Yahoo! Developer Network Blog
« Previous | Main | Next »
April 24, 2009
OAuth Update #2
On Wednesday, upon discovery of security issue within the OAuth protocol, we disabled the ability for users to authorize new applications via OAuth on Yahoo! (apps that had already been authorized were not affected). Obviously, this has been a challenge for you as developers since you haven’t been able to test any apps that rely on our Y!OS Updates, Social Directory, Status, Contacts, or Fire Eagle APIs .
After working on the problem yesterday, we’ve now decided to turn OAuth back on for developers testing their own apps on Yahoo!, but with the addition of a new interstitial warning screen preceding the normal Yahoo! OAuth permissions flow. Here's a screenshot of the warning screen:
Basically, we’ve decided to re-enable OAuth so that you can test your own apps and not slow down your development cycles. If you choose do so, we recommend creating a test account and using test data.
Please keep in mind that we are strongly discouraging Yahoo! end-users from authorizing new apps that use OAuth until this security issue is resolved.
As we mentioned yesterday, we’re actively working with the OAuth community to solve this security issue. Stay tuned for updates.
Best,
Allen Tom
Architect, Yahoo! Membership
Posted at April 24, 2009 1:16 PM | Permalink
Bookmark this on Delicious
Comments
Hi Yahoo Folks,
Thanks much for this. I really appreciate your very sensible approach to this and this allows room for everyone to continue while the issue is resolved.
Agan THANK You Very Much.
-Girish.
Posted by: Girish at April 25, 2009 9:17 AM
I can confirm that I can test my applications again.
Thanks for the update, your time, and help!
Posted by: Jesús at April 25, 2009 1:04 PM
Hi Girish and Jesus,
Thanks for your patience and glad we could find a solution that's manageable while we work on the issue.
Cheers,
-c
Cody Simms
Yahoo! Open Strategy (Y!OS) Platforms
Posted by: Cody Simms at April 26, 2009 8:41 AM
When will end-users be able to authorize apps again ?
Posted by: Geek Reloaded at May 3, 2009 9:12 AM
Is there any mobile site/page to do the login for oauth instead of current page. It is very difficult for mobile users to browse using this site.
Posted by: SSJ at May 21, 2009 2:21 AM
Post a comment
Comment Policy: We encourage comments and look forward to hearing from you. Please note that Yahoo! may, in our sole discretion, remove comments if they are off topic, inappropriate, or otherwise violate our Terms of Service. Fields marked with asterisk '*' are required.
Subscribe
YDN Blog: Get Yahoo! Developer Network Blog on your personalized My Yahoo! home page.
YDN Link Blog: Get Yahoo! Developer Network Linkblog on your personalized My Yahoo! home page.
Recent Blog Articles 
view all
YQL Open Table for Google Buzz now live
Tue, 09 Feb 2010
INSERT INTO twitter.status ...
Mon, 08 Feb 2010
Announcing the Yahoo! Brasil Open Hack Day 2010, 20-21 March
Mon, 08 Feb 2010
Marketing hacks, linchpins, and tech women of valor
Sun, 07 Feb 2010
Yahoo! India invites you to join the first India Hadoop Summit
Thu, 04 Feb 2010
Recent Links
Appcelerator Titanium + Yahoo YQL on Vimeo
Mon, 08 Feb 2010
Tue, 02 Feb 2010
PhoneGap | Cross platform mobile framework
Sat, 30 Jan 2010
Web developers can rule the iPad - O'Reilly Radar
Sat, 30 Jan 2010
rc3.org - Is the iPad the harbinger of doom for personal computing?
Thu, 28 Jan 2010
Archives
2010
2009
2008
2007
2006
2005
Recent Readers