On 13 February 2015 at 00:45, Tiburtius, Ashwanth [IWD]
<ashwanth.tiburt...@iwd.iowa.gov> wrote:
> I got it to work without Oltu which is a bummer since I am using Oltu for
> other providers and it works great.
>
> For Yahoo, the user profile info can be obtained using this URL with the
> parameters:
>
> https://open.login.yahooapis.com/openid/op/auth?
> openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select
> &openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select
> &openid.mode=checkid_setup
> &openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
> &openid.realm=##Your Domain name - http://qwerq.org##
> &openid.return_to=##Your Return URL##
> &openid.ns.oauth=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Foauth%2F1.0
> &openid.oauth.consumer=##Consumer Key##
> &openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0
> &openid.ax.mode=fetch_request
> &openid.ax.required=email,fullname,nickname
> &openid.ax.type.email=http%3A%2F%2Faxschema.org%2Fcontact%2Femail
> &openid.ax.type.fullname=http%3A%2F%2Faxschema.org%2FnamePerson
> &openid.ax.type.nickname=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffriendly
>
>
> You can only get specific fields from a persons profile.
> In the Required field write the sregs property name (comma seperated) (like
> openid.ax.required=email,fullname,nickname)
> and then give the schema also (like
> openid.ax.type.email=http%3A%2F%2Faxschema.org%2Fcontact%2Femail)
>
> Rest parameters need not be changed except for giving your realm,Return Url
> and Consumer Key
>
> Microsoft wouldn’t send email ids in the profile response either. Have to
> work through that. If someone in the Oltu group has successfully retrieved
> user email ids from MS, please help me out. Really appreciate it.
Retrieving the email address from Microsoft requires the additional
scope wl.emails. In your code replace .setScope("wl.signin") with
.setScope("wl.signin,wl.emails")
>
> Thanks,
> Jude.
> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA 50319
> (515) 281-3378 | ashwanth.tiburt...@iwd.iowa.gov
>
>
> -----Original Message-----
> From: Tiburtius, Ashwanth [IWD] [mailto:ashwanth.tiburt...@iwd.iowa.gov]
> Sent: Thursday, February 12, 2015 5:25 PM
> To: user@oltu.apache.org; 'Jasha Joachimsthal'
> Cc: d...@oltu.apache.org
> Subject: RE: Yahoo user authentication using Oltu
>
> Hi,
>
> With Jasha's help, I was able to get through Yahoo OAuth api to get the
> profile information. But unfortunately, Yahoo doesn’t send email addresses in
> the profile information. Based on my research, it looks like we need to use
> Yahoo OpenID AX implementaion for this. It would be very helpful to know if
> Oltu provide support for this or if someone has used Oltu to get Yahoo email
> id after a user authenticates themselves.
>
> Really appreciate your time. Thank you.
>
> Regards,
> Jude.
> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA 50319
> (515) 281-3378 | ashwanth.tiburt...@iwd.iowa.gov
>
> -----Original Message-----
> From: Tiburtius, Ashwanth [IWD] [mailto:ashwanth.tiburt...@iwd.iowa.gov]
> Sent: Wednesday, January 14, 2015 1:52 PM
> To: user@oltu.apache.org
> Cc: d...@oltu.apache.org
> Subject: RE: Yahoo user authentication using Oltu
>
> That’s it. It worked. Wow!! After so many days. Thank you so much Jasha.
>
> Thanks,
> Jude.
> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA 50319
> (515) 281-3378 | ashwanth.tiburt...@iwd.iowa.gov
>
>
> -----Original Message-----
> From: Jasha Joachimsthal [mailto:ja...@apache.org]
> Sent: Wednesday, January 14, 2015 1:22 PM
> To: user@oltu.apache.org
> Cc: d...@oltu.apache.org
> Subject: Re: Yahoo user authentication using Oltu
>
> To get the Authorization location:
>
> return OAuthClientRequest
> .authorizationLocation("https://api.login.yahoo.com/oauth2/request_auth";)
> .setClientId(clientId)
> .setResponseType(OAuth.OAUTH_CODE)
> .setState(state)
> .setRedirectURI(redirectUri)
> .buildQueryMessage();
>
> The code for the access token and profile request are already in this thread.
>
> When configuring a new app there's a section "Access Scopes". I checked "This
> app requires access to private user data."
> The permission is "Social directory (Profiles)" and then the option "Read".
>
> Maybe you didn't check the correct scope to get profile data.
>
> Jasha
>
>
> On 13 January 2015 at 23:38, Tiburtius, Ashwanth [IWD]
> <ashwanth.tiburt...@iwd.iowa.gov> wrote:
>> Hi Jasha,
>>
>> I had been trying to get past the Yahoo authorization error but I am not
>> able to. I have tried many trial and error methods and I am getting one of 2
>> errors back and there is no documentation as to what those errors are. So I
>> am stuck. If you don’t mind, can you please send me the code where you get
>> authorization code from yahoo. It might help me identify my mistake. Thanks
>> in advance.
>>
>> Thanks,
>> Jude.
>> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
>> 50319
>> (515) 281-3378 | ashwanth.tiburt...@iwd.iowa.gov
>>
>>
>> -----Original Message-----
>> From: Jasha Joachimsthal [mailto:jas...@gmail.com]
>> Sent: Monday, January 12, 2015 11:24 PM
>> To: user@oltu.apache.org
>> Cc: d...@oltu.apache.org
>> Subject: Re: Yahoo user authentication using Oltu
>>
>> I'm sorry but I cannot help you with Yahoo's (undocumented) error codes. The
>> redirectURI should be a valid URI and now you only provide the hostname in
>> the request.
>> One other thing: never publish your consumer secret to the public.
>> It's a password that should only be known by you and the OAuth provider.
>>
>> On 12 January 2015 at 22:39, Tiburtius, Ashwanth [IWD]
>> <ashwanth.tiburt...@iwd.iowa.gov> wrote:
>>> Thank you again Jasha. It was very helpful. I am actually getting an error
>>> in the authorization part itself. Following are the details.
>>>
>>> Application:
>>> Consumer Key:
>>> dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc
>>> 3
>>> VtZXJzZWNyZXQmeD02ZA-- Consumer Secret:
>>> 443a42b6cb7e2a8472fa9f09ba6841599749c84b
>>> Application
>>> URL:http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml
>>> Callback Domain:devvm03.ia.wd.org
>>> Application ID: 5gZ0mz6o
>>>
>>> Request Url:
>>> https://api.login.yahoo.com/oauth2/request_auth?response_type=code&re
>>> d
>>> irect_uri=devvm03.ia.wd.org&language=en-us&client_id=dj0yJmk9VERKTlY3
>>> b
>>> GFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD
>>> 0
>>> 2ZA--
>>>
>>> Error: Oops. Yahoo is unable to process your request. We recommend
>>> that you contact the owner of the application or web site to resolve
>>> this issue. [95036]
>>>
>>> Java:
>>> request =
>>> OAuthClientRequest.authorizationLocation("https://api.login.yahoo.com/oauth2/request_auth";)
>>>
>>> .setClientId("dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02ZA--")
>>>
>>> .setResponseType(OAuth.OAUTH_CODE).setRedirectURI("devvm03.ia.wd.org")
>>> .setParameter("language", "en-us").buildQueryMessage();
>>>
>>> I see that I am missing something in the configuration and how the url is
>>> being built but I am not sure what it is. YDN forums say that call back url
>>> and the redirect url should match, so I have coded the way it is. I am
>>> getting the same error with a different error code even if I send "
>>> http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml"; as the
>>> redirect uri. When I created the app in YDN, the only option available was
>>> to enter the Application Url, I am not sure if it should be same as
>>> redirect url since I did not find a separate place to enter it.
>>>
>>> I have posted a question in YDN forum but if you or any other user could
>>> help me, I would appreciate it much. Thank you.
>>>
>>> P.S: "http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml"; is the
>>> correct redirect url.
>>>
>>> Thanks,
>>> Jude.
>>> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
>>> 50319
>>> (515) 281-3378 | ashwanth.tiburt...@iwd.iowa.gov
>>>
>>>
>>> -----Original Message-----
>>> From: Jasha Joachimsthal [mailto:ja...@apache.org]
>>> Sent: Friday, January 09, 2015 6:23 PM
>>> To: user@oltu.apache.org
>>> Cc: d...@oltu.apache.org
>>> Subject: Re: Yahoo user authentication using Oltu
>>>
>>> Hi,
>>>
>>> Yahoo supports the same authorization code flow as Google and
>>> Microsoft, but you cannot copy-paste the implementation dus to subtle
>>> differences. You can find the Yahoo documentation on [1]
>>>
>>> For Yahoo your callback uri must be accessible on port 80 or 443.
>>> Other ports are not accepted in the authorization flow and lead to error
>>> pages.
>>>
>>> When requesting an AccessToken, the clientId and clientSecret should be set
>>> in the Authorization header, while all other parameters must be in the
>>> request body. The AccessToken response contains the user id.
>>>
>>> final OAuthClientRequest oAuthClientRequest = OAuthClientRequest
>>> .tokenLocation("https://api.login.yahoo.com/oauth2/get_token";)
>>> .setGrantType(GrantType.AUTHORIZATION_CODE)
>>> .setRedirectURI(https://myapplication.example.com/callback)
>>> .setCode(code)
>>> .buildBodyMessage();
>>>
>>> final String up = clientId + ":" + clientSecret; final byte[] base64
>>> = Base64.encodeBase64(up.getBytes());
>>> String authorizationHeader = "Basic " + new String(base64);
>>> oAuthClientRequest.addHeader("Authorization",
>>> base64EncodedBasicAuthentication(idp));
>>>
>>> return getoAuthClient().accessToken(oAuthClientRequest);
>>>
>>>
>>> To get a user profile the access token must be sent via an http header:
>>>
>>> final String profileUrl =
>>> String.format("https://social.yahooapis.com/v1/user/%s/profile?format
>>> =
>>> json",
>>> yahooGuid);
>>> final OAuthClientRequest bearerClientRequest = new
>>> OAuthBearerClientRequest(profileUrl)
>>> .setAccessToken(oAuthAccessTokenResponse.getAccessToken())
>>> .buildHeaderMessage();
>>>
>>> return getoAuthClient().resource(bearerClientRequest,
>>> OAuth.HttpMethod.GET, OAuthResourceResponse.class);
>>>
>>>
>>> [1]
>>> https://developer.yahoo.com/oauth2/guide/#authorization-code-flow-for
>>> -
>>> server-side-apps
>>>
>>> Regards,
>>>
>>> Jasha
>>>
>>> On 9 January 2015 at 18:03, Tiburtius, Ashwanth [IWD]
>>> <ashwanth.tiburt...@iwd.iowa.gov> wrote:
>>>> Hi,
>>>>
>>>>
>>>>
>>>> I am doing a poc to use Apache Oltu to authenticate Google,
>>>> Microsoft and Yahoo users. Oltu works great for Google and Microsoft
>>>> user authentication but I am not sure if I can use it for Yahoo as well.
>>>> Yahoo seems to have a different process compared to other content
>>>> providers like Google where you setup your application as a client
>>>> and get the client id and client secret, and use those to
>>>> authenticate a yourself and the resource owner but Yahoo seems to be
>>>> handling this differently. Has anyone tried to authenticate a Yahoo user
>>>> using Oltu?
>>>> Any help in this regard would be awesome. Thank you for your response and
>>>> your time.
>>>>
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Jude.
>>>>
>>>> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
>>>> 50319
>>>>
>>>> (515) 281-3378 | ashwanth.tiburt...@iwd.iowa.gov
>>>>
>>>>
