0

way to use the oauth_session_handle

Hi,

I created a 3 Legged Authorization for a desktop application in C# my Idea now is export this a web-site but I am not sure the correct way to use the Oauth session Handle.

I Would like ask if I can safe this in a Cookie or in a file and Use this value for get the Authorization from yahoo with out show the pop-up where the user write the credentials.

by
3 Replies
  • Hi,

    Can you please explain in more details what you want to do?
    The oauth_session_handle is issued when user authorizes your
    application and it is a long-lived credential that stays valid
    until user revokes the permission. You should store it
    securely in your local system.

    Thanks,
    Yu Wang
    Yahoo! Membership Team
    0
  • QUOTE (omiga @ Dec 9 2010, 11:21 AM) <{POST_SNAPBACK}>
    Hi,

    Can you please explain in more details what you want to do?
    The oauth_session_handle is issued when user authorizes your
    application and it is a long-lived credential that stays valid
    until user revokes the permission. You should store it
    securely in your local system.

    Thanks,
    Yu Wang
    Yahoo! Membership Team


    Well thank you I going to explain a little more.

    First I am developing a application now is a Desktop application but in the future will be a Web-Site about the Fantasy Sport API(All is working I don't have problems with this).

    I think that for the user will be tired every time that open the web-site show a Log in for write the credentials and Write if he/she is agree to use the private data.


    My idea is save in a Cookie or in the database or in a XML File the Oauth_Session_Handle for avoid this step of the log-in.

    Next with this Oauth_Session_Handle get a new token.
    0
  • Hi,

    When you move your application to the Web, you may want to
    use GUID to uniquely identify a user:
    http://developer.yahoo.com/social/rest_api...d-resource.html

    Once a user goes through the OAuth authorization process,
    you can retrieve her GUID and use that as key to store her
    other data such as OAuth session handle. At the same time,
    you can issue a persistent cookie based on the GUID which is
    valid for some time. During this time, as long as she
    doesn't clear the cookie, she will still be recognized after
    she comes back again.

    The above is just one approach and you can certainly explore
    others.

    Thanks,
    Yu
    0

Recent Posts

in OAuth General Discussion YDN SDKs