I'm sorry but I cannot help you with Yahoo's (undocumented) error codes. The redirectURI should be a valid URI and now you only provide the hostname in the request. One other thing: never publish your consumer secret to the public. It's a password that should only be known by you and the OAuth provider.
On 12 January 2015 at 22:39, Tiburtius, Ashwanth [IWD] <ashwanth.tiburt...@iwd.iowa.gov> wrote: > Thank you again Jasha. It was very helpful. I am actually getting an error in > the authorization part itself. Following are the details. > > Application: > Consumer Key: > dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02ZA-- > Consumer Secret: 443a42b6cb7e2a8472fa9f09ba6841599749c84b > Application URL:http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml > Callback Domain:devvm03.ia.wd.org > Application ID: 5gZ0mz6o > > Request Url: > https://api.login.yahoo.com/oauth2/request_auth?response_type=code&redirect_uri=devvm03.ia.wd.org&language=en-us&client_id=dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02ZA-- > > Error: Oops. Yahoo is unable to process your request. We recommend that you > contact the owner of the application or web site to resolve this issue. > [95036] > > Java: > request = > OAuthClientRequest.authorizationLocation("https://api.login.yahoo.com/oauth2/request_auth";) > > .setClientId("dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02ZA--") > .setResponseType(OAuth.OAUTH_CODE).setRedirectURI("devvm03.ia.wd.org") > .setParameter("language", "en-us").buildQueryMessage(); > > I see that I am missing something in the configuration and how the url is > being built but I am not sure what it is. YDN forums say that call back url > and the redirect url should match, so I have coded the way it is. I am > getting the same error with a different error code even if I send " > http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml"; as the > redirect uri. When I created the app in YDN, the only option available was to > enter the Application Url, I am not sure if it should be same as redirect url > since I did not find a separate place to enter it. > > I have posted a question in YDN forum but if you or any other user could help > me, I would appreciate it much. Thank you. > > P.S: "http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml"; is the > correct redirect url. > > Thanks, > Jude. > Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA 50319 > (515) 281-3378 | ashwanth.tiburt...@iwd.iowa.gov > > > -----Original Message----- > From: Jasha Joachimsthal [mailto:ja...@apache.org] > Sent: Friday, January 09, 2015 6:23 PM > To: u...@oltu.apache.org > Cc: dev@oltu.apache.org > Subject: Re: Yahoo user authentication using Oltu > > Hi, > > Yahoo supports the same authorization code flow as Google and Microsoft, but > you cannot copy-paste the implementation dus to subtle differences. You can > find the Yahoo documentation on [1] > > For Yahoo your callback uri must be accessible on port 80 or 443. > Other ports are not accepted in the authorization flow and lead to error > pages. > > When requesting an AccessToken, the clientId and clientSecret should be set > in the Authorization header, while all other parameters must be in the > request body. The AccessToken response contains the user id. > > final OAuthClientRequest oAuthClientRequest = OAuthClientRequest > .tokenLocation("https://api.login.yahoo.com/oauth2/get_token";) > .setGrantType(GrantType.AUTHORIZATION_CODE) > .setRedirectURI(https://myapplication.example.com/callback) > .setCode(code) > .buildBodyMessage(); > > final String up = clientId + ":" + clientSecret; final byte[] base64 = > Base64.encodeBase64(up.getBytes()); > String authorizationHeader = "Basic " + new String(base64); > oAuthClientRequest.addHeader("Authorization", > base64EncodedBasicAuthentication(idp)); > > return getoAuthClient().accessToken(oAuthClientRequest); > > > To get a user profile the access token must be sent via an http header: > > final String profileUrl = > String.format("https://social.yahooapis.com/v1/user/%s/profile?format=json";, > yahooGuid); > final OAuthClientRequest bearerClientRequest = new > OAuthBearerClientRequest(profileUrl) > .setAccessToken(oAuthAccessTokenResponse.getAccessToken()) > .buildHeaderMessage(); > > return getoAuthClient().resource(bearerClientRequest, > OAuth.HttpMethod.GET, OAuthResourceResponse.class); > > > [1] > https://developer.yahoo.com/oauth2/guide/#authorization-code-flow-for-server-side-apps > > Regards, > > Jasha > > On 9 January 2015 at 18:03, Tiburtius, Ashwanth [IWD] > <ashwanth.tiburt...@iwd.iowa.gov> wrote: >> Hi, >> >> >> >> I am doing a poc to use Apache Oltu to authenticate Google, Microsoft >> and Yahoo users. Oltu works great for Google and Microsoft user >> authentication but I am not sure if I can use it for Yahoo as well. >> Yahoo seems to have a different process compared to other content >> providers like Google where you setup your application as a client and >> get the client id and client secret, and use those to authenticate a >> yourself and the resource owner but Yahoo seems to be handling this >> differently. Has anyone tried to authenticate a Yahoo user using Oltu? >> Any help in this regard would be awesome. Thank you for your response and >> your time. >> >> >> >> Thanks, >> >> Jude. >> >> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA >> 50319 >> >> (515) 281-3378 | ashwanth.tiburt...@iwd.iowa.gov >> >>
