Hi,

When I run "select * from social.profile where guid=me" in the test console it shows my givenName and my familyName.
However when I run the same query from php neihter of them show up....

What kind of access will my application require to be able access those infomation ?

Regards,
Fred.

As longs as you selected the profiles scope when you created your oauth application you should have access to all of the profile data. Can you send the snippet of code yyou are using?

<?php
// Include the PHP SDK to access library
include_once("yosdk/lib/Yahoo.inc");
// Your Consumer Key (API Key) goes here.
define('CONSUMER_KEY', "myconsumerKEY--");

// Your Consumer Secret goes here.
define('CONSUMER_SECRET', "myconsumerSECRET");

// Your application ID goes here.
define('APPID', "8nWCnY76");

$session = YahooSession::requireSession(CONSUMER_KEY,CONSUMER_SECRET,APPID);
?>

function hasAccessToken() {
1507: return array_key_exists("yosdk_at", $_SESSION) && (strlen($_SESSION["yosdk_at"]) > 0);
}

Try removing the app id from the require_session call (only input the first two arguments for consumer and secret keys)...see if that works. If not, make sure that nothing else is being echoed out to the screen (like spaces) because the header call will fair with that error if that's the case.

Jonathan LeBlanc
Technology Evangelist
Yahoo! Developer Network
Twitter: jcleblanc

Thank you for the reply.
I tried removing and still the same error.
I also tried the code from: http://developer.yahoo.com/yos/code_exs/my...ource_code.html mysocial.php (by adding ofcourse a new API Key (OAuth consumer key)). This time I tried in another server and still the same error (first try on Debian , this time on CentOS).

Can someone confirm that the examples work fine?

I was just speaking with one of my colleagues who brought up an issue that he gets when using the PHP SDK - one that produces errors like what you are seeing. It appears that in some instances this problem may come from the lack of specifying a session. If those previous two suggestions don't work, try adding the following to the top of the PHP block:

session_start();

That may be the issue.

- Jon

I wonder if anyone can tell me what I'm doing wrong. I'm trying to PUT (update) my status.

Request:

CODE

PUT /v1/user/IJHZRTOXBCVJ2CSDXM7EF7CVSI/profile/status HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us
Cache-Control: no-cache
Host: social.yahooapis.com
Authorization: OAuth oauth_consumer_key="dj0yJmk9OGNYU2pwWHFVZnl5JmQ9WVdrOVZsaFJiMXBUTmpJbWNHbzlPRGsyTmpNeU1UUTUmcz1j
b25zdW1lcnNlY3JldCZ4PTYx", oauth_nonce="706555410", oauth_session_handle="AKmURkrhVVtEvkFk5kRfWM954JIzFCA7E4dHHTsqxVzot8VN9wY-", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1247610112", oauth_token="A%3D0OcePKTcphMq_kwctgJcS0m6Ehg8AyLoJ4mNvmyl6Jgg64fKDovgdOdv9fvGuWEzIZshbDVtNPhFO6
S0pLlN5b8GlaoqZfZEW0rXpfIV1j8hAZgJtG0Xd_1fOsrpOoYEEObhm1LKCKm_NbanRAWX23vHyAg1Iu
g
0Pet7415EkKffNa6BIlxiLeO77lOiG0MQuZvi4YF9cxWEZ_MS0XCapPr2mVE53MvG9BlM8pqMXfxWjru
o
G0Y.Gb3tVWWWfHRVhbopgT6JoTRYxWr.mHMbZXxyTgUzSxHZ6delN96T87dp4BotlNGO8Olv_4ClI8IB
j
iArJLDC5oVH.PGltuuJkZR3kNFHxmztb73vZkypeoxw4JKl7fXzkdp1T3D0lxdBWhJ4o8U_SmeddbXv2
I
SXJrp66CE.898P6.Ag5Hrv4sCBQqFdOYGPoK3PGTCpF3vubFpgUPP.sFD.TnzP5BXO1ftF5jIx92_xmB
f
L_gCAGinFb9hOp7jbT.HJscGPHhnMiFqetUrpvGjzJIIrlCOEmCPPDKLpCF_S8yjIPPJV1OgAw7VWRfk
E
b1QGcGKegHoNjX_iQlUlEeAEbX5bUveSuq5qxmGgMd3Zp6J6ojn1XsXTKJVw5ncHPuheNBZ4hBP3MzpO
X
GKGeDTOuaBj5G_w9foZaTnlr.5PYnHJgeMi6xsewAVRyY6V44Sm_UwD2iHm7nyMnYFILoW3rqJ5LAdhK
F
mA9UbBG6QXNSuYhcvVJ7FrLmBjDvw-", oauth_version="1.0", oauth_signature="YBYNqheAhWC9br3SetrSznPzAWo%3D"
Content-Length: 46
Expect: 100-continue
Accept-Encoding: gzip

<status><message>new status</message></status>

Response:

CODE

HTTP/1.1 400 Bad Request
Date: Tue, 14 Jul 2009 22:21:09 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Vary: Authorization
X-Yahoo-Social-Host: ws103.socdir.ac4.yahoo.com
Cache-Control: private
Content-Length: 340
Content-Type: application/xml; charset="utf-8"
Age: 0
Connection: keep-alive
Via: HTTP/1.1 r4.ycpi.a2s.yahoo.net (YahooTrafficServer/1.17.16 [cMs f ])
Server: YTS/1.17.16

<?xml version="1.0" encoding="utf-8"?><error xmlns="http://social.yahooapis.com/v1/schema.rng" xmlns:yahoo="http://www.yahooapis.com/v1/base.rng" yahoo:uri="http://www.yahooapis.com/v1/errors/400" yahoo:lang="en-US"><description>Request has malformed syntax or bad query</description><detail>Failed to parse post body data </detail></error>

I tried a few variations of the XML, including with/without the <?xml?> declaraction and/or namespace on the root element, but it doesn't seem to make any difference.

The GET request works fine. I don't believe it's a problem with OAuth because that all seems to be working so far. I have indeed granted myself permission to read/write my status. What else am I overlooking?

Finally, I've solved my problem.

Hi, I got the same problem

I sent the request to https://api.login.yahoo.com/oauth/v2/get_request_token..... with the params described in step 2: (http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html#oauth-requesttoken) but always receive "The remote server returned an error: (401) Unauthorized".

Can anyone from YAHOO team help please?

Can you please provide the complete http request/response with http headers. There is likely an oauth_problem http header with more detail as to what is wrong with the request.

Hi,

I am getting a new error all of a sudden, when I try to use OAuth flow for Contacts API. I am pasting the Dialog string below.

===============Dialog Begin=======================================================
Allow this application to access your Yahoo! account?
With your permission, this device or software application from a third-party publisher can use the data in your Yahoo! account.
Enter the code that was provided to you by the device or application.

Enter your code: This 7 character code is provided to you by the device or software application that you are trying to use.
If you cannot find this code, please review the instruction manual for this device or software application.
===============Dialog End=======================================================

Earlier I never used to get this and I have not done any changes. I am aware of the OAuth security protocol issues, but I think this is not related to this.
Now where is the 7 digit code given back on the calls to (1) get_request_token or (2) authorize_token or (3) getAccessToken().

Any help is appreciated.

Thanks,
Girish.

There is nothing more discouraging for folks looking to use a new platform than a complete lack of developer feedback or activity =(

Hi.....

I want to use the yahoo social API. My requirement is i have the yahoo user name and depending on the yahoo username i wanted to fetch his/her basic personal information (gender, Age, date of joining, About me.) And messenger/buddy list.

But without showing the yahoo login window. I tried to use the yahoo Social API but everytime it ask me to login into the account and if i am on the site first time then i have to allow to access these information then only we can get the details. But i want these information without any yahoo login or any access grant.

In our website we are creating yahoo members profile so let say i am the member of the site and any member comes to my profile page it should see my friend list and my basic information from yahoo.

Can any one suggest me which API should i use? or is it possible?


Thanks in advance.

Hi Yogesh,

Requests to the Social APIs are secured using OAuth. The Yahoo! login window is an essential part of the OAuth authorization flow given Yahoo! is the data provider, so there is no way around it. To ensure the security of a user's credentials and data, the user must authorize data access and must do so through the Yahoo! login page.

From the user's perspective, OAuth means he/she will only ever enter his/her username and password on Yahoo!. This tremendously decreases the chances of being phished or scammed in some way. From the developer's perspective, OAuth is a good thing because it means that you will never have to worry about securing the user's identity; Yahoo! handles it for you.

This example from the OAuth docs provides a good illustration of the issue in question: http://www.hueniverse.com/hueniverse/2007/...ners-gui-1.html

The Yahoo! OAuth docs discuss the auth flow in a way specific to Yahoo!.

Please post back if you have any other questions.

Erik

Hello Erik,

Thanks for the reply. According to your post it will always redirect to the login page of yahoo.


I have integrated the Yahoo Social SDK. if you execute the page it always redirect you to the yahoo login window. After logged in i got "oauth_token" in the browser URL.

Can i use this oauth_token n number of times. So let say user have to logged in only once into the yahoo then whenever the user comes next time we will have the last "oauth_token" code with us and will directly get the members information.

Is it possible?

Or

what you can suggest me.



Regards,
Yogesh

This error means there was a problem with the SSL certificate while making the request. I'll see what I can do to investigate at this end.

It would help if you knew what version of Curl you are running and what Certificate authorities it recognizes.

Thanks,

Tom
Yahoo! Developer Network

This error means there was a problem with the SSL certificate while making the request. I'll see what I can do to investigate at this end.

It would help if you knew what version of Curl you are running and what Certificate authorities it recognizes.

Thanks,

Tom
Yahoo! Developer Network

This error means there was a problem with the SSL certificate while making the request. I'll see what I can do to investigate at this end.

It would help if you knew what version of Curl you are running and what Certificate authorities it recognizes.

Thanks,

Tom
Yahoo! Developer Network

This error means there was a problem with the SSL certificate while making the request. I'll see what I can do to investigate at this end.

It would help if you knew what version of Curl you are running and what Certificate authorities it recognizes.

Thanks,

Tom
Yahoo! Developer Network

This error means there was a problem with the SSL certificate while making the request. I'll see what I can do to investigate at this end.

It would help if you knew what version of Curl you are running and what Certificate authorities it recognizes.

Thanks,

Tom
Yahoo! Developer Network

Hi,

I've been playing with this and I'm waiting for some more information but I'm not convinced it's purely the CAs on your install.

Our CA is Equifax though.

Sorry this taking a while, I'll let you know when I have an update.

Thanks for your patience.

Tom

I am also encountering the same issue in my dev box. Please ping me in IM: manmadareddy , I can share my dev box details.

Is it possible using Javascript to perform Oauth using json for all the steps in the oauth authorization flow?
http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html

3-legged OAuth with JS is, in my experience, difficult, if not impossible, with the current Y! auth server configuration. To authenticate using JS from your server, you will need to make a cross-domain call. To do this, you will need to use an unorthodox request method. A dynamic script tag is the only feasible one I have found to date (the Yahoo! auth servers do not currently have an open crossdomain.xml file required for a flash proxy, and we don't have access to the servers for something like iframe proxy code). Unfortunately, we also do not define a callback parameter for the auth url, so the string containing the authentication parameters returned from the request call for the request token will not be wrapped in a function and instead it will be evaluated as invalid JS

All this and your application secret is still exposed as plain text in your code, so anyone can copy and use it to authenticate as your application

A much better approach is to perform authentication from your server. If you're using PHP, please check out the Y! PHP SDK, as it takes care of the 3-legged auth for you.

Hi bjliuqi,

I'm looking through the contact API docs and am not seeing documentation supporting "me" in a contact fetch URL: http://developer.yahoo.com/social/rest_api...s-resource.html. If I just missed it in the docs please let me know and we'll take additional steps. I wasn't able to collect my contacts either when trying this (same responses you received). What you can do is to specify the viewer guid itself (obtainable when you get a yahoo user session using something like $yahoo_user->guid). The code block I used to get a successful contacts request was something along these lines:

CODE

//initializes session and redirects user to Yahoo! to sign in and then authorize app
$yahoo_session = YahooSession::requireSession(API_KEY, SHARED_SECRET); 

//get currently logged in user
$yahoo_user = $yahoo_session->getSessionedUser();

$response = $yahoo_session->client->get('http://social.yahooapis.com/v1/user/'.$yahoo_user->guid.'/contacts');
if(is_null($response) || $response["code"] != 200) { echo "<h1>NOT FOUND</h1>"; }
$contactList = json_decode($response["responseBody"]);
var_dump($contactList);

Jon,

Thanks for your reply. The issue is that I can't get GUID now. Do you have a look at my smple codes I sent to your email? I got from Yahoo Document that we could get GUID via sending request: http://social.yahooapis.com/v1/me/guid. I am trying to do that using Java:

1. get request token.
2. launch authorization page in browser and let users to input user name & password to allow the application to access its private data, e.g, blog, connection, etc
3. exchange token to get access token
4. send request http://social.yahooapis.com/v1/me/guid to obtain user guid. -> Can't work.

It seems something wrong. Could you point out where it is?

As you mentioned below, we generally should obtain guid via Yahoo seesion, so i am confusing that in case I mention above we can't get some stuff about Yahoo session. How could we get guid via sending request http://social.yahooapis.com/v1/me/guid? For example, in step 2, I let two users to do authorization and both the users allow the application to access its data, how to deal this situation?

Hi bjliuqi,

I think the issue you are having is similar to one experienced by another developer, detailed here: http://developer.yahoo.net/forum/index.php?showtopic=321. At the bottom Brian lists off what his issue was. If that is not the issue you are experiencing please let us know (maybe with the full code sample you're using) and we'll look closer.

Jonathan LeBlanc
Senior Software Engineer
Yahoo! Developer Network

Hello, Jon,

I have seen the topic and it seems it's not the same issue. Could you ping me via My mail bjliuqi@yahoo.com. Thus I can send you the sample. Thanks.

The documentation for the Yahoo GUID (http://developer.yahoo.com/social/rest_api_guide/web-services-guids.html) says that a request for http://social.yahooapis.com/v1/me/guid will return the GUID of the person using the application. That isn't working for me, I just get a 404 back.

I am able to access the contacts and presence APIs. The /v1/me/guid API is the only one that fails for me. Any ideas about what I'm doing wrong?

Here's the HTTP request I'm sending:

GET /v1/me/guid?oauth_nonce=9400822300302665&oauth_timestamp=1226011627&oauth_consumer_key=dj0yJmk9MVRreVc0RkRpcks2JmQ9WVdrOVZGUnhNWE5STldVbWNHbzlOa
mc0TVRFek56WXgmcz1jb25zdW1lcnNlY3JldCZ4PTQw&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_token=A%3D.XuqK3Hajix1T2V4nEwaruC7fpfHuMPCVhE8Ap126HR6oLUdsddJVDroo.psyn3IPQodWjY41MWoLv
f4Yyr6nrV6aLMe1srGfeNRX7cErlQi4MdlTTSUcjRbOPfxnNa92fPSHU.u1folqZxMu63RhEPQVV8Y.l
H
A_ndliweGE06xajB7f0oyHSqbopULZJZxsbJlG9h4I7B33MRGiIYzblpstJWozxpLNc65BItyuWncL2K
H
bAl_aglZA5vL86OVyZTzX3gVHDpQnyNRdhaEwgop7uD_G7b9GvEhUDM3d3XyYvFJG_um36piRjQpXkFu
X
IebHYqW7jE.2jfeBxwTj6XG8N3YwN4H3l9dMjKTDCHxnTXRJPwdgmsOXZKvLGs4uWnY5KdGn09Y8XY7e
w
5YTygQh6wcpdu36gbbP.qk_xoCW37GOMW0JFhhRQwMmYo5kFc2W7hV62cSzu.9R2F9SuqS.4.A8TBfsu
7
8CmZ4HV_w8pt4ZluU_.GYdSvoaRtoeJbUNcgl5_ofRPz6jnUOvbZ0okWzLl5MYa27rdxjvaTRjbXvApq
B
YqqZyJdYMvxFfW9RuTKAcuLdwTG0Jk8t8sQAnwxv0dWcm3kFPXJz3XKfsr.hP9myfzvWLV6tSOM7M5CY
.
A600Uklwibs0zWRxtp85etYoxqf90aMnHUZRzaHiM_ih68J4WMnSAWw7Q--&oauth_signature=f7E1sClgphkt47vYzXRqG6LAgPU%3D HTTP/1.1

Accept-Encoding: identity

Host: social.yahooapis.com

Connection: close

Accept: *

User-agent: Python-urllib/2.4



Here's the response:

HTTP/1.1 404 Not Found

Date: Thu, 06 Nov 2008 22:47:07 GMT

Connection: close

Server: YTS/1.17.9

Cache-Control: no-store

Content-Type: text/html

Content-Language: en

Content-Length: 176



<HEAD><TITLE>Not Found</TITLE></HEAD>
<BODY BGCOLOR="white" FGCOLOR="black">
<FONT FACE="Helvetica,Arial"><B>
</B></FONT>

<!-- default "Not Found" response (404) -->
</BODY>
.

Oddly enough, the doc claims that query parameters should be accepted: http://developer.yahoo.com/oauth/guide/oau...ke-request.html

Any chance of getting the guid endpoint fixed to accept query parameters? I'm working on integrating Yahoo's OAuth APIs with Shindig so that opensocial gadgets can use the APIs. That's going to be tricky if there's no consistent place to send OAuth parameters.

Any update on this. Does any one have a C#/Java work around for this.

Correct me if I am wrong. After we get the access token, does the user guid get stored in Session? How do I access it without the SDK?

Thanks for pointing me towards how to get this working with the PHP SDK, a working example in any language helps a lot, I was able to find the problem.

The problem is that the /v1/me/guid URL does not like OAuth parameters in the query string, it only accepts them in the Authorization header. The other API endpoints accept query parameters.

Breaking it down:
request token and access token endpoints:
query string: OK
authorization header: NO

presence/contacts/profiles/updates:
query string: OK
authorization header: OK

guid:
query string: NO
authorization header: OK

This makes things a little tricky: there is no single place I can put OAuth parameters that all of Yahoo's endpoints will accept, instead I have to keep track of which endpoints are special.

The user guid is not stored in the session. It's returned using the xoauth_yahoo_guid parameter from the access token call. This is Yahoo's own extension and you would need to customize your oauth workflow to support adding it to your session.

so, i have this basic stuff working, and say i get a contact back with it's uri to the socialapi.

how do i call that via php to get the info for this contact? i keep getting invalid credentials when i try to access any socialapi uri's.

ie, http://social.yahooapis.com/v1/user/{guid is here}/contact/2

Hi rooster,

One of the ways you can collect user data on a specific contact is by using the PHP SDK methods themselves. If you're not using the SDK and are calling the raw URL's the collect user data you're going to have to set up your own 3-legged OAuth / Yahoo! user session to collect the data...much easier to use the SDK found here: http://developer.yahoo.com/social/sdk/. There is information at that link on how to set up the SDK and use its functionality.

The method within the SDK that you can use to get data for a specific user is "getUser($guid)". This method accepts one parameter, the guid of the user that you are trying to collect data for. I just ran a test against my contact id and was able to return a Yahoo user object containing my data. You could call this method using something like:

CODE

$session = YahooSession::requireSession($consumerKey, $consumerKeySecret);
$userData = $session->getUser('GUID');

$userData should now contain the data you need. Please let us know if you run into any issues along the way.

Jonathan LeBlanc
Senior Software Engineer
Yahoo! Developer Network

got it working. thanks!

btw, are there any social api's to "message" or use the notification system? i can use it fine in <yaml>, and YAP apps, but using OAuth, and the contacts/etc api's, is it possible to message a connection or even send an email? the connection object doesn't have a handle to the email or i'd just email as a fallback.