This doc is a draft of the 2-legged OAuth 1.0 process...
Here is a signature generator that you can use to verify your generated strings and sigs...
Yahoo doesn't need the oauth_token parm at all so you can leave it out.
Otherwise, it's pretty much exact as RFC-5849 says it should be.
This URL is ready to send, except for the OAuth parms. You'd pass the URL to the OAuth code (either complete or broken down into its parts...depending on the library)...
Here's the URL as it gets sent to Yahoo with the OAuth parms (with my consumer key replaced with "abcde...")...
You should get back the requested resource.
I found the signature generator to be very useful. That will show you your mistakes in producing the base string and signature.
"When creating applications that only use public data, you do not need authorization from the end User. These types of applications are called two-legged in OAuth terminology because the authorization occurs between two parties: an application (the Consumer) and the public data source (the Service Provider).... Most Web services offering public data require two-legged authorization..."
I extracted the oauth_token_secret and the oauth_token( tho some say you dont need oauth_token). I don't need the xoauth_request_auth_url. (I think that is what I would need to pass to the user if it was for a three-legged authentication).
The oauth_signature is now : your Consumer Secret with a %26 and the value of oauth_token_secret. If your Consumer Secret was ABCD and the oauth_token_secret sent back from yahoo was ZYXABC your oauth_signature would now be:
Tip: a lot of the examples on Yahoo do not seem to work unless you have set your access Permissions. If trying out, say, a Fantasy Football example you would need to make sure you have set the permissions to allow your Consumer Key to be used to access that. This is done at the section on the bottom of the page when creating a project. In the section "Select APIs for private user data access": check the relevant boxes for the examples you are trying out (or maybe just select all for now). In fact some forum posts say you should check at least one box for authentication to work at all.
To create a Project, be logged in to Yahoo. Go here https://developer.yahoo.com/
Hover over you name over at the right of the menu bar. You will see an option "My Projects", that is the one you need to set up your Consumer Key and Consumer Secret.