Yahoo OAuth 2.0 Guide¶
OAuth 2.0 is an updated version of the OAuth protocol that supercedes OAuth 1.0 and 1.0a. OAuth is an open standard for authorization that Yahoo uses to grant access to user data.
- OAuth 2.0 has some key distinctions from OAuth 1.0:
SSL for secure communication.
Signatures are no longer necessary.
Support for a variety of grant types and flows.
Supported Client Profiles¶
- Yahoo supports two primary client profiles:
Server-side Application: This consists of an application (client) hosted on a web server. Users access the application using an HTML based user agent. Client credentials and tokens issued are stored on the web server and are inaccessible to the user.
Client-side Application: In this profile, the client code is downloaded from a web server and runs within a user-agent on the user’s device. Credentials and tokens are accessible to the end user.
Migrating to OAuth 2.0 from OAuth 1.0a¶
If you have integrated with Yahoo using OAuth 1.0a, you do not need to re-authorize access to your app. Using the Explicit Grant flow, you can provide your original refresh token to receive a new OAuth 2.0 access token. For more information, refer to Step 5: Exchange refresh token for new access token.
Before You Begin¶
As with OAuth 1.0 you must first sign up and get both a Consumer Key and Consumer Secret.