0

Developing and testing on localhost

I'm getting Forbidden errors if I use a callback that's not on the verified domain list. I'm 100% sure almost all developers dev and test locally before going straight to their production site.

There has to be some solution. How can I do this?

I tried tunneling and that got so complicated, I couldn't get it to work any better that way.

YDN, please help!

by
6 Replies
  • Hi Koden,

    For security reasons, oauth_callback cannot point to a site
    different from the one used during registration and verification.

    You can register consumer key for a fake web site say "www.mysite.com"
    and skip the domain verification. Then in your development box,
    you can modify the hosts file to have "www.mysite.com" point to
    itself and configure your Web server to listen at "www.mysite.com".

    Thanks,
    Yu Wang
    Yahoo! Membership Team
    0
  • Hi Yu Wang,
    Thanks for the reply! I set up a sshd tunnel, and I created a key for it. I tried setting it up and tried to verify as well as skipping verification, but kept getting an error with the creation:

    Domain Verification Failed
    There was an internal error while an application is being created. Please try again.

    To tunnel I'm using http://github.com/progrium/localtunnel

    It's amazing we have to go through so much just to develop something as easy as OAuth isn't it? I could have been done in about 10 minutes, but this is taking me days. =( I just want to be able to test the callback.

    Let me know what I might be doing wrong.

    Thanks so much!

    QUOTE (omiga @ Aug 3 2010, 10:51 AM) <{POST_SNAPBACK}>
    Hi Koden,

    For security reasons, oauth_callback cannot point to a site
    different from the one used during registration and verification.

    You can register consumer key for a fake web site say "www.mysite.com"
    and skip the domain verification. Then in your development box,
    you can modify the hosts file to have "www.mysite.com" point to
    itself and configure your Web server to listen at "www.mysite.com".

    Thanks,
    Yu Wang
    Yahoo! Membership Team
    0
  • Hi Koden,

    If any part of your domain name doesn't start with letters,
    domain verification will fail. Is that the case? If not,
    can you please provide the domain name?

    The team that manages domain verification will relax the
    requirements on domain names though.

    Thanks,
    Yu Wang
    0
  • Hi Yu,
    The domain has a subdomain that starts with a number. I'm guessing that might be why it's breaking.

    I decided to try the method you had, where I don't verify the domain at all with a test app key, and that worked. I wish there was a "truer" way test this so that we wouldn't run into unknown situations in production. With Twitter OAuth and Facebook Graph API, I was always able to use localhost for testing without error. Out of curiosity, why does Yahoo put so many tough restrictions?

    Thanks!!

    QUOTE (omiga @ Aug 4 2010, 10:31 AM) <{POST_SNAPBACK}>
    Hi Koden,

    If any part of your domain name doesn't start with letters,
    domain verification will fail. Is that the case? If not,
    can you please provide the domain name?

    The team that manages domain verification will relax the
    requirements on domain names though.

    Thanks,
    Yu Wang
    0
  • Hi Koden,

    It is possible to launch localhost-based attacks, so our security
    policy disallows that.

    The team that manages domain verification will remove the requirement
    that any part of a domain should start with letters later.

    Thanks,
    Yu
    0
  • Thanks for clarifying!

    QUOTE (omiga @ Aug 6 2010, 01:03 PM) <{POST_SNAPBACK}>
    Hi Koden,

    It is possible to launch localhost-based attacks, so our security
    policy disallows that.

    The team that manages domain verification will remove the requirement
    that any part of a domain should start with letters later.

    Thanks,
    Yu
    0

Recent Posts

in OAuth General Discussion YDN SDKs