Chapter 5. Direct OAuth for Yahoo Messenger

Direct OAuth is an interface for rich clients (i.e., native applications and not browser-based webapps) to obtain a user's OAuth credentials directly. This is done by submitting the user's Yahoo ID and password without having to open a browser window.

Note that Direct OAuth is a proprietary interface, as standard OAuth does not allow applications to ask for username/password, and always requires a browser.


In Direct OAuth, the application submits the username, password, and consumer key to the login server to obtain a Pre-Approved Request Token (PART). After obtaining the PART, the consumer uses the standard Yahoo OAuth interface to obtain an Access Token, Access Token Secret, and access session handle (ASH). Note that it is strictly forbidden to store a Yahoo username or password locally on the device, or anywhere in your system. The OAuth Access Token makes it possible for you to login on behalf of the user once the username and password are authenticated.

Table of Contents