OAuth Authentication Model

Welcome, guest Sign In

My Projects
APIs & Web Services
- Address Book
- APT
- BBAuth
- BOSS
- delicious
- Fire Eagle™
- Flickr
- Hadoop
- GeoPlanet™
- HotJobs
- Mail
- Maps
- Music
- MyBlogLog
- OAuth
- OpenID
- Pipes
- Search
- Search Marketing
- SearchMonkey
- Social
- Shopping
- YAP
- YQL
- Finance
- Traffic
- Weather
- More RSS Feeds
- Search
- Mobile
- Konfabulator
- r3
- YUI Home
- Widgets
- Utilities
- CSS
Resources
- ASTRA Library
- Design Pattern Library
- YUI Library
- Exceptional Performance
- Security Best Practices
Community
- Flickr Support Group
- Maps Developer Community
- YUI Discussion Group
- More…
- Browse Gallery
- List Your App
- Become a Partner
Support
- FAQs
- Contact Us
- Groups & Forums
- YDN Blog
- YDN Theater

YDN OAuth

OAuth Authentication Model

OAuth is a simple, secure, and quick way to publish and access protected data (photos, videos, contact list). It's an open authentication model based primarily on existing standards that ensures secure credentials can be provisioned and verified by different software platforms.

In other words, OAuth allows you to share your private resources stored on one site with another site without having to hand out your user name and password.

For a visitor to your site, OAuth is completely transparent. The user experience will be specific to the implementation of both the site requesting access and the one storing the resources, and will adjust to the device being used (web browser, mobile phone, PDA, set-top box).

Example user flow:

A developer has created an application which will allow his users to represent their presence using the Yahoo! Status web service. Once the developer signs up for an OAuth API Key and Secret (provided by Yahoo!), they may access Yahoo's OAuth API to establish the credentials used to access this data from Yahoo! Status. When a user interacts with the developer's application, they are redirected to Yahoo's authentication page, where they sign into their Yahoo! account, then grant the application access to their Yahoo! Status data. A user-authorized token is returned to the application which can be used to access this data.

How Do I Get Started?

Get an API Key
Read the online documentation
Get our PHP SDK or Flash SDK (optional)

Using the API or Web Service

Overview

For an illustration of the OAuth authentication flow, check out the Yahoo! OAuth Quick Start Guide.

In order to communicate with their target user's Yahoo services through OAuth, developers must first authenticate requests using Yahoo! OAuth.

Here are the steps you take to enable users to access your application:

Sign Up and Get your API Key
Get a Request Token
Get User Approval
Exchange the Request Token for an Access Token

Support and Community

Questions and suggestions on the OAuth API are discussed on the Yahoo! OAuth Developer Community forum. If you have questions or need technical support, please use this forum.

Terms of Use

Use of the Yahoo! OAuth API is governed by the Yahoo! APIs Terms of Use.

The OAuth Standard

Yahoo!'s OAuth implementation is fully compliant with OAuth Core 1.0 and the OAuth Session Extension draft (1). In order to support OAuth in a scalable way, Yahoo! proposed and helped create the OAuth Session Extension together with AOL and Google. The extension is currently being added to all the major OAuth client libraries as well as the Y!OS SDK. For more information on the standard, visit: http://oauth.net/.