Chapter 4. OAuth Authorization Flow

Here is how the overall three-legged flow of OAuth authorization works:

Yahoo OAuth Authorization Flow

Figure 4.1. Yahoo OAuth Authorization Flow

OAuth uses specific terminology to represent the developer and the entity that provisions authorization. In this case, the entity is Yahoo. The application or site that requires access to User data is known as the Consumer, whereas Yahoo is known as the Service Provider.

Sign Up and Get a Consumer Key

Before you can start making Yahoo API requests, you need to sign up and submit some details about your application.

During registration, indicate the kinds of Yahoo User data (also called Scopes) you want to access. Later in the OAuth process, Yahoo will ask your Users if Yahoo should allow you to access their User data. For more information about Scopes, see Scopes section in this document.

To sign up, register your application. After registering your application, you will receive a Consumer Key which identifies you to Yahoo. You will also receive a Consumer Secret that will be required when asking for an Request Token. Save the Consumer Key and Secret so that you can use it into your code as required.


When you sign up for a Consumer Key, be aware that the scopes (permissions) are embedded within the Consumer Key and cannot be changed. If you change the scopes for a particular application, Yahoo issues a new Consumer Key.

Table of Contents