@Shanika, The sample request I had given previously was for id_token. For authorization code, the request is below which worked for me when invoking manually.
https://api.login.yahoo.com/oauth2/request_auth?client_id=dj0yJmk9OFZNWktjalhFSjlsJmQ9WVdrOWVISmhZamxqTjJVbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02OA--&response_type=code&redirect_uri=https%3A%2F%2Fis.wso2.com&scope=openid&nonce=YihsFwGKgt3KJUh6tPs2 Thanks, TharinduE On Fri, Dec 15, 2017 at 8:50 AM, Tharindu Edirisinghe <[email protected]> wrote: > +Dimuthu as it seems there's a bug in Yahoo federated authenticator. > > On Fri, Dec 15, 2017 at 8:46 AM, Tharindu Edirisinghe <[email protected]> > wrote: > >> Hi Shanika, >> >> I manually invoked the authorize endpoint of Yahoo and following request >> worked for me. >> >> https://api.login.yahoo.com/oauth2/request_auth?client_id=dj >> 0yJmk9OFZNWktjalhFSjlsJmQ9WVdrOWVISmhZamxqTjJVbWNHbzlNQS0tJn >> M9Y29uc3VtZXJzZWNyZXQmeD02OA--&response_type=id_token&redire >> ct_uri=https%3A%2F%2Fis.wso2.com&scope=openid&nonce=YihsFwGKgt3KJUh6tPs2 >> >> As per my observations, Yahoo is validating the redirect_uri value and if >> we define the callback domain as "is.wso2.com", then the redirect_uri >> value must be either "http://is.wso2.com"; or "https://is.wso2.com";, but >> nothing else. >> >> When saving the callback domain as localhost, it didn't allow me, so I >> used is.wso2.com as above. >> >> When comes to the Yahoo connector, in the authorize request, the *scope* >> parameter is not being sent. That should be a bug. Also, we need to send >> *nonce* parameter too, which is required as per [1]. Without nonce, even >> the above request I've given won't work. >> >> It seems we have to check more on the validations done on redirect_uri / >> callback domain parameter from yahoo end. Because, in the yahoo app UI, >> callback domain is listed as an optional parameter. However, if we create >> an app without giving the callback domain value, that also doesn't work. >> >> [1] https://developer.yahoo.com/oauth2/guide/openid_connect/gett >> ing_started.html#getting-started-auth-code >> >> Thanks, >> TharinduE >> >> On Fri, Dec 15, 2017 at 1:04 AM, Shanika Wickramasinghe < >> [email protected]> wrote: >> >>> Hi TharinduE, >>> >>> In Yahoo side configuration I didnt observe a place to give the callback >>> URL( https://localhost:9443/commonauth). It asks only for a callback >>> Domain where we can input localhost or another domain. [1] >>> >>> [1]. claimapp-yahoo.png >>> >>> >>> Thanks, >>> >>> Shanika >>> >>> >>> >>> >>> On Thu, Dec 14, 2017 at 8:51 PM, Tharindu Edirisinghe < >>> [email protected]> wrote: >>> >>>> Hi Shanika, >>>> >>>> Can you show the Yahoo side configuration too. It seems Identity Server >>>> is invoking the authorize endpoint of Yahoo. Without checking the Yahoo >>>> side's config, we can't identify what causes the problem here. >>>> >>>> Thanks, >>>> TharinduE >>>> >>>> On Thu, Dec 14, 2017 at 12:43 AM, Shanika Wickramasinghe < >>>> [email protected]> wrote: >>>> >>>>> I am working with configuring Yahoo as a IDP using Federated >>>>> authenticator Yahoo Configuration. Steps that I followed are as below. >>>>> >>>>> Run Standalone IS 5.4.0 GA pack >>>>> Configure Travelocity as a Service Provider using SAML SSO >>>>> Configure a Yahoo app as in [1] and take the client ID and the client >>>>> secret [2] [3] >>>>> Input them under federated authenticator > yahoo configuration >>>>> Configure yahoo IDP as a Federated authenticator for Service provider >>>>> Access http://localhost:8080/travelocity.com >>>>> Click on SAML redirect Binding >>>>> Provide Yahoo login details >>>>> Error message will be shown as in [4] >>>>> >>>>> Appreciate any clarification related to this issue >>>>> >>>>> >>>>> [1]. https://docs.wso2.com/display/IS540/Configuring+Yahoo >>>>> >>>>> [2]. yahoo-config1.png >>>>> >>>>> [3]. yahoo-config2.png >>>>> >>>>> [4]. yahoo.png >>>>> >>>>> Thank You, >>>>> Shanika. >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Shanika Wickramasinghe* >>>>> Software Engineer - QA Team >>>>> >>>>> Email : [email protected] >>>>> Mobile : +94713503563 <+94%2071%20350%203563> >>>>> Web : http://wso2.com >>>>> >>>>> <http://wso2.com/signature> >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Tharindu Edirisinghe >>>> Senior Software Engineer | WSO2 Inc >>>> Platform Security Team >>>> Blog : http://tharindue.blogspot.com >>>> mobile : +94 775181586 <+94%2077%20518%201586> >>>> >>> >>> >>> >>> -- >>> *Shanika Wickramasinghe* >>> Software Engineer - QA Team >>> >>> Email : [email protected] >>> Mobile : +94713503563 <+94%2071%20350%203563> >>> Web : http://wso2.com >>> >>> <http://wso2.com/signature> >>> >> >> >> >> -- >> >> Tharindu Edirisinghe >> Senior Software Engineer | WSO2 Inc >> Platform Security Team >> Blog : http://tharindue.blogspot.com >> mobile : +94 775181586 <+94%2077%20518%201586> >> > > > > -- > > Tharindu Edirisinghe > Senior Software Engineer | WSO2 Inc > Platform Security Team > Blog : http://tharindue.blogspot.com > mobile : +94 775181586 <+94%2077%20518%201586> > -- Tharindu Edirisinghe Senior Software Engineer | WSO2 Inc Platform Security Team Blog : http://tharindue.blogspot.com mobile : +94 775181586
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
