Chapter 1. Introduction

In this Chapter:

What is OAuth?

OAuth is an open protocol enabling an application to access end user information from a Web service when the application is authorized by the end user. The end user's information is securely transferred without revealing the identity of the user. For example, end users who want to run a photo sharing application on their profile pages need to allow the social network site to share personal data with that application. OAuth allows these end users to anonymously grant the photo sharing application access to their profile information.

OAuth verifies that requests by your application are actually yours and that you have permission to access potentially sensitive data for Yahoo users.

This document supplements the official OAuth documentation and explains how the authorization process works when using Yahoo Web services and APIs that require the three-legged OAuth model (a model that requires explicit consent from end users). For more information on the differences between two-legged and three-legged OAuth, refer to Private Data v. Public Data.


This document also reflects revisions to the OAuth Core 1.0 specification as shown in the OAuth Core 1.0 Rev. A specification. This revision requires the oauth_callback parameter earlier in the OAuth Authorization Flow and also introduces an extra parameter known as the OAuth Verifier.

Table of Contents