0

re: prevent repeat send of oauth confirmation email

Sorry for the re-post but I don't see how to revive a loose thread, and we're hoping to launch our integration soon. In the oauth login flow, after the user has logged-out of our site, is there any way to force him to re-enter his Yahoo password without receiving the confirmation email again? It seems like I can either

1. not use the (cached) access token, but this sends the confirmation email again
2. use the access token (whether or not it has expired), but this doesn't require the password (an expired token is refreshed by the PHP SDK)

thanks again,
John

by
1 Reply
  • QUOTE (john @ Nov 13 2009, 08:56 AM) <{POST_SNAPBACK}>
    Sorry for the re-post but I don't see how to revive a loose thread, and we're hoping to launch our integration soon. In the oauth login flow, after the user has logged-out of our site, is there any way to force him to re-enter his Yahoo password without receiving the confirmation email again? It seems like I can either

    1. not use the (cached) access token, but this sends the confirmation email again
    2. use the access token (whether or not it has expired), but this doesn't require the password (an expired token is refreshed by the PHP SDK)

    thanks again,
    John


    I think you want to use openid for authenticating users identity -- http://developer.yahoo.com/openid/, and oauth for obtaining an authorization to access a users guid. In the openid flow, you will not receive an email when logging in. In the OAuth flow, you get the access token. You can also used the combined openid+oauth flow to request an authorized request token during the signin process - http://developer.yahoo.com/oauth/guide/oauth-intro.html
    0

Recent Posts

in OAuth General Discussion YDN SDKs