Yahoo! Developer Network Blog
« Previous | Main | Next »
April 22, 2009
OAuth Update
Note: Please check out OAuth Update #2 for the most recent status of OAuth on Yahoo!.
As you may know, several Yahoo! APIs use OAuth, an open standard that lets users give a service permission to access the information they’ve stored with a third-party website without exposing their password and account information. The Yahoo! APIs that leverage OAuth include our Y!OS Social Directory, Contacts, Status, and Updates APIs, as well as Fire Eagle.
Recently, the folks at OAuth let us know about a potential security issue within the protocol. At Yahoo! we take the security and privacy of our users very seriously, and so for the time being we’ve disabled the ability for users to authorize new applications via OAuth. Applications that have already been authorized will not be affected.
We recognize the impact this has on you as developers and appreciate your patience. We’re continuing to evaluate the best way to move forward and are actively working with the OAuth community to resolve the issue.
Rest assured, we’re hoping to re-enable OAuth on Yahoo! as soon as practically possible. Please check back for updates on our progress, which will be posted here.
Best,
Allen Tom
Architect, Yahoo! Membership
Posted at April 22, 2009 7:41 PM | Permalink
Bookmark this on Delicious
Comments
Hello Tom. Just the obvious question I guess...
How long might it take to correct the issue?
Thanks!
Posted by: Jesús at April 22, 2009 11:04 PM
Thank you for the update. Is there any update or do you know how long it will take to fix the issue?thank you
Posted by: Chris at April 23, 2009 3:34 AM
Hi Jesus and Chris,
We're aiming to have an update for you as soon as later today.
Cheers,
-c
Cody Simms
Senior Director, Product Management
Yahoo! Open Strategy (Y!OS) Platforms
Posted by: Cody Simms at April 23, 2009 9:41 AM
Hi Tom,
If we developers could help you somehow, please don't hesitate to ask for any help.
Thank you raising your concerns.
Posted by: Ciro Anunciação at April 23, 2009 9:43 AM
Cody & Tom. Thanks for the update. Your help is much appreciated.
Posted by: Jesús at April 23, 2009 10:16 AM
If it takes a little longer, I hope Y! could put a well-noticeable warning message on the consumer's authorization page rather than having oAuth completely disabled.
Posted by: Ziru at April 23, 2009 10:21 AM
Hi Allen/Cody,
Is there an update on the OAuth status? I thought you guys were going to update before end of day (per Cody's post 4/23).
Anyway I agree with Ziru - instead of totally pulling the plug, why cant you post a meaningul error message or atleast have a stubbed out response, so that developers working on it can continue, while you guys go and address the protocol issue.
In this way everyone can continue on their work and test, while you have time to resolve it.
Thanks,
Girish,
Posted by: Girish at April 23, 2009 9:58 PM
Hi Yahoo Developers,
We definitely feel your pain, and we are working as hard as we can (into the wee hours of the night) to find a way to make things better. We'll hopefully have some news on Friday.
Allen Tom
Yahoo! Membership
Posted by: Allen Tom at April 24, 2009 12:44 AM
Hi Everyone,
Just pointing you to the update on this issue, here:
http://developer.yahoo.net/blog/archives/2009/04/oauth_update2.html
Thanks for your patience over the last few days.
Thanks,
-c
Cody Simms
Yahoo! Open Strategy
Posted by: Cody Simms at April 24, 2009 2:18 PM
Glad to have the oAuth back.
Thanks,
Posted by: Ziru at April 27, 2009 12:27 PM
yes
Posted by: araa at September 21, 2009 2:37 AM
There's a little typo here. The link to oauth update#2 in the note at the beginning points to this page itself instead of pointing to http://developer.yahoo.net/blog/archives/2009/04/oauth_update2.html
Posted by: Rahul at October 7, 2009 4:10 AM
Post a comment
Comment Policy: We encourage comments and look forward to hearing from you. Please note that Yahoo! may, in our sole discretion, remove comments if they are off topic, inappropriate, or otherwise violate our Terms of Service. Fields marked with asterisk '*' are required.
Subscribe
YDN Blog: Get Yahoo! Developer Network Blog on your personalized My Yahoo! home page.
YDN Link Blog: Get Yahoo! Developer Network Linkblog on your personalized My Yahoo! home page.
Recent Blog Articles 
view all
YQL Open Table for Google Buzz now live
Tue, 09 Feb 2010
INSERT INTO twitter.status ...
Mon, 08 Feb 2010
Announcing the Yahoo! Brasil Open Hack Day 2010, 20-21 March
Mon, 08 Feb 2010
Marketing hacks, linchpins, and tech women of valor
Sun, 07 Feb 2010
Yahoo! India invites you to join the first India Hadoop Summit
Thu, 04 Feb 2010
Recent Links
Appcelerator Titanium + Yahoo YQL on Vimeo
Mon, 08 Feb 2010
Tue, 02 Feb 2010
PhoneGap | Cross platform mobile framework
Sat, 30 Jan 2010
Web developers can rule the iPad - O'Reilly Radar
Sat, 30 Jan 2010
rc3.org - Is the iPad the harbinger of doom for personal computing?
Thu, 28 Jan 2010
Archives
2010
2009
2008
2007
2006
2005
Recent Readers