OAuth Core 1.0 Rev A VS Core 1.0

What is the different between OAuth Core 1.0 Rev A and OAuth Core 1.0 in their :
a) Request Token (get_request_token) Request Parameters
cool.gif Request Token (get_request_token) Response Parameters ?

I am trying to get away the warning page, is it possible to do so?
According to the FAQ below, it seem like the warning is only for OAuth version without the "Rev A"?

Q. Why is Yahoo! warning users prior to OAuth authorization?
Due to the recently discovered session fixation security vulnerability, users are warned with new authorizations not based on the newly released OAuth Core 1.0 Rev A.


1 Reply
  • I don't speak for Yahoo, but I recently switched to using the new revision. As far as I can tell, the pertinent changes are:
    - You must now include the 'oauth_callback' parameter in the get_request_token request step instead of later in the request_auth step.
    - You must now extract the 'oauth_verifier' parameter from the request_auth response and include it in your get_token request.

    Note that the way you process the get_request_token response hasn't changed.

    That's my understanding. Corrections welcome.

Recent Posts

in OAuth General Discussion YDN SDKs