Chapter 2. OpenID + OAuth Authorization Flow

Here is how the overall flow of OpenID + OAuth authorization works:

OpenID and OAuth uses specific terminology to represent the developer and the entity that provisions authorization. In this case, the entity is Yahoo. The application or site that requires access to User data is known as the Consumer in OAuth and the Relying Party (RP) in OpenID. Yahoo is known as the Service Provider in OAuth and the OpenID Identity Provider (OP) in OpenID.

Sign Up for an OAuth Consumer Key

Before you can start making Yahoo API requests, you need to sign up and submit some details about your application.

To sign up, register your application. After registering your application, you will receive a Consumer Key, which identifies you to Yahoo. You will also receive a Consumer Secret you you must provide when requesting an Access Token. Save the Consumer Key and Secret so that you can use it into your code as required.


When you sign up for a Consumer Key, be aware that the scopes (permissions) are embedded within the Consumer Key and cannot be changed. If you change the scopes for a particular application, Yahoo issues a new Consumer Key.

Table of Contents