Authentication and Authorization with Yahoo!

Yahoo!'s commitment to open standards includes our support for industry-standard protocols for authentication (sign-in) and authorization (access control). Yahoo! Developer Network offers easy ways for developers to use OpenID to authenticate users and OAuth to control access to protected data. Yahoo! also supports the OpenID-OAuth Hybrid Protocol, which combines OpenID authentication with OAuth authorization in a single interface.

Authentication with OpenID

Yahoo supports OpenID 2.0, which lets you develop a simplified login experience for your users. Rather than having to create a unique user name and password for your website, users can now use an existing user name and password that they have created elsewhere, including Yahoo!. We have enabled our 300 million registered users as OpenID accounts. Learn More

Authorization with OAuth

OAuth is a secure and quick way to publish and access private data, such as contact lists and updates. It's an open authorization model based primarily on existing standards that ensures secure credentials can be provisioned and verified by different software platforms. OAuth is the industry-standard authorization method and is used on YDN platforms including YAP, YQL and the Consumer Key API. Learn More

Hybrid Protocol for Authentication and Authorization

The OpenID-OAuth Hybrid Protocol eases the way for the hundreds of millions of Yahoo! users to sign into websites with a Yahoo! account, and to enable two-way data sharing of social data like Updates and Contacts, without having to register a new site-specific account or share their Yahoo! password. The Hybrid Protocol signs in your users using OpenID and then authorizes them through OAuth.

In the past, this would have been two operations, but the Hybrid protocol combines both operations into one call. From a user's perspective, the Hybrid protocol combines sign-in and access control into a pop-up based single interface. This makes OpenID easier to use and much more powerful.

The Hybrid Protocol is YDN's recommended method for authenticating users and authorizing data access. It is also the basis for Connect, our new social 3rd party sign-in service (coming soon).

Hybrid Protocol blog post

OpenID + OAuth Hybrid documentation

Authorization with BBAuth

Browser-Based Authentication (BBAuth) supports access-control and single sign-on (SSO), but has been superseded by the OpenID-OAuth Hybrid Protocol. Yahoo! continues to support existing applications that use BBAuth, but we are not committed to maintaining the same level of support in the long term. We strongly recommend that you use the Hybrid Protocol. Learn More