Y!OS OAuth

Get request_token error

Fri, 05 Feb 2010 23:34:55 -0800

i am trying ot connect with yahoo oauth.

I can get request_token when oauth_callback=oob
My request parameters like so.

CODEBOX

oauth_callback=oob
oauth_consumer_key=dj0yJmk9RzYwV0h2Sm5teENFJmQ9WVdrOVEweGFUMjh5TkhVbWNHbzlNVFV6T
lRRM05UUXlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD1iNg--
oauth_nonce=8527756
oauth_signature_method=HMAC-SHA1
oauth_timestamp=1265441153
oauth_version=1.0
xoauth_lang_pref=ZH-TW

Then i get the signature base string

CODEBOX

GET&https%3A%2F%2Fapi.login.yahoo.com%2Foauth%2Fv2%2Fget_request_token&oauth_callback%3Doob%26oauth_consumer_key%3Ddj0yJmk9RzYwV0h2Sm5teENFJmQ9WVdrOVEweGFUMjh5TkhVbWNHbzlNVFV6TlRRM05UUXlNQS0tJn
M9Y29uc3VtZXJzZWNyZXQmeD1iNg--%26oauth_nonce%3D8527756%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1265441153%26oauth_version%3D1.0%26xoauth_lang_pref%3DZH-TW

But when i specify the callback url, i get error 401
My request parameters like so.

CODEBOX

oauth_callback=http://a.b.c/test/TestYahoo.aspx
oauth_consumer_key=dj0yJmk9RzYwV0h2Sm5teENFJmQ9WVdrOVEweGFUMjh5TkhVbWNHbzlNVFV6T
lRRM05UUXlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD1iNg--
oauth_nonce=1113165
oauth_signature_method=HMAC-SHA1
oauth_timestamp=1265441423
oauth_version=1.0
xoauth_lang_pref=ZH-TW

Then i get the signature base string

CODEBOX

GET&https%3A%2F%2Fapi.login.yahoo.com%2Foauth%2Fv2%2Fget_request_token&oauth_callback%3Dhttp%3A%2F%2Fa.b.c%2Ftest%2FTestYahoo.aspx%26oauth_consumer_key%3Ddj0yJmk9RzYwV0h2Sm5teENFJmQ9WVdrOVEweGFUMjh5TkhVbWNHbzlNVFV6TlRRM05UUXlNQS0tJn
M9Y29uc3VtZXJzZWNyZXQmeD1iNg--%26oauth_nonce%3D1113165%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1265441423%26oauth_version%3D1.0%26xoauth_lang_pref%3DZH-TW

I think the signature base string error
So what am I doing wrong?

how do I get oauth_verifier

Thu, 04 Feb 2010 15:16:51 -0800

I am working with java, I got oauth token

String yahooLogin = "https://api.login.yahoo.com/oauth/v2/"
+ "request_auth?" + "oauth_token="+ yahooOauth_token

I send it to my javascript from java to open a new window
window.open(yahooLogin,'Yahoo Login','scrollbars=yes,resizable=yes, width=650,height=400')

but now I am confused, how would I get oauth_verifier. Once I click on complete button on yahoo login, I go get another window with www.site.com/oauth_token=ewvee2n&oauth_verifier=hqjqyh. But I dont know, how can I capture that response in my javascript.

Thanks ,
Sharan

how do I get oauth_verifier

Thu, 04 Feb 2010 15:16:51 -0800

Can you use document.location to get at the url?

Be sure you're setting the OAuth callback_url correctly too, so the OAuth provider can send the verifier back to the file containing your JavaScript.

QUOTE (Sharanjit @ Feb 4 2010, 03:16 PM) <{POST_SNAPBACK}>

I am working with java, I got oauth token

String yahooLogin = "https://api.login.yahoo.com/oauth/v2/"
+ "request_auth?" + "oauth_token="+ yahooOauth_token

I send it to my javascript from java to open a new window
window.open(yahooLogin,'Yahoo Login','scrollbars=yes,resizable=yes, width=650,height=400')

but now I am confused, how would I get oauth_verifier. Once I click on complete button on yahoo login, I go get another window with www.site.com/oauth_token=ewvee2n&oauth_verifier=hqjqyh. But I dont know, how can I capture that response in my javascript.

Thanks ,
Sharan

how do I get oauth_verifier

Thu, 04 Feb 2010 15:16:51 -0800

QUOTE (Erik @ Feb 5 2010, 09:25 AM) <{POST_SNAPBACK}>

Can you use document.location to get at the url?

Be sure you're setting the OAuth callback_url correctly too, so the OAuth provider can send the verifier back to the file containing your JavaScript.

Thanks, Eric. I was able to get the callback. Now I am stuck at getting contacts. In Yahoo contact api, it just mentions that we need to make a with guid: http://social.yahooapis.com/v1/user/"+ guid +"/contacts"; I am doing that, but get this error: Please provide valid credentials. OAuth oauth_problem="unable_to_determine_oauth_type", realm="yahooapis.com"

how do I get oauth_verifier

Thu, 04 Feb 2010 15:16:51 -0800

QUOTE (Sharanjit @ Feb 5 2010, 02:40 PM) <{POST_SNAPBACK}>

Thanks, Eric. I was able to get the callback. Now I am stuck at getting contacts. In Yahoo contact api, it just mentions that we need to make a with guid: http://social.yahooapis.com/v1/user/"+ guid +"/contacts"; I am doing that, but get this error: Please provide valid credentials. OAuth oauth_problem="unable_to_determine_oauth_type", realm="yahooapis.com"

my request: GET /v1/user/XLMJQDSNDXMSNBOEHW25ARJEWU/contacts HTTP/1.1: null}{Authorization: OAuth oauth_consumer_key=dj0yJmk9WUsyWFdJcnZFQW1uJmQ9WVdrOVRIcDFURFZGTXpnbWNHbzlOakUyT
1RVME5EazMmcz1jb25zdW1lcnNlY3JldCZ4PTA3
&oauth_nonce=-724317838
&oauth_signature_method=HMAC-SHA1
&oauth_timestamp=1265411383
&oauth_token=A%253DshFNFx3Lvl3523sl.eG6TNsTOebxlYf4OU.JClsJgZoZF2S8xLqTzpT_M7fZZGXEfitifsjL4kZ9
OQRTyiK6rNaixjJrAYb2JxfiCq5VYaJI11yfdPj5jpI6bieInHrxt956BxHHQ0RzGYNpnHariYBzT74SF
t_oAJXwkg0TpeIdNGXmIZxAh977HQJXXPv7KT6WYb4WE7jwPE_OyE5wtkp2yYi7joBw1V0oIAGZC5V6tE
RHTzx0H4M9xv7KcRyhjrfGzNgq.jvY4eFY1QZ6ov4bl_fXqPRMRfvNriGChTi6uW4amdNADH0Xq5J1de7
qUBRHCIrUYRliYX9EIAAwNOiTvMCZYihSpodRaMmYzGTYEOb49OLT09NVr5DNlerWcD7QTUNKJz4lTSqN
pDSCQaCP9_B8VgDxuK4i1A20lefEoyKXTUGixL4sGDvcSgXAt.oIkCchUQ7SOwKZPAF0QXYu7q9yi.qNu
9c1h2x0DcMa6_PvWM8xq1QgYcKH.ZDlGg0qYs6s_SNYXi8deLV1pLm6cdho_fUXrtFx0e44lKgiAK2J1r
BB8vdYm42oGTLaH2p7viwAwrhcDgfw0gS75uRo7LWYAlUTHjvjZe1JBCOZQbBjs5wbQ16eunF0gD.u5rz
e9_82QBYHldl3z9_RaSpvRGKhZtq4LnRGi7X77MVvndgu95tufEJFC.F.vrvZ7vyDJfwfK_zX9w--
&oauth_version=1.0&oauth_signature=e7099c305dc702280fe52ea0233379753425b3d7}
{User-Agent: Java1.6.0_05}{Host: social.yahooapis.com}{Accept: text/html, image/gif, image/jpeg, */*; q=.2}{Connection: Keep-Alive}{null: null}{null: null}

Trouble verifying domain

Thu, 04 Feb 2010 11:47:58 -0800

Hi,

I'm having issues verifying www.5ftshelf.com as an OAuth application. I have tried several times throughout the day and with several different file names. In all cases have verified the file is reachable in both the browser and with a wget. The error message I get when hitting the problem is:

"There was an internal error while an application is being created. Please try again."

If I remove the file I get a different error about not being able to get the file, so clearly the Yahoo servers are seeing the file. As per the instructions the file created is empty but googling around I noticed other people have had their oauth token in the file. This is not possible for me as I haven't been told the token at this point.

I am able to create a desktop app oauth key/secret but cannot use this to make requests from 5ftshelf.com presumably?

File in question is: http://www.5ftshelf.com/u7KdXYNmbXzTAL6pCmOyIw--.html

Any help appreciated,

George

Trouble verifying domain

Thu, 04 Feb 2010 11:47:58 -0800

I've heard of issues w/ subdomains containing a leading numeric character, so I suspect the problem is not on your side. I'll report your experience to the folks investigating this. The only workaround I can recommend for now is to use a domain or subdomain w/ a leading alpha char, eg example.com or sub.example.com

Trouble verifying domain

Thu, 04 Feb 2010 11:47:58 -0800

Thanks Eric - seems like a bit of an omission on Yahoo's part

Cannot register OAuth project on non-standard port

Wed, 03 Feb 2010 06:53:09 -0800

I want to register a dev version of my project on a webserver not on port 80 (8888 in fact). But this port is stripped out, initially at least when setting up the "confirmation" empty html page.

In theory I could temporarily assign my app to port 80, but not permanently (it's actually my router admin page), and I suspect the OAuth stuff needs a permanent base URL.

Anyone got any ideas?

Thanks

Yahoo Sampleapp in PHP SDK not working

Mon, 01 Feb 2010 22:40:23 -0800

Can you please help me in deploying the SampleApp in php sdk?
I am giving the correct parameters, but it is not working. hassession function keeps returning NULL.
Please help me in this issue.

THanks,
Prakash

how to get the email address using oauth

Wed, 27 Jan 2010 23:09:51 -0800

i bind the oauth to my system
but i found i can't get user email address:(
how can i get the full profile of user?

i have been use bbauth but only get user hash code

thank you very much!

how to get the email address using oauth

Wed, 27 Jan 2010 23:09:51 -0800

There are a number of social APIs that we have available that will allow you to capture information about the user:

To access the address book (or contacts) of a user to capture the e-mail (if available) then you can use the contacts API: http://developer.yahoo.com/social/contacts/

To capture the profile of the user you can use the social directory API: http://developer.yahoo.com/social/rest_api...al_dir_api.html

Both of those APIs use OAuth so you'll need to switch your authentication method to that as well.

Jonathan LeBlanc
Technology Evangelist
Yahoo! Developer Network
Twitter: @jcleblanc

how to get the email address using oauth

Wed, 27 Jan 2010 23:09:51 -0800

It appears that the user's email address cannot be captured. If you can try Yahoo! Social API Explorer ( http://zhouyaoji.com/apiexplorer/yahoo_soc...i_explorer.php), you'll see that returned user profile data does not include the email address.

Also, the page where you set up your application's permissions has the following paragraph:

Yahoo! Profiles - Required for OpenSocial

This API will allow your application access to user data marked as public or restricted to connections only on their Yahoo! Profile including shared connections lists. This does not include the users email address.

how to get the email address using oauth

Wed, 27 Jan 2010 23:09:51 -0800

Right - I wasn't suggesting that the social directory API could be used for the e-mail address, just the user's profile - my apologies for that confusion. The Contacts API, however, can be used to capture the e-mail addresses of your address book contacts, if available. I just tested this out and it works so you can use that for obtaining those e-mails. The only problem here is that the user will have had to have added an e-mail for that contact.

- Jon

how to get the email address using oauth

Wed, 27 Jan 2010 23:09:51 -0800

QUOTE (Jonathan LeBlanc @ Feb 3 2010, 07:20 AM) <{POST_SNAPBACK}>

Right - I wasn't suggesting that the social directory API could be used for the e-mail address, just the user's profile - my apologies for that confusion. The Contacts API, however, can be used to capture the e-mail addresses of your address book contacts, if available. I just tested this out and it works so you can use that for obtaining those e-mails. The only problem here is that the user will have had to have added an e-mail for that contact.

- Jon

Hi,

I have problem in grab address book from yahoo, i have read documentation from yahoo contact API and it do not provide any source code in C#.

Can everyone please help?

Many thanks.

Regards,
Kenneth

create My Project

Tue, 26 Jan 2010 23:07:34 -0800

create My Project is success, tips "Your API Key has been approved!"

but the Verified Application Domain filed is empty.
---------------------------------------------------------------------------------------

notes: i am running php srcipt is appear Fatal error: Call to a member function getSessionedUser() on a non-object in
apache log : Custom port is not allowed or the host is not registered with this consumer key.

create My Project

Tue, 26 Jan 2010 23:07:34 -0800

Please help me， Thank you very much。

create My Project

Tue, 26 Jan 2010 23:07:34 -0800

Perhaps this post will help you: http://developer.yahoo.net/forum/index.php...+port+-verified

They had the same problem.

delicious oAuth Request error (401)

Mon, 25 Jan 2010 15:41:45 -0800

Hiya, I'm trying to use oAuth to verify credentials for use with delicious. I'm working on a desktop application and I can get as far as Step 5/6/7-ish following your scale here (http://delicious.com/help/oauthapi).

Using the same core oAuth component that I use for Twitter (successfully), I'm having problems requesting tags for a URL. So I'm using "https://api.del.icio.us/v2/posts/suggest". I've written this in basic authentication using POST, so I plan on posting the URL parameter.

My attempt gives me the 401 authorization error.

Perhaps I'm not sending the correct information in the Auth Header? Here's what I'm sending as a base header: oauth_timestamp, oauth_nonce, oauth_signature_method, oauth_consumer_key, oauth_version, oauth_token.

Here's a sample written by the app:

CODE

OAuth realm="yahooapis.com", 
oauth_timestamp="1264459940",
oauth_nonce="cd9e5152b6c3af732d0a73060049042432cbe123",
oauth_signature_method="HMAC-SHA1",
oauth_consumer_key="{removed}",
oauth_version="1.0", 
oauth_token="A%25253Dca0nce_i4A5SIdKVlFIchXUPEQRfL9.rCk2dH75i.ZnMlJmvdQ6WfjBXvejaopGIBTMmLae7rN
pMMzhdB737VGk3zTqD5KYovuoAk6UO2GPWP4Z_fuQuBbbjU5waj.SilSSChHxEUGz_4LEIWGXWabS4VZW
oz.dTR0OiAMdaJWoiiIp3LAg5uh3n3uveW1J4mMqnPPvigjotISw0QGtb5InAx2ECwJvyo8dacjxD9srd
jFYuE6Zsp5TwJ9hJAKTstSBwa_Me3WWW8XmAF9dShuFgds4Q5yhOAH_0Uhcsm63w9qFnSrjS8iWpIkV04
Iz.dVEePldo1zyyyObU74blYYaccAAWhq0F2FzTn210pPW_F.s2hd9qZxl7mQ217hTpItAcN3H_mQAbZk
z99d0ar16XxXxjoqvorjZn8GG4FKJpF5CctbHyz5OtZUc571XTiJR.d63vboKchLRpUma4RLEHywj4.9x
.Ipjjnb.CIfj8TEzK7gRGVeUCUQFujoDgFQQQkYnA6eFphUAHKwsO3GvPb7ZK0BX4zuNefJEHl7dVEf5q
l57BkQ24YxnpexwR_lH3bTN_lTK5RCE9W2HEK47vx6Rhl41tlhgp5hEeV4m5d6WvWL65cBwWCsFXU63gs
YJNlKAnferyaST8tBgC3EgujjPTlWBvfiHMwfNYV3JtWIt.hmpuzBaMRaQMNN14rIThAJrKyg9BFv42IZ
EAN926MjvUPs8jwC5h04_5qb99AmdjEPU-",
url="http%253A%252F%252Fwww.thestar.com%252Fsports%252Farticle%252F755489--nancy-kerrigan-s-brother-charged-after-father-found-dead%253Fbn%253D1", 
oauth_signature="mN%2Bfm%2BUrAfuaCxnNUNs9Z8XPU5Q%3D"

Is there anything else needed (or not needed)?
I've read a few posts noting an inconsistent oauth_token on Yahoo's side (http://developer.yahoo.net/forum/index.php?showtopic=549). I however tried keeping an unencoded version, encoding, and encoding twice. All with no avail.

I've also tried taking the url parameter out of the header (scraping for reasons), and that didn't work either.

Any suggestions?

delicious oAuth Request error (401)

Mon, 25 Jan 2010 15:41:45 -0800

Nothing Yahoos?

delicious oAuth Request error (401)

Mon, 25 Jan 2010 15:41:45 -0800

The host for the OAuth requests should be http://api.del.icio.us, not https://api.del.icio.us.
Hopefully that's all.

Chris

delicious oAuth Request error (401)

Mon, 25 Jan 2010 15:41:45 -0800

QUOTE (Chris D @ Feb 4 2010, 03:39 PM) <{POST_SNAPBACK}>

The host for the OAuth requests should be http://api.del.icio.us, not https://api.del.icio.us.
Hopefully that's all.

Chris

Thanks I just tried that. I re-coded my delicious request to use GET instead of POST. I'm just trying whatever I can to make it work.
I get the invalid signature error.

Here is my plain text signature:

CODE

GET&http%3A%2%2Fapi.del.icio.us%2Fv2%2Fposts%2Fadd
&description%3DTest
%26oauth_callback%3Doob
%26oauth_consumer_key%3D{removed}
%26oauth_nonce%3D3fcff6d54e498592716fdd5fcf00e43579e42b86
%26oauth_signature_method%3DHMAC-SHA1
%26oauth_timestamp%3D1265328235
%26oauth_token%3DA%3DTRn7ShHjpwOQqAqA62.vI7VVEPSN0Rvh_J2TzgGHfKS_9_j_ES4ZJYDeaTzONJAI_Zrihe2ekxinis
SxQk5vaB1sLxTHm9wzfY0TJ87rhQYVJ6JYEamueDcHpQ6Unp_Bo2ptV9Aw9cwCXm81ovMvHMBhHPLJ6IF
M63XU2gWaFUkoa6RiM.E7eAPtoMzHWxjTg1v8IWd7NJGfh.MDQQTCPC837yBCN8nPb6y8h.dRThLauxT3
27sNQ0TQpjM0TIlGT9Byo_jJjIArzsgJBdREqWlDje_w6WU1JW4N5mdsdWuM.jV9OFN7m8E518_2pK8z0
Qe68ZZlx6iKUsorApAxhWU9gHbDHiFX7qcz2Dv8iGRaMSEPC5SNTsMgWpWYeC.PStxaIJi2Uj0BNQOLre
wcv7B1k2b0vUxbcBe_XyGrG3LSQ5tRoG2aXPw.KB15E0NyaBk5JIoWbCm3Lfhn7A2DkO31HD3Ui0nz11l
x.Px.BURs.uyuK1rt4k3BN_l2wprjHOcg7ZPj.H9IYeDGeS0MCoBpUzgkzLoLzOBmVUx7agKkOkaQ41Zu
.tUbqrxj4AxIM7cOFOwbacw8YlYot22vQAUTJnejHofTuktXGL4floyDuhQ9tv6Qsc5oRwx03vBf5Pdq3
MKxd8IwiNLMbvL5n9JtEr0Tw1PjXGqciF9Us3gAxiyuMAPJa7al2eCiMYeg6B8K1viXIryVIgSVCMhY0n
y4F2qQmYvHbaIGpZU9j3nGJt.i1Ug-
%26oauth_version%3D1.0
%26url%3Dhttp%3A%2F%2Fgoogle.com

I encode this using HMAC-SHA1. The algorithm works perfect for Twitter, so I'm certain it isn't the plaintext to encrypted process.
Also, I've tried using unencoded &'s inbetween each parameter. Finally, I also tried using %26 inbetween each parameters (including the GET and url, and url and the first parameter).

Anything missing or wrong in this header?

delicious oAuth Request error (401)

Mon, 25 Jan 2010 15:41:45 -0800

QUOTE (Will @ Feb 4 2010, 05:37 PM) <{POST_SNAPBACK}>

Thanks I just tried that. I re-coded my delicious request to use GET instead of POST. I'm just trying whatever I can to make it work.
I get the invalid signature error.

Here is my plain text signature:
CODE
GET&http%3A%2%2Fapi.del.icio.us%2Fv2%2Fposts%2Fadd
&description%3DTest
%26oauth_callback%3Doob
%26oauth_consumer_key%3D{removed}
%26oauth_nonce%3D3fcff6d54e498592716fdd5fcf00e43579e42b86
%26oauth_signature_method%3DHMAC-SHA1
%26oauth_timestamp%3D1265328235
%26oauth_token%3DA%3DTRn7ShHjpwOQqAqA62.vI7VVEPSN0Rvh_J2TzgGHfKS_9_j_ES4ZJYDeaTzONJAI_Zrihe2ekxinis
SxQk5vaB1sLxTHm9wzfY0TJ87rhQYVJ6JYEamueDcHpQ6Unp_Bo2ptV9Aw9cwCXm81ovMvHMBhHPLJ6I
F
M63XU2gWaFUkoa6RiM.E7eAPtoMzHWxjTg1v8IWd7NJGfh.MDQQTCPC837yBCN8nPb6y8h.dRThLauxT
3
27sNQ0TQpjM0TIlGT9Byo_jJjIArzsgJBdREqWlDje_w6WU1JW4N5mdsdWuM.jV9OFN7m8E518_2pK8z
0
Qe68ZZlx6iKUsorApAxhWU9gHbDHiFX7qcz2Dv8iGRaMSEPC5SNTsMgWpWYeC.PStxaIJi2Uj0BNQOLr
e
wcv7B1k2b0vUxbcBe_XyGrG3LSQ5tRoG2aXPw.KB15E0NyaBk5JIoWbCm3Lfhn7A2DkO31HD3Ui0nz11
l
x.Px.BURs.uyuK1rt4k3BN_l2wprjHOcg7ZPj.H9IYeDGeS0MCoBpUzgkzLoLzOBmVUx7agKkOkaQ41Z
u
.tUbqrxj4AxIM7cOFOwbacw8YlYot22vQAUTJnejHofTuktXGL4floyDuhQ9tv6Qsc5oRwx03vBf5Pdq
3
MKxd8IwiNLMbvL5n9JtEr0Tw1PjXGqciF9Us3gAxiyuMAPJa7al2eCiMYeg6B8K1viXIryVIgSVCMhY0
n
y4F2qQmYvHbaIGpZU9j3nGJt.i1Ug-
%26oauth_version%3D1.0
%26url%3Dhttp%3A%2F%2Fgoogle.com
I encode this using HMAC-SHA1. The algorithm works perfect for Twitter, so I'm certain it isn't the plaintext to encrypted process.
Also, I've tried using unencoded &'s inbetween each parameter. Finally, I also tried using %26 inbetween each parameters (including the GET and url, and url and the first parameter).

Anything missing or wrong in this header?

Hi Will,

It looks like your Base String is not correctly built.
When you build the string with all the parameters, you need to ensure the values are url-encoded. From above, you have:
%26url%3Dhttp%3A%2F%2Fgoogle.com
whereas it should be
%26url%3Dhttp%253A%252F%252Fgoogle.com

You need to build it up as param1=¶m2= etc
and then url-encode the whole string (as you have done above).

Chris

delicious oAuth Request error (401)

Mon, 25 Jan 2010 15:41:45 -0800

QUOTE (Chris D @ Feb 5 2010, 08:37 AM) <{POST_SNAPBACK}>

Hi Will,

It looks like your Base String is not correctly built.
When you build the string with all the parameters, you need to ensure the values are url-encoded. From above, you have:
%26url%3Dhttp%3A%2F%2Fgoogle.com
whereas it should be
%26url%3Dhttp%253A%252F%252Fgoogle.com

You need to build it up as param1=¶m2= etc
and then url-encode the whole string (as you have done above).

Chris

OK, I fixed that problem. Thanks for the quick reply. I still get invalid signature. I've played around a bit with different settings and can't get anything to work yet.

Hopefully you can help. Here's the new signature I make (before HMAC-SHA1):

CODE

GET
&http%3A%2F%2Fapi.del.icio.us%2Fv2%2Fposts%2Fadd
&description%3Dt
%26oauth_callback%3Doob
%26oauth_consumer_key%3D{removed}
%26oauth_nonce%3De2a50fc6562f7760239556bbc8fbc7fec871ad69
%26oauth_signature_method%3DHMAC-SHA1
%26oauth_timestamp%3D1265413180
%26oauth_token%3DA%253DdE7Gj_zAozykUQMG3NjutS_qe6tjpk.Z5.42gZK4HQv2yk3E.GAt_H.dSoevFBNWMuf2loifyMHc
AB00zugEEh8Thk.jJAL1N7ZZDAax7ToBgi.gYjK0vUaLEaAdic.hejEUwmdi6QTdo6xv.e0FjRjXOMD.N
CTwssYohGtsyNAbab3I2lCLAJOV8m8Wt22HplZUs0zbfe2vSeAhxqwUuZATp9F.OEhP7ZgCCWq8X4DFTz
rKUEu9vl3lrl4feGfqYWz0BcePfoHrFy3iiVPNxfQDiSjvqIhsFOxAlM7FyuWv2i9NZWIFUverGFKtK9A
WdAywFQ6i8wsOPuEmflw1eSU3Mbq13clmHqY6_wGztWLw..PeBiTbImGd9fzyCZJV_60p0n49RFh8x5eD
hStswKj9piEtkMgqcT8Ou9Zk1NBiLRyoa98gCiphbxoE4qr3PrJ1YsnBAsZ9v5ZXe5gy27ORGP2DIU_Mr
seUEFhFmdwKF22mhdcZpmLfbIBTKpqv6RxaaENPry7j3oct0Np5wyDf5CBWS1_arLu2ihtfSD2D2UqUBU
1IQLEjzW6WGAYWqTxxk104fc2JCptTgatHfQV7FWuzePUnwR1oX8ZjcAfuVOlJPwFjWsvcEc1aCEuatbf
EfvfdxILBZEkDNvXSHo6YG8lmliWGJtBhgFw4XR.oLR5PoQTLxAGHFwHD_GdhKQOz0i2L_mUTXVYTA.vQ
.7Rp2kQ4RUJX9_in5ymUQ39OgviQzMU-
%26oauth_version%3D1.0%26url%3Dhttp%253A%252F%252Fgoogle.com

As you can see, I fixed the encoding problem you pointed out.
When I sign with HMAC, I use "&".
Then I build the URL string before the actual request. Using the standard GET format:
?=&=&.....

So here's a sample of my url:

CODE

http://api.del.icio.us/v2/posts/add
?oauth_token=A%3DdE7Gj_zAozykUQMG3NjutS_qe6tjpk.Z5.42gZK4HQv2yk3E.GAt_H.dSoevFBNWMuf2loifyMHcAB
00zugEEh8Thk.jJAL1N7ZZDAax7ToBgi.gYjK0vUaLEaAdic.hejEUwmdi6QTdo6xv.e0FjRjXOMD.NCT
wssYohGtsyNAbab3I2lCLAJOV8m8Wt22HplZUs0zbfe2vSeAhxqwUuZATp9F.OEhP7ZgCCWq8X4DFTzrK
UEu9vl3lrl4feGfqYWz0BcePfoHrFy3iiVPNxfQDiSjvqIhsFOxAlM7FyuWv2i9NZWIFUverGFKtK9AWd
AywFQ6i8wsOPuEmflw1eSU3Mbq13clmHqY6_wGztWLw..PeBiTbImGd9fzyCZJV_60p0n49RFh8x5eDhS
tswKj9piEtkMgqcT8Ou9Zk1NBiLRyoa98gCiphbxoE4qr3PrJ1YsnBAsZ9v5ZXe5gy27ORGP2DIU_Mrse
UEFhFmdwKF22mhdcZpmLfbIBTKpqv6RxaaENPry7j3oct0Np5wyDf5CBWS1_arLu2ihtfSD2D2UqUBU1I
QLEjzW6WGAYWqTxxk104fc2JCptTgatHfQV7FWuzePUnwR1oX8ZjcAfuVOlJPwFjWsvcEc1aCEuatbfEf
vfdxILBZEkDNvXSHo6YG8lmliWGJtBhgFw4XR.oLR5PoQTLxAGHFwHD_GdhKQOz0i2L_mUTXVYTA.vQ.7
Rp2kQ4RUJX9_in5ymUQ39OgviQzMU-
&oauth_consumer_key={removed}
&oauth_signature_method=HMAC-SHA1
&oauth_version=1.0
&oauth_timestamp=1265413180
&oauth_nonce=e2a50fc6562f7760239556bbc8fbc7fec871ad69
&description=t
&url=http%3A%2F%2Fgoogle.com
&oauth_signature=7dQujlY9V4RXE9wCbF4PTmP3gYc=

Any ideas why that is getting invalid signature? Thanks!

delicious oAuth Request error (401)

Mon, 25 Jan 2010 15:41:45 -0800

Hey Will,

Not quite sure, but you might want to take a look at this.http://delicious.com/help/oauthapi
Apologies for the formatting, but it might help.

The other thing to try is to hit an api that doesn't require any parameters, since this is usually where the problems creep in.

Sorry I can't offer any more advice.
Chris

Yahoo oauth error..

Mon, 18 Jan 2010 11:02:00 -0800

I am using http://blog.floehopper.org/articles/2010/0...g-the-oauth-gem and had it work successfully once...

For the last 4 days Ihave been getting this error:

Yahoo! is experiencing some difficulties in processing your request. This is most probably a temporary technical issue, so please try again shortly. [95021]

Is anyone else having this issue?

Yahoo oauth error..

Mon, 18 Jan 2010 11:02:00 -0800

QUOTE (Greg @ Jan 18 2010, 11:02 AM) <{POST_SNAPBACK}>

I am using http://blog.floehopper.org/articles/2010/0...g-the-oauth-gem and had it work successfully once...

For the last 4 days Ihave been getting this error:

Yahoo! is experiencing some difficulties in processing your request. This is most probably a temporary technical issue, so please try again shortly. [95021]

Is anyone else having this issue?

Where in the oauth flow are you getting this error?

Yahoo oauth error..

Mon, 18 Jan 2010 11:02:00 -0800

How frequently are you making calls to the API? If you don't put in a delay in between calls, maybe you're being throttled.

From the Delicious API docs :-

QUOTE

Please wait AT LEAST ONE SECOND between queries, or you are likely to get automatically throttled. If you are releasing a library to access the API, you MUST do this. Please watch for 500 or 999 errors and back-off appropriately. It means that you have been throttled.

Cheers, James.

Ruby wrapper for the Delicious v2 API using the OAuth gem

Thu, 14 Jan 2010 09:32:03 -0800

I've just written up how I used the Delicious API from a Ruby script using the OAuth gem.

I thought some people here might find it useful.

Cheers, James.

Ruby wrapper for the Delicious v2 API using the OAuth gem

Thu, 14 Jan 2010 09:32:03 -0800

James, could you give a bit more instruction on how to use your code?
I just wanted to post URLs to delicious from within Emacs/w3m, and this
is turning into a huge development saga! I have obtained an API key
and shared secret, but the instructions at

http://delicious.com/help/oauthapi

seem hugely complicated for the task I have in mind. There was once
a time when this task would have been simple, as in

http://www.emacswiki.org/emacs/.emacs-w3m-thierry.el

but apparently now it is hugely complicated. Any help you can offer
would be appreciated!

Ruby wrapper for the Delicious v2 API using the OAuth gem

Thu, 14 Jan 2010 09:32:03 -0800

You have my sympathy.

I'm happy to try and help, but you're going to have to ask more specific questions.

And, just to warn you, I'm not very familiar with Emacs.

Are you hoping to use a Ruby script similar to mine or are you wanting to write your own equivalent script in a different language?

Cheers, James.

oauth_problem=consumer_key_unknown

Wed, 13 Jan 2010 02:25:21 -0800

Hi, I'm keep getting oauth_problem=consumer_key_unknown error when trying oauth https://api.login.yahoo.com/oauth/v2/get_request_token
I'm pretty sure my consumer key is correct because it works locally. Just keep giving me oauth_problem=consumer_key_unknown when I upload it to my server. Any ideas?

oauth_problem=consumer_key_unknown

Wed, 13 Jan 2010 02:25:21 -0800

Hi Ben, here is a list of the standard OAuth error codes that you may encounter: http://developer.yahoo.com/oauth/guide/oauth-errors.html

Is the domain that you registered your app with the same domain that you are running the code from? Could you please post the full response headers from the request?

Jonathan LeBlanc
Technology Evangelist
Yahoo! Developer Network
Twitter: @jcleblanc

Server hangup

Fri, 08 Jan 2010 00:01:43 -0800

I am experiencing server hangup for more than a week trying to access Stock Historical data. m y computer is runing Wndows7.
While on a coputer running Windows Vista this probelm does not arises....

anyone has a soution o this problem..?

Server hangup

Fri, 08 Jan 2010 00:01:43 -0800

QUOTE (Chezl @ Jan 8 2010, 12:01 AM) <{POST_SNAPBACK}>

I am experiencing server hangup for more than a week trying to access Stock Historical data. m y computer is runing Wndows7.
While on a coputer running Windows Vista this probelm does not arises....

anyone has a soution o this problem..?

Can you provide code the reproduces the problem? Our APIs appear to be functioning as expected.

Server hangup

Fri, 08 Jan 2010 00:01:43 -0800

I have same problem. The only download that gives me that error is the 'Historical Prices' on the Yahoo stock quotes pages.
Everything elso is working OK.
I wrote to Yahoo (twice) and they say they will check on it and get back to me. This is for about a month now. I use xp pro.
If anyone has anything else to try pls. let me know. ronkr@optimum.net thanks

After logging in, user is not returned to my callback url

Mon, 04 Jan 2010 09:52:40 -0800

I just want to make a script that posts some links to my own delicious account. It will never be used for another delicious account. Before Yahoo, this was so easy.

So, after getting my request token, I create my yahoo log in url in the form:

CODE

echo "<p><a href=\"";
echo $xoauth_request_auth_url;
echo "&oauth_nonce=".$nonce;
echo "&oauth_timestamp=".$timestamp;
echo "&oauth_consumer_key=".$consumer_key;
echo "&oauth_signature_method=plaintext&oauth_signature=".$secret."%26";
echo "&oauth_version=1.0&xoauth_lang_pref=en-us&oauth_callback=".callback;
echo "\">Log In</a></p>";

For callback, I have tried with and without my domain. Both times, after logging in, I'm sent to a yahoo page:
https://api.login.yahoo.com/oauth/v2/AQEar/...verifier=wq6yu9

that AQEar/yahoo/delicious_post is my callback, but why does it not send this back to my own domain? If api.login.yahoo etc. was replaced with my domain, I could proceed to the next step. I'm pretty sure once i get the verifier, I'd be just fine, but the verifier never comes back to my script.

Also, when getting my request token, if I provide the domain in that callback url, I get an OAuth Error: Custom port is not allowed or the host is not registered with this consumer key.

It's not a custom port, so it must be the host not being registered. My consumer key is correct. The Application URL in Yahoo's Project Details is the full (domain included) url of my script. Where else can I "register" my domain with this consumer key?

If anyone has any ideas, I would be extremely grateful.
Thank you.
-Ed

After logging in, user is not returned to my callback url

Mon, 04 Jan 2010 09:52:40 -0800

QUOTE (Esip @ Jan 4 2010, 09:52 AM) <{POST_SNAPBACK}>

I just want to make a script that posts some links to my own delicious account. It will never be used for another delicious account. Before Yahoo, this was so easy.

So, after getting my request token, I create my yahoo log in url in the form:
CODE
echo "<p><a href=\"";
echo $xoauth_request_auth_url;
echo "&oauth_nonce=".$nonce;
echo "&oauth_timestamp=".$timestamp;
echo "&oauth_consumer_key=".$consumer_key;
echo "&oauth_signature_method=plaintext&oauth_signature=".$secret."%26";
echo "&oauth_version=1.0&xoauth_lang_pref=en-us&oauth_callback=".callback;
echo "\">Log In</a></p>";
For callback, I have tried with and without my domain. Both times, after logging in, I'm sent to a yahoo page:
https://api.login.yahoo.com/oauth/v2/AQEar/...verifier=wq6yu9

that AQEar/yahoo/delicious_post is my callback, but why does it not send this back to my own domain? If api.login.yahoo etc. was replaced with my domain, I could proceed to the next step. I'm pretty sure once i get the verifier, I'd be just fine, but the verifier never comes back to my script.

Also, when getting my request token, if I provide the domain in that callback url, I get an OAuth Error: Custom port is not allowed or the host is not registered with this consumer key.

It's not a custom port, so it must be the host not being registered. My consumer key is correct. The Application URL in Yahoo's Project Details is the full (domain included) url of my script. Where else can I "register" my domain with this consumer key?

If anyone has any ideas, I would be extremely grateful.
Thank you.
-Ed

You must use the same domain that was used when creating the oauth consumer key + secret -- https://developer.apps.yahoo.com/projects.

Problem with refresh_access_token

Sun, 27 Dec 2009 18:02:48 -0800

I am trying to make the yahoo.application.OAuthApplication.refresh_access_token using the python sdk. Below is the stack trace when i make the call. Basically yahoo API complains that oauth_parameters are missing. Can anyone help me debug this issue.

Thanks
Vivek Puri

CODEBOX

12-27 05:53PM 05.498
fetch_access_token oauth_request.to_header('yahooapis.com'): {'Authorization': 'OAuth realm="yahooapis.com", oauth_nonce="24743187", oauth_session_handle="session handle here", oauth_consumer_key="consumer key here", oauth_timestamp="1261965185", oauth_signature_method="PLAINTEXT", oauth_version="1.0", oauth_token="valid token here", oauth_signature="valid sig here"'}
I 12-27 05:53PM 05.800
fetch_access_token request HTTP status code: 401
I 12-27 05:53PM 05.953
fetch_access_token request HTTP response content: oauth_problem=parameter_absent&oauth_parameters_absent=oauth_consumer_key,oauth_token,oauth_signature_metho
d,oauth_signature,oauth_timestamp,oauth_nonce
E 12-27 05:53PM 05.953
from_string() takes exactly 1 argument (0 given)
Traceback (most recent call last):
  File "/base/python_lib/versions/1/google/appengine/ext/webapp/__init__.py", line 507, in __call__
    handler.get(*groups)
  File "/base/data/home/apps/linksalpha/116.338756193947541816/api/pubyahoo.py", line 25, in get
    oauthapp.token = oauthapp.refresh_access_token(oauthapp.token)
  File "/base/data/home/apps/linksalpha/116.338756193947541816/yahoo/application.py", line 88, in refresh_access_token
    self.token = self.client.fetch_access_token(request)
  File "/base/data/home/apps/linksalpha/116.338756193947541816/yahoo/oauth.py", line 172, in fetch_access_token
    return AccessToken.from_string()
TypeError: from_string() takes exactly 1 argument (0 given)

Problem with refresh_access_token

Sun, 27 Dec 2009 18:02:48 -0800

QUOTE (Vivek Puri @ Dec 27 2009, 06:02 PM) <{POST_SNAPBACK}>

CODE

12-27 05:53PM 05.498
fetch_access_token oauth_request.to_header('yahooapis.com'): {'Authorization': 'OAuth realm="yahooapis.com", oauth_nonce="24743187", oauth_session_handle="session handle here", oauth_consumer_key="consumer key here", oauth_timestamp="1261965185", oauth_signature_method="PLAINTEXT", oauth_version="1.0", oauth_token="valid token here", oauth_signature="valid sig here"'}
I 12-27 05:53PM 05.800
fetch_access_token request HTTP status code: 401
I 12-27 05:53PM 05.953
fetch_access_token request HTTP response content: oauth_problem=parameter_absent&oauth_parameters_absent=oauth_consumer_key,oauth_token,oauth_signature_metho
d,oauth_signature,oauth_timestamp,oauth_nonce
E 12-27 05:53PM 05.953
from_string() takes exactly 1 argument (0 given)
Traceback (most recent call last):
  File "/base/python_lib/versions/1/google/appengine/ext/webapp/__init__.py", line 507, in __call__
    handler.get(*groups)
  File "/base/data/home/apps/linksalpha/116.338756193947541816/api/pubyahoo.py", line 25, in get
    oauthapp.token = oauthapp.refresh_access_token(oauthapp.token)
  File "/base/data/home/apps/linksalpha/116.338756193947541816/yahoo/application.py", line 88, in refresh_access_token
    self.token = self.client.fetch_access_token(request)
  File "/base/data/home/apps/linksalpha/116.338756193947541816/yahoo/oauth.py", line 172, in fetch_access_token
    return AccessToken.from_string()
TypeError: from_string() takes exactly 1 argument (0 given)

Hi Vivek,

It looks like there was an oauth error that was not handled properly. I checked the tests and they work as expected for the python sdk, can you provide the complete http request/response?

Problem with refresh_access_token

Sun, 27 Dec 2009 18:02:48 -0800

QUOTE (Dustin Whittle @ Jan 4 2010, 04:58 PM) <{POST_SNAPBACK}>

Hi Vivek,

It looks like there was an oauth error that was not handled properly. I checked the tests and they work as expected for the python sdk, can you provide the complete http request/response?

If you enable debugging in the python sdk, you can check the application log for the complete http request/response. Otherwise, you can run the appengine dev server and print the request response. I am most interested in the oauth_error that is return in the http headers. The following should work given valid ck/cks/app id/callback:

app = yahoo.application.OAuthApplication(CONSUMER_KEY, CONSUMER_SECRET, APPLICATION_ID, CALLBACK_URL, ACCESS_TOKEN)
app.token = self.oauthapp.refresh_access_token(self.oauthapp.token)
profile = app.getProfile()

print profile

I took the sample from the test here: http://github.com/yahoo/yos-social-python/..._application.py

callback url

Sun, 27 Dec 2009 00:48:44 -0800

i am trying ot connect with yahoo oauth.
when i specify the callback url to be: http://lehavi.com/YahooOauth.aspx everything works fine.
but when i specify http://lehavi.com:2358/YahooOauth.aspx it does not work.
my application url is http://lehavi.com:2358.

what can the problem be?

callback url

Sun, 27 Dec 2009 00:48:44 -0800

Hi Daniel,

Specifying custom ports is disallowed. Your app must be available on port 80.

QUOTE (Daniel @ Dec 27 2009, 12:48 AM) <{POST_SNAPBACK}>

i am trying ot connect with yahoo oauth.
when i specify the callback url to be: http://lehavi.com/YahooOauth.aspx everything works fine.
but when i specify http://lehavi.com:2358/YahooOauth.aspx it does not work.
my application url is http://lehavi.com:2358.

what can the problem be?

OAuth get_request_token

Wed, 16 Dec 2009 11:52:20 -0800

I have been working with the OAuth process for a few days now. Unfortunately I have not been able to get the OAuth get_request_token process working using PHP. I have only been able to get the following message. All of the parameters for this call are being sent through the Authorization OAuth header. I have tried creating different projects through the Yahoo “My Projects” process. Each time I have made sure to click the OAuth checkbox for Contacts and etc. Below is the output that I receive from your servers. Let me know if there is anything else that I need to provide you.

https://api.login.yahoo.com/oauth/v2/get_request_token

Header:
HTTP/1.1 401 Forbidden
Date: Wed, 16 Dec 2009 19:32:48 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

OAuth Error

OAuth Error

Custom port is not allowed or the host is not registered with this consumer key.

OAuth get_request_token

Wed, 16 Dec 2009 11:52:20 -0800

I figured out the issue! So for all of you that have been unable to get this to work, my pitfall was during the registration process. In the input box that requires a domain name make sure that you make it http://www.domain.com. Then in the call back function of the get_request_token make sure it is http://www.domain.com/index.php.

OAuth get_request_token

Wed, 16 Dec 2009 11:52:20 -0800

Nice work, Doyle. Thanks for posting back when you figured it out. As you noted, the app domain associated w/ your OAuth keys must be the same as the callback domain. This is to prevent access credentials from being misdirected by a malicious site.

OAuth get_request_token

Wed, 16 Dec 2009 11:52:20 -0800

QUOTE (Doyle @ Dec 16 2009, 01:14 PM) <{POST_SNAPBACK}>

I figured out the issue! So for all of you that have been unable to get this to work, my pitfall was during the registration process. In the input box that requires a domain name make sure that you make it http://www.domain.com. Then in the call back function of the get_request_token make sure it is http://www.domain.com/index.php.

Hi Can you help how to get the token,
My code is in VB.net.

Obtaining the OAuth confirmation code

Wed, 16 Dec 2009 06:58:37 -0800

I have created an iPhone app that posts bookmarks on Delicious.

I followed the steps described in http://delicious.com/help/oauthapi. As oauth_callback, I supply oob.

I use OAuth for the communication, but the step with copying a confirmation code (= oauth_verifier parameter) is cumberstone.

My app's current flow from the user's perspective is as follows:

The user is presented a webpage where to login to Yahoo.
The user is presented a webpage with a higlighted 6-digit code which he should copy to the application.

Copying this code on the iPhone is quite cumberstone for the user (Zoom in, mark the right element, press "Paste" in the popup).

Is there an easy way to obtain the confirmation code (oauth_verifier) programatically (e.g. from the requested URLs)?

Or is there a dedicated API using Yahoo OAuth with mobile devices?

Thanks,

Reiner

Obtaining the OAuth confirmation code

Wed, 16 Dec 2009 06:58:37 -0800

Hi Reiner,

There isn't a way to programmatically fetch the confirmation code. I filed your comment as a bug though, so we can look into ways of making the flow easier on a mobile device.

Best regards

Domain Verification Failed

Wed, 16 Dec 2009 02:09:03 -0800

Hello,

I looked for my error on the forum and i found posts but without solution, so i'm making my own thread.

The problem is that i requested an API Key for the OAuth system, when i go to "My Projects" i see the project i created with my API Key and all the informations.

The problem is that i didn't want to use this Yahoo! account to request the API Key, so i tried to delete the project, and login with the other Yahoo! account but when i request again the API Key for the same domain i have this error during the domain verification step :

"There was an internal error while an application is being created. Please try again"

So i tried to request the API Key again with the first account, and it worked, but i can't keep this API Key linked with my personal account.

If anybody can help me to delegate this API Key on a second Yahoo! account ? or to request the API Key on the second account without having this error :s

Thank you in advance for your help

PS : sorry if i don't speak very well english, i did my best

Domain Verification Failed

Wed, 16 Dec 2009 02:09:03 -0800

Hi Julien,

There's nothing in place to stop you from create multiple apps using the same domain. There are a few reasons why the registration process might fail, though:
- the phrases "Yahoo", "Yahoo!", and "Y!" cannot be in the app name or description
- the app domain must be publicly accessible, ie Yahoo!'s servers have to be able to make requests to it
- you cannot use custom ports or an IP address for the app domain
- there are a few required image urls in the registration form and the registration will fail if these are not filed in with valid urls

Best regards

Obtaining oauth access token in a client/desktop application

Thu, 10 Dec 2009 11:57:31 -0800

Hi,

I am developing a client/desktop application for delicious and it is not completely clear to me how to obtain an oauth access token. All of the examples I have seen posted assume it is a web application. I have registered an app and have a consumer and a secret key, etc. I am not entirely clear how to get the describe flow of information given that I have no callback url and a domain was not registered for said key pair.

Thanks!
ttyl
Dima

Obtaining oauth access token in a client/desktop application

Thu, 10 Dec 2009 11:57:31 -0800

QUOTE (dimabrodsky @ Dec 10 2009, 11:57 AM) <{POST_SNAPBACK}>

Hi,

I am developing a client/desktop application for delicious and it is not completely clear to me how to obtain an oauth access token. All of the examples I have seen posted assume it is a web application. I have registered an app and have a consumer and a secret key, etc. I am not entirely clear how to get the describe flow of information given that I have no callback url and a domain was not registered for said key pair.

Thanks!
ttyl
Dima

Hi Dima,

You will use the same flow, but for the oauth_callback parameter specify 'oob'. The end user will be given a verification code that you will need to receive in your application and use as the oauth_verifier.

This flow is illustrated here: http://developer.yahoo.com/oauth/guide/oau...uth-accesstoken

Also, this is a good overview on oauth implementations for web + desktop apps: http://www.slideshare.net/leahculver/implementing-oauth

Step 4 oauth_signature issues

Wed, 09 Dec 2009 14:15:38 -0800

I am simply trying to get the instructions found here: http://delicious.com/help/oauthapi and here: http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html to work.

I am hung up on step four.

Delicious says to set up the URL like this:

CODEBOX

https://api.login.yahoo.com/oauth/v2/get_token?
oauth_consumer_key=<your consumer key>
&oauth_signature_method=PLAINTEXT
&oauth_version=1.0
&oauth_verifier=<oauth_verifier>
&oauth_token=<request_token>
&oauth_nonce=<random string>
&oauth_timestamp=<current timestamp>
&oauth_signature=<your consumer key>%26<your shared secret>

This seems rather straight forward but every time I get this error "oauth_problem=signature_invalid".

I was looking at the example on the Yahoo page and it shows this:

CODEBOX

https://api.login.yahoo.com/oauth/v2/get_token?oauth_consumer_key=dj0yJmk9NG5USlVvTlZsZEpnJmQ9WVdrOVQwa
    zFPRUozTkc4bWNHozlNVE13TXprM01UUTBNZy0tJnM9Y29uc3VtZXJzZWNyZXQmeD1kNg--
  &oauth_signature_method=PLAINTEXT
  &oauth_version=1.0
  &oauth_verifier=svmhhd
  &oauth_token=gugucz&oauth_timestamp=1228169662
  &oauth_nonce=8B9SpF
  &oauth_signature=5f78507cf0acc38890cf5aa697210822e90c8b1c%261fa61b464613d0d32de80089fe099caf34c9dac5

If you compare what delicious says to put for oauth_signature and yahoo's example, it doesn't add up. The portion before the "%26" is not the consumer key just a few lines above.

Anyone got any ideas on how to actually form this url?

Step 4 oauth_signature issues

Wed, 09 Dec 2009 14:15:38 -0800

I was just able to exchange the request token for the access token using the url formulation described here:
http://developer.yahoo.com/oauth/guide/oau...-sign-plaintext

for example:
//retrieve request token params stored from step 1 of the oauth flow
$request_token = unserialize(file_get_contents($request_token_file_path));

$t = time();
$u = 'https://api.login.yahoo.com/oauth/v2/get_token?'
.'oauth_consumer_key='.YAHOO_OAUTH_CONSUMER_KEY
.'&oauth_signature_method=PLAINTEXT'
.'&oauth_timestamp='.$t
.'&oauth_token='.$_GET['oauth_token']
.'&oauth_verifier='.$_GET['oauth_verifier']
.'&oauth_version=1.0'
.'&oauth_nonce='.$t.rand()
.'&oauth_signature='.YAHOO_OAUTH_CONSUMER_SECRET.'%26'.$request_token->secret;

$c = curl_init($u);
curl_exec($c);
?>

QUOTE (LSUlibanthro @ Dec 9 2009, 02:15 PM) <{POST_SNAPBACK}>

I am simply trying to get the instructions found here: http://delicious.com/help/oauthapi and here: http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html to work.

I am hung up on step four.

Delicious says to set up the URL like this:
CODE
https://api.login.yahoo.com/oauth/v2/get_token?
oauth_consumer_key=<your consumer key>
&oauth_signature_method=PLAINTEXT
&oauth_version=1.0
&oauth_verifier=<oauth_verifier>
&oauth_token=<request_token>
&oauth_nonce=<random string>
&oauth_timestamp=<current timestamp>
&oauth_signature=<your consumer key>%26<your shared secret>
This seems rather straight forward but every time I get this error "oauth_problem=signature_invalid".

I was looking at the example on the Yahoo page and it shows this:
CODE
https://api.login.yahoo.com/oauth/v2/get_token?oauth_consumer_key=dj0yJmk9NG5USlVvTlZsZEpnJmQ9WVdrOVQwa
    zFPRUozTkc4bWNHozlNVE13TXprM01UUTBNZy0tJnM9Y29uc3VtZXJzZWNyZXQmeD1kNg--
  &oauth_signature_method=PLAINTEXT
  &oauth_version=1.0
  &oauth_verifier=svmhhd
  &oauth_token=gugucz&oauth_timestamp=1228169662
  &oauth_nonce=8B9SpF
  &oauth_signature=5f78507cf0acc38890cf5aa697210822e90c8b1c%261fa61b464613d0d32de80089fe099caf34c9dac5
If you compare what delicious says to put for oauth_signature and yahoo's example, it doesn't add up. The portion before the "%26" is not the consumer key just a few lines above.

Anyone got any ideas on how to actually form this url?

Step 4 oauth_signature issues

Wed, 09 Dec 2009 14:15:38 -0800

Yes, the Delicious doc is incorrect. Definitely frustrating trying to follow that, how can you believe any of it when there's such obvious errors?

It should be %26

QUOTE (LSUlibanthro @ Dec 9 2009, 02:15 PM) <{POST_SNAPBACK}>

I am simply trying to get the instructions found here: http://delicious.com/help/oauthapi and here: http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html to work.

I am hung up on step four.

Delicious says to set up the URL like this:
CODE
https://api.login.yahoo.com/oauth/v2/get_token?
oauth_consumer_key=<your consumer key>
&oauth_signature_method=PLAINTEXT
&oauth_version=1.0
&oauth_verifier=<oauth_verifier>
&oauth_token=<request_token>
&oauth_nonce=<random string>
&oauth_timestamp=<current timestamp>
&oauth_signature=<your consumer key>%26<your shared secret>
This seems rather straight forward but every time I get this error "oauth_problem=signature_invalid".

I was looking at the example on the Yahoo page and it shows this:
CODE
https://api.login.yahoo.com/oauth/v2/get_token?oauth_consumer_key=dj0yJmk9NG5USlVvTlZsZEpnJmQ9WVdrOVQwa
    zFPRUozTkc4bWNHozlNVE13TXprM01UUTBNZy0tJnM9Y29uc3VtZXJzZWNyZXQmeD1kNg--
  &oauth_signature_method=PLAINTEXT
  &oauth_version=1.0
  &oauth_verifier=svmhhd
  &oauth_token=gugucz&oauth_timestamp=1228169662
  &oauth_nonce=8B9SpF
  &oauth_signature=5f78507cf0acc38890cf5aa697210822e90c8b1c%261fa61b464613d0d32de80089fe099caf34c9dac5
If you compare what delicious says to put for oauth_signature and yahoo's example, it doesn't add up. The portion before the "%26" is not the consumer key just a few lines above.

Anyone got any ideas on how to actually form this url?

Unable to get the request_Token

Sat, 05 Dec 2009 13:43:12 -0800

Hi there
I want to do yahoo oauth in java
I try to generate request_token link by java here is my result :

https://api.login.yahoo.com/oauth/v2/get_re...h_consumer_key=[MYCONSUMMERKEY]&oauth_signature_method=plaintext&oauth_signature=[MYCONSUMERSECRET%26]&oauth_version=1.0&xoauth_lang_pref=en-us&oauth_callback=[MYCALLBACKURL]

I used those code to generate auth_nonce and timestamp
-----------------------------------------------------------
Calendar cal = Calendar.getInstance();
long ms = cal.getTimeInMillis() ;

int timestamp=(int) (ms/1000);

Random r = new Random();

long nonce1 = r.nextLong();
Long nonce=Math.abs(new Long(nonce1));
--------------------------------------------------------------
When i click the link that i generated above it give me error

OAuth Error

* Custom port is not allowed or the host is not registered with this consumer key.

Please tell me what i am doing wrong
Thanks so much

Unable to get the request_Token

Sat, 05 Dec 2009 13:43:12 -0800

Any yahoo staff here can answer my question? why i can register for web app and it gives me that kind of error.

Thanks

Unable to get the request_Token

Sat, 05 Dec 2009 13:43:12 -0800

I was seeing the same response. Make sure you have the same domain in your callback_url as the one you configured your app with. As soon as I changed this it worked for me. However, I'm not if this is the only issue you're facing.

The one thing which is wonky with how Yahoo implements this pattern is its impossible to the entire flow locally on a dev machine unless you change your dns settings.

I like to run all my development using example.com as my root domain. The verify process for Yahoo OAuth makes this impossible to verify since example.com isn't an allowed domain.

Anyway, I hope this helps.

-greg

Unable to get the request_Token

Sat, 05 Dec 2009 13:43:12 -0800

QUOTE (Meltonian @ Dec 9 2009, 03:03 PM) <{POST_SNAPBACK}>

I was seeing the same response. Make sure you have the same domain in your callback_url as the one you configured your app with. As soon as I changed this it worked for me. However, I'm not if this is the only issue you're facing.

The one thing which is wonky with how Yahoo implements this pattern is its impossible to the entire flow locally on a dev machine unless you change your dns settings.

I like to run all my development using example.com as my root domain. The verify process for Yahoo OAuth makes this impossible to verify since example.com isn't an allowed domain.

Anyway, I hope this helps.

-greg

------------------------------------------------------------------
Dear greg thank you for your response,
i did check my domain which is the domain that yahoo need to verify the html file . It was the same domain as my callback
But it still give me that error:

OAuth Error

* Custom port is not allowed or the host is not registered with this consumer key.

i did use the port 8081 in my server for callback url is this the problem?
it seem yahoo staff doesnt want to help us, they should declare that kind of error in document.
Yahoo please make that clear for developers

please tell me why i got this error

YAHOO JAVA OAUTH API

Fri, 04 Dec 2009 16:07:43 -0800

Hi
i wonder if there is any yahoo oauth api implement in java?
or any one how implement this problem in java?
Thanks so much

yos-social-objc: consumer_key_rejected, SocialSample iPhone app crashing

Fri, 04 Dec 2009 04:43:56 -0800

Hello everyone,

I want to post Bookmarks on Delicious, and have to use OAuth for Delicious accounts with Yahoo logins.

First I tried mpoauthconnection, but always get "oauth_problem: consumer_key_rejected" as a result.

So I tried Yahoos own implementation, but even their SocialSample application is crashing (!, EXEC_BAD_ACCESS) when trying it with the keys provided by the website. When debugging the code I found out that the reason is the same, but am quite shocked that a company like Yahoo does not provide a fail-safe sample.

I checked the consumerKey and shareKey twice and even created several apps in the Yahoo Dashboard using different key-combos , but with no success.

Does anyone know how I can check the OAuth-Communication?

Thank you,

Reiner

OAuth for desktop application

Tue, 01 Dec 2009 02:00:26 -0800

Hi,

I am working on an application to read a yahoo user's contact details. This is a server application with no UI. The application stores the user's yahoo user id and password.

OAuth data flow does not allow for this. I have signed up my application and sent in the get_request_token request with oauth_callback=oob. I guess I was hoping the data returned would give me a clue as to what I should do.

What is the method I should use to authenticate so I can access the contact API.

Thanks,
Claire Mennis.

OAuth for desktop application

Tue, 01 Dec 2009 02:00:26 -0800

Read this one, it may help you.
http://developer.yahoo.net/forum/index.php...&#entry9916

My experience:
get requestoken and get access token => use plain text for simplicity

when you have access token, you MUST USE HMACSHA1.

OAuth for desktop application

Tue, 01 Dec 2009 02:00:26 -0800

QUOTE (Nguyễn Văn Thoại @ Dec 1 2009, 08:24 AM) <{POST_SNAPBACK}>

Read this one, it may help you.
http://developer.yahoo.net/forum/index.php...&#entry9916

My experience:
get requestoken and get access token => use plain text for simplicity

when you have access token, you MUST USE HMACSHA1.

You should use OAuth for desktop applications. At some point the user must verify that your application is authorized and type in an oauth verifier code.

OAuth for desktop application

Tue, 01 Dec 2009 02:00:26 -0800

QUOTE (Dustin Whittle @ Dec 1 2009, 10:04 AM) <{POST_SNAPBACK}>

You should use OAuth for desktop applications. At some point the user must verify that your application is authorized and type in an oauth verifier code.

How does one obtain an oauth verifier code for a desktop application? If seems that this is the missing golden nugget in a number of these oauth threads.

Thanks!
ttyl
Dima

OAuth for desktop application

Tue, 01 Dec 2009 02:00:26 -0800

QUOTE (dimabrodsky @ Dec 10 2009, 01:24 PM) <{POST_SNAPBACK}>

How does one obtain an oauth verifier code for a desktop application? If seems that this is the missing golden nugget in a number of these oauth threads.

Thanks!
ttyl
Dima

The user will receive the code when they authorize the request token. Your app should take this as an input and use the received oauth_verifier to exchange the approved request token for an access token.

Not Able to generate Request Token

Mon, 30 Nov 2009 13:10:39 -0800

Hi All

We are passing API Key,Shared Secret,Application ID but it is not returning any token.
The YahooSession::requireSession() always returns null.

Please help.

Thanks,

Not Able to generate Request Token

Mon, 30 Nov 2009 13:10:39 -0800

The response for this has been added to your other post: http://developer.yahoo.net/forum/index.php?showtopic=3621

- Jon

OAuth is not working properly

Mon, 30 Nov 2009 12:25:03 -0800

Hi All,

We have tested the OAuth using the PHP SDK, but the YahooSession::requireSession() always return null.
We had properly providing API Key,Shared Secret,Application ID and also we had configured the Consumer Key to
access by selecting proper check box.
But still getting null value as session.

Looking forward for any help.

Thanks,

Karamveer.

OAuth is not working properly

Mon, 30 Nov 2009 12:25:03 -0800

A few things - have you checked the consumer key to make sure that it is completely the same? Sometimes if you manually copy the keys there are a few dashes that get left off. Also, have you created a profile at profiles.yahoo.com? If neither of those are the cause can you please post your sample code that is failing? I'll take a look.

Jonathan LeBlanc
Technology Evangelist
Yahoo! Developer Network
Twitter: jcleblanc

OAuth is not working properly

Mon, 30 Nov 2009 12:25:03 -0800

QUOTE (Jonathan LeBlanc @ Nov 30 2009, 01:10 PM) <{POST_SNAPBACK}>

A few things - have you checked the consumer key to make sure that it is completely the same? Sometimes if you manually copy the keys there are a few dashes that get left off. Also, have you created a profile at profiles.yahoo.com? If neither of those are the cause can you please post your sample code that is failing? I'll take a look.

Jonathan LeBlanc
Technology Evangelist
Yahoo! Developer Network
Twitter: jcleblanc

Hi Jonathan! thanks for the quick response.
Yes i have verified the key and secret number of times,They are perfectly fine.I also tried logging into "profiles.yahoo.com" with my yahoo id.No problem there too.
And this issue has become headache since i am onto this for quiet a while now.

here is the code:

// Include the YOS library.
require dirname(__FILE__).'/../lib/Yahoo.inc';

// debug settings
error_reporting(E_ALL | E_NOTICE); # do not show notices as library is php4 compatable
ini_set('display_errors', true);
YahooLogger::setDebug(true);
YahooLogger::setDebugDestination('LOG');

// use memcache to store oauth credentials via php native sessions
ini_set('session.save_handler', 'files');
session_save_path('/tmp/');
session_start();

// Make sure you obtain application keys before continuing by visiting:
// https://developer.yahoo.com/dashboard/createKey.html

//code10k
define('OAUTH_CONSUMER_KEY', 'dj0yJmk9VGZwUVFldVM5QUxCJmQ9WVdrOVRXNXpWekZITnpZbWNHbzlPVFV5TURBeU56YzImcz1j
b25zdW1lcnNlY3JldCZ4PTA0');
define('OAUTH_CONSUMER_SECRET', 'bd75cace681afd62f4524b0ab449c103ecf90da0');
define('OAUTH_DOMAIN', 'code10.a1technology.asia');
define('OAUTH_APP_ID', 'MnsW1G76');

if(array_key_exists("logout", $_GET)) {
// if a session exists and the logout flag is detected
// clear the session tokens and reload the page.
YahooSession::clearSession();
header("Location: sampleapp.php");
}

// check for the existance of a session.
// this will determine if we need to show a pop-up and fetch the auth url,
// or fetch the user's social data.
$hasSession = YahooSession::hasSession(OAUTH_CONSUMER_KEY, OAUTH_CONSUMER_SECRET, OAUTH_APP_ID);

//echo "hasSession :
";var_dump($hasSession);
YahooLogger::setDebug(true);
if($hasSession == FALSE) {
// create the callback url,
$callback = YahooUtil::current_url()."?in_popup";
//echo "
".$callback;
// pass the credentials to get an auth url.
// this URL will be used for the pop-up.
$auth_url = YahooSession::createAuthorizationUrl(OAUTH_CONSUMER_KEY, OAUTH_CONSUMER_SECRET, $callback);
//echo "auth url :
";var_dump($auth_url);

}
else {
// pass the credentials to initiate a session
$session = YahooSession::requireSession(OAUTH_CONSUMER_KEY, OAUTH_CONSUMER_SECRET, OAUTH_APP_ID);

//echo "session :
";var_dump($session);exit;
// if the in_popup flag is detected,
// the pop-up has loaded the callback_url and we can close this window.
if(array_key_exists("in_popup", $_GET)) {
close_popup();
exit;
}

// if a session is initialized, fetch the user's profile information
if($session) {
// Get the currently sessioned user.
$user = $session->getSessionedUser();

// Load the profile for the current user.
$profile = $user->getProfile();
}
}

/**
* Helper method to close the pop-up window via javascript.
*/
function close_popup() {
?>

}
?>

YOS Social Platform Sample Application

if($hasSession == FALSE) {
// if a session does not exist, output the
// login / share button linked to the auth_url.
echo sprintf("\n", $auth_url);
}
else if($hasSession && $profile) {
// if a session does exist and the profile data was
// fetched without error, print out a simple usercard.
echo sprintf("

Hi %s!

\n", $profile->image->imageUrl, $profile->profileUrl, $profile->nickname);

if($profile->status->message != "") {
$statusDate = date('F j, y, g:i a', strtotime($profile->status->lastStatusModified));
echo sprintf("

“%s” on %s

", $profile->status->message, $statusDate);
}

echo "

Logout

";
}
?>

Following lines return null:

$hasSession = YahooSession::hasSession(OAUTH_CONSUMER_KEY, OAUTH_CONSUMER_SECRET, OAUTH_APP_ID);
$auth_url = YahooSession::createAuthorizationUrl(OAUTH_CONSUMER_KEY, OAUTH_CONSUMER_SECRET, $callback);

application URL:
http://code10.a1technology.asia/test.yahoo...e/sampleapp.php

Thanks

OAuth is not working properly

Mon, 30 Nov 2009 12:25:03 -0800

Hi,
When i checked my apache error log it tells me this:

APACHE ERRORS
Mon Nov 30 09:27:00 2009] [error] [client 202.164.41.135] ERROR - Failed to create request token: timestamp_refused
[Mon Nov 30 09:27:00 2009] [error] [client 202.164.41.135] ERROR - Failed to create request token

Can u tell me what to do about this?

Thanks
karam

OAuth is not working properly

Mon, 30 Nov 2009 12:25:03 -0800

Hi,
there was an issue due to the timestamp.
It works fine now.
But how do we get to edit and update the contacts.
Can you please help.

i have filled up the form required for that which was mentioned on this link.
http://developer.yahoo.com/social/contacts/

This is where i filled up the form
http://developer.yahoo.com/register/

Is that all i need to do.?

Please help!!

Thanks
karamveer.

OAuth is not working properly

Mon, 30 Nov 2009 12:25:03 -0800

QUOTE (Karamvir @ Dec 1 2009, 12:51 PM) <{POST_SNAPBACK}>

Hi,
there was an issue due to the timestamp.
It works fine now.
But how do we get to edit and update the contacts.
Can you please help.

i have filled up the form required for that which was mentioned on this link.
http://developer.yahoo.com/social/contacts/

This is where i filled up the form
http://developer.yahoo.com/register/

Is that all i need to do.?

Please help!!

Thanks
karamveer.

Karamvir,

Could you post the whole source code and what you did in order to make it work? I can't seem to get the sampleapp to work (It keeps returning null) and I'm completely clueless as to how to fix it.

OAuth is not working properly

Mon, 30 Nov 2009 12:25:03 -0800

QUOTE (Carlos @ Dec 15 2009, 07:21 PM) <{POST_SNAPBACK}>

Karamvir,

Could you post the whole source code and what you did in order to make it work? I can't seem to get the sampleapp to work (It keeps returning null) and I'm completely clueless as to how to fix it.

Hello Karanvir,

I am getting the same Null value for the those two functions.
I am new to PHP.
I dont know about the timestamp problem.
can you please post your working code for sampleapp.php?

thanks,
Prakash

Register subdomains?

Fri, 27 Nov 2009 06:26:18 -0800

Hi,

I'm developing UWA widgets for Netvibes and having issues with OAuth token request:

I registered http://xxx.domain.com for an API key, but the widgets are on their own subdomain (http://widget1.xxx.domain.com, http://widget2.xxx.domain.com…).

The OAuth token request response is "Custom port is not allowed or the host is not registered with this consumer key."

Is there a way to register *.xxx.domain.com? or *.domain.com? (here we have thousands of widgets, registering each of them would be impossible)

Or even better, how to register http://domain.com? (it redirects to www.domain.com, which has the .html file, but I guess the redirection must break the verification)

Thanks,

Kevin

Register subdomains?

Fri, 27 Nov 2009 06:26:18 -0800

Unfortunately at the current time there is no method to register *.domain.com - each subdomain will need to be registered independently for an application. The custom port is not allowed error is the standard notification if you are trying to use the consumer key / secret from xxx.domain.com when you registered domain.com. This process is being worked on but at the current time that is the only public method we have for registering the domain names.

Jonathan LeBlanc
Technology Evangelist
Yahoo! Developer Network
Twitter: @jcleblanc

Problem With My Yahoo Signature

Tue, 24 Nov 2009 16:41:18 -0800

After several years of no issues, my Yahoo Signature is suddenly jumbled together and I can't correct it.

For instance, signature should look like this:

John Doe
http://www.johndoe.com
PO Box 1234
Any City, State, Zip

Now looks like this:

John Doe http://www.johndoe.com PO Box 1234 Any City, State, Zip

Any help resolving this would be appreciated. FWIW, this problem only occurs on one of several Yahoo email accounts that I have.

Thanks,

NSD

OAuth request_token method not redirecting on success

Tue, 24 Nov 2009 07:49:27 -0800

Hi,

I'm attempting to initiate the OAuth dance by making a GET call to the request_token endpoint, https://api.login.yahoo.com/oauth/v2/get_request_token. I've included all of the relevant parameters in the GET query string. Unfortunately, the call results in a 200 rather than doing something to prompt me for authorization. I get the same behavior regardless of my logged-in / logged-out of Yahoo state. Interestingly, the 200 response comes back with query parameters which would otherwise end up appended to the callback URL are dumped in the response body.

Does anybody have any idea what's going on here? If I screw up the parameters in other interesting ways, I get a 401 rather than a 200, so it seems that my request is constructed correctly, but for some reason the OAuth server isn't behaving as I'm expecting.

Check it out:

GET /oauth/v2/get_request_token?oauth_nonce=28042247&oauth_timestamp=1259077288&oauth_consumer_key=dj0yJmk9eTVoMnNFbHBlbVQ0JmQ9WVdrOVkzcEtNR3QwTXpnbWNHbzlOa
kkxTXprd05qZzEmcz1jb25zdW1lcnNlY3JldCZ4PWQ1&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=Ii%2FTgDG%2F65G2NmH0gixmUObUMck%3D&xoauth_lang_pref=en-us&oauth_callback=http%3A%2F%2Fwww.yttrium.ws%2F HTTP/1.1
Host: api.login.yahoo.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.5) Gecko/20091102 YFF35 Firefox/3.5.5
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

HTTP/1.1 200 OK
Date: Tue, 24 Nov 2009 15:41:29 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Connection: close
Transfer-Encoding: chunked
Content-Type: text/plain; charset=utf-8

oauth_token=eyxt4jr&oauth_token_secret=4edc80f935dd2cf4f1ad57db1200ba8f1e8f62d3&oauth_expires_in=3600&xoauth_request_auth_url=https%3A%2F%2Fapi.login.yahoo.com%2Foauth%2Fv2%2Frequest_auth%3Foauth_token%3Deyxt4jr&oauth_callback_confirmed=true

Thanks,
Peter

OAuth request_token method not redirecting on success

Tue, 24 Nov 2009 07:49:27 -0800

QUOTE (griessp @ Nov 24 2009, 07:49 AM) <{POST_SNAPBACK}>

Hi,

I'm attempting to initiate the OAuth dance by making a GET call to the request_token endpoint, https://api.login.yahoo.com/oauth/v2/get_request_token. I've included all of the relevant parameters in the GET query string. Unfortunately, the call results in a 200 rather than doing something to prompt me for authorization. I get the same behavior regardless of my logged-in / logged-out of Yahoo state. Interestingly, the 200 response comes back with query parameters which would otherwise end up appended to the callback URL are dumped in the response body.

Does anybody have any idea what's going on here? If I screw up the parameters in other interesting ways, I get a 401 rather than a 200, so it seems that my request is constructed correctly, but for some reason the OAuth server isn't behaving as I'm expecting.

Check it out:

GET /oauth/v2/get_request_token?oauth_nonce=28042247&oauth_timestamp=1259077288&oauth_consumer_key=dj0yJmk9eTVoMnNFbHBlbVQ0JmQ9WVdrOVkzcEtNR3QwTXpnbWNHbzlOa
kkxTXprd05qZzEmcz1jb25zdW1lcnNlY3JldCZ4PWQ1&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=Ii%2FTgDG%2F65G2NmH0gixmUObUMck%3D&xoauth_lang_pref=en-us&oauth_callback=http%3A%2F%2Fwww.yttrium.ws%2F HTTP/1.1
Host: api.login.yahoo.com
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.5) Gecko/20091102 YFF35 Firefox/3.5.5
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

HTTP/1.1 200 OK
Date: Tue, 24 Nov 2009 15:41:29 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Connection: close
Transfer-Encoding: chunked
Content-Type: text/plain; charset=utf-8

oauth_token=eyxt4jr&oauth_token_secret=4edc80f935dd2cf4f1ad57db1200ba8f1e8f62d3&oauth_expires_in=3600&xoauth_request_auth_url=https%3A%2F%2Fapi.login.yahoo.com%2Foauth%2Fv2%2Frequest_auth%3Foauth_token%3Deyxt4jr&oauth_callback_confirmed=true

Thanks,
Peter

Peter,

This is a valid oauth request token response. The browser is not automatically redirected, you should use the xoauth_request_auth_url request parameter to redirect the user to the authorization page. See more information in the oauth guide: http://developer.yahoo.com/oauth/guide/

simpleyql, a free Java library to ease YQL+OAuth development

Mon, 23 Nov 2009 06:35:50 -0800

Hello!

I am one of the developers of simpleyql, a library that simplifies the development of Java applications that need to use OAuth-authenticated YQL APIs.

It may help Java developers that got a bit unmotivated by the complexity of the oAuth core library (simpleyql is built upon it, but hides its complexity by being Yahoo-specific and doing some assumptions).

If you want to see it in action, check MemeThis (a Y! Meme add-on that uset this library), which is free software, just as simpleyql. An interesting aspect is that it's hosted on Google App Engine(*), showcasing how people can combine Google and Yahoo! services to build new functionality and make it available at zero cost!

* simpleyql was designed with GAE as an option in mind, but will work as well on standard web containers.

Regards,
Chester.

Php Signing: OAuth oauth_problem=signature_invalid

Sun, 15 Nov 2009 14:11:58 -0800

For some reason the hmac signing is going wrong and I have no idea why. I tried the Php Sdk and I get the same error so I started from scratch without any luck.

CODE

$timestamp = strtotime('now');
$nonce = substr(md5(uniqid(rand())), 0, 8);

// Data to encode
$data = array(
  'oauth_consumer_key' => OAUTH_CONSUMER_KEY,
  'oauth_nonce' => $nonce,
  'oauth_signature_method' => 'HMAC-SHA1',
  'oauth_timestamp' => $timestamp, 
  'oauth_version' => '1.0', 
  'xoauth_lang_pref' => 'en-us'
);

// Generate HMAC_SHA1
$base_string = http_build_query($data);
$base_string = urlencode($base_string);
$base_string = 'POST&' . urlencode('https://api.login.yahoo.com/oauth/v2/get_request_token') . '&' . $base_string;
$signature = hash_hmac('sha1', $base_string, OAUTH_CONSUMER_SECRET);

// Generate Post Data
$post = $data;
unset($post['xoauth_lang_pref']);
$post['oauth_signature'] = $signature;

$response = http::request(
    'https://api.login.yahoo.com/oauth/v2/get_request_token',
    array(
        'POST' => $post
    )
);

CODE

Base String:
string(335) "POST&https%3A%2F%2Fapi.login.yahoo.com%2Foauth%2Fv2%2Fget_request_token&oauth_consumer_key%3Ddj0yJmk9TWxuYlhVcDBEREVsJmQ9WVdrOVRrbENUREZITkc4bWNHbzlOalV4TVRZM016SXcmcz1jb2
5zdW1lcnNlY3JldCZ4PWE0%26oauth_nonce%3D31fe6a02%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1258321950%26oauth_version%3D1.0%26xoauth_lang_pref%3Den-us"

Signature:
string(40) "a5a4f73c716ff86f3433fc704b7451640767c904"

Post Sent:
    [oauth_consumer_key] => dj0yJmk9TWxuYlhVcDBEREVsJmQ9WVdrOVRrbENUREZITkc4bWNHbzlOalV4TVRZM016SXcmcz1jb25z
dW1lcnNlY3JldCZ4PWE0
    [oauth_nonce] => 31fe6a02
    [oauth_signature_method] => HMAC-SHA1
    [oauth_timestamp] => 1258321950
    [oauth_version] => 1.0
    [oauth_signature] => a5a4f73c716ff86f3433fc704b7451640767c904

Header Sent:
  POST /oauth/v2/get_request_token HTTP/1.1
  Host: api.login.yahoo.com
  Accept: */*
  Content-Length: 275
  Content-Type: application/x-www-form-urlencoded

Header Received:
  [0] => HTTP/1.1 401 Forbidden
  [Date] => Sun, 15 Nov 2009 22:09:33 GMT
  [P3P] => policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
  [WWW-Authenticate] => OAuth oauth_problem=signature_invalid
  [Connection] => close
  [Transfer-Encoding] => chunked
  [Content-Type] => application/x-www-form-urlencoded

Php Signing: OAuth oauth_problem=signature_invalid

Sun, 15 Nov 2009 14:11:58 -0800

I finally reverted back to the php yahoo sdk, and this is a very important note.

$yahoo_session = YahooSession::requireSession(API_KEY, SHARED_SECRET, APP_ID, 'http://sitesdomain.com/');

YOU MUST specify the domain that you used to sign up as the key. Trying to do:

$yahoo_session = YahooSession::requireSession(API_KEY, SHARED_SECRET);

will fail.

Php Signing: OAuth oauth_problem=signature_invalid

Sun, 15 Nov 2009 14:11:58 -0800

QUOTE (Joseph M @ Nov 16 2009, 11:49 AM) <{POST_SNAPBACK}>

I finally reverted back to the php yahoo sdk, and this is a very important note.

$yahoo_session = YahooSession::requireSession(API_KEY, SHARED_SECRET, APP_ID, 'http://sitesdomain.com/');

YOU MUST specify the domain that you used to sign up as the key. Trying to do:

$yahoo_session = YahooSession::requireSession(API_KEY, SHARED_SECRET);

will fail.

Yes, you need to specify your application id and call back domain. Is everything working correctly for you now?

consumer_key_rejected