0

The OAuth failed to work after 3 months

Hello~

I developed an application for accessing the delicious bookmark using OAuth 3 months ago,
the application was finish successfully, it can download/delete the online delicious bookmark through OAuth.

but.... today, the 3 months later, the OAuth failed to work......... it got the error in "HTTP/1.1 401 Authorization Required"
I have no idea at all... why after couple months.... OAuth failed to work.

here is my request URL:
https://api.login.yahoo.com/oauth/v2/get_re...tc.bookmark.com

Thanks in advance~~~~~
Clio

by
3 Replies
  • I have a very similar problem with Delicious. Seems to be to do with the oauth_callback parameter. It seems you now need to include a scheme (ie http:// or https://).

    So in your scenario if you change oauth_callback=www.htc.bookmark.com to oauth_callback=http://www.htc.bookmark.com it will work (I just tried it and it did).

    Unfortunately my problem is more complicated, I use a custom scheme so that Android can intercept and pass control back to my app, they seem to disallow custom schemes now, but that is for another thread.

    Dave
    0
  • QUOTE (David Allison @ Sep 14 2010, 04:36 AM) <{POST_SNAPBACK}>
    I have a very similar problem with Delicious. Seems to be to do with the oauth_callback parameter. It seems you now need to include a scheme (ie http:// or https://).

    So in your scenario if you change oauth_callback=www.htc.bookmark.com to oauth_callback=http://www.htc.bookmark.com it will work (I just tried it and it did).

    Unfortunately my problem is more complicated, I use a custom scheme so that Android can intercept and pass control back to my app, they seem to disallow custom schemes now, but that is for another thread.

    Dave


    Dear Dave~~~~~~~~~~~~

    thanks sooooooo much, it works after I add "http://"
    I am start wrong what else OAuth will updated after couple months........ > <

    Clio
    0
  • Hi David/Clio,

    We don't allow custom scheme as per our security policy, so only
    HTTP/HTTPS URL is allowed. Probably our recent changes to our
    OAuth servers plugged some holes that we left earlier.

    I would suggest you use the following workaround that should work
    with our security policies.

    - Register your application as Web-based and have your domain verified,
    say mysite.com

    - Use the standard Web flow to get request token and have oauth_callback
    URL to be something like http://mysite.com/oauth

    - Once you get the authorized request token and the verifier in the above
    oauth_callback URL, do another redirect from your Web server to your
    application's custom protocol handler:

    http://mysite.com/oauth?oauth_token=<to...lt;verifier>
    =>
    mycoolapp://mysite.com/oauth?oauth_token=<token>&oauth_verifier=<verifier>

    - Then your application should be able to use the request token and verifier
    to get the access token and then use it to call the Yahoo! APIs.

    I know this means extra work for you, however it will ensure that your
    application will work with our security policies. Also if your site can
    proxy OAuth requests for your applications, then you don't need to embed
    the consumer secret in your application that is installed on your users'
    computers.

    Thanks,
    Yu Wang
    Yahoo! Membership Team
    0

Recent Posts

in OAuth General Discussion YDN SDKs