.mydomain.com/ My understanding is this should work since I have registered the main domain. All sub-domains should automatically work, right?
  • Second try using the correct domain but with https instead of http for the call back url. I.E. https://mydomain.com/

Did i miss something obvious or are these real bugs?

1 Reply
  • Hi Robert,

    The first one is not a bug. Our current security policy requires
    exact host match.

    As to the second one, I have tried it myself by registering a ckey
    with http callback URL and then constructing requests that use
    https callback URL and cannot reproduce it. Can you please provide
    the exact steps on how to reproduce this issue?

    Yu Wang
    Yahoo! Membership Team

Recent Posts

in OAuth General Discussion YDN SDKs