You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@oltu.apache.org by "Tiburtius, Ashwanth [IWD]" <As...@iwd.iowa.gov> on 2015/02/13 00:24:42 UTC
RE: Yahoo user authentication using Oltu
Hi,
With Jasha's help, I was able to get through Yahoo OAuth api to get the profile information. But unfortunately, Yahoo doesn’t send email addresses in the profile information. Based on my research, it looks like we need to use Yahoo OpenID AX implementaion for this. It would be very helpful to know if Oltu provide support for this or if someone has used Oltu to get Yahoo email id after a user authenticates themselves.
Really appreciate your time. Thank you.
Regards,
Jude.
Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA 50319
(515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
-----Original Message-----
From: Tiburtius, Ashwanth [IWD] [mailto:Ashwanth.Tiburtius@iwd.iowa.gov]
Sent: Wednesday, January 14, 2015 1:52 PM
To: user@oltu.apache.org
Cc: dev@oltu.apache.org
Subject: RE: Yahoo user authentication using Oltu
That’s it. It worked. Wow!! After so many days. Thank you so much Jasha.
Thanks,
Jude.
Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA 50319
(515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
-----Original Message-----
From: Jasha Joachimsthal [mailto:jasha@apache.org]
Sent: Wednesday, January 14, 2015 1:22 PM
To: user@oltu.apache.org
Cc: dev@oltu.apache.org
Subject: Re: Yahoo user authentication using Oltu
To get the Authorization location:
return OAuthClientRequest
.authorizationLocation("https://api.login.yahoo.com/oauth2/request_auth")
.setClientId(clientId)
.setResponseType(OAuth.OAUTH_CODE)
.setState(state)
.setRedirectURI(redirectUri)
.buildQueryMessage();
The code for the access token and profile request are already in this thread.
When configuring a new app there's a section "Access Scopes". I checked "This app requires access to private user data."
The permission is "Social directory (Profiles)" and then the option "Read".
Maybe you didn't check the correct scope to get profile data.
Jasha
On 13 January 2015 at 23:38, Tiburtius, Ashwanth [IWD] <As...@iwd.iowa.gov> wrote:
> Hi Jasha,
>
> I had been trying to get past the Yahoo authorization error but I am not able to. I have tried many trial and error methods and I am getting one of 2 errors back and there is no documentation as to what those errors are. So I am stuck. If you don’t mind, can you please send me the code where you get authorization code from yahoo. It might help me identify my mistake. Thanks in advance.
>
> Thanks,
> Jude.
> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
> 50319
> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>
>
> -----Original Message-----
> From: Jasha Joachimsthal [mailto:jashaj@gmail.com]
> Sent: Monday, January 12, 2015 11:24 PM
> To: user@oltu.apache.org
> Cc: dev@oltu.apache.org
> Subject: Re: Yahoo user authentication using Oltu
>
> I'm sorry but I cannot help you with Yahoo's (undocumented) error codes. The redirectURI should be a valid URI and now you only provide the hostname in the request.
> One other thing: never publish your consumer secret to the public.
> It's a password that should only be known by you and the OAuth provider.
>
> On 12 January 2015 at 22:39, Tiburtius, Ashwanth [IWD] <As...@iwd.iowa.gov> wrote:
>> Thank you again Jasha. It was very helpful. I am actually getting an error in the authorization part itself. Following are the details.
>>
>> Application:
>> Consumer Key:
>> dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc
>> 3
>> VtZXJzZWNyZXQmeD02ZA-- Consumer Secret:
>> 443a42b6cb7e2a8472fa9f09ba6841599749c84b
>> Application
>> URL:http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml
>> Callback Domain:devvm03.ia.wd.org
>> Application ID: 5gZ0mz6o
>>
>> Request Url:
>> https://api.login.yahoo.com/oauth2/request_auth?response_type=code&re
>> d
>> irect_uri=devvm03.ia.wd.org&language=en-us&client_id=dj0yJmk9VERKTlY3
>> b
>> GFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD
>> 0
>> 2ZA--
>>
>> Error: Oops. Yahoo is unable to process your request. We recommend
>> that you contact the owner of the application or web site to resolve
>> this issue. [95036]
>>
>> Java:
>> request = OAuthClientRequest.authorizationLocation("https://api.login.yahoo.com/oauth2/request_auth")
>> .setClientId("dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02ZA--")
>> .setResponseType(OAuth.OAUTH_CODE).setRedirectURI("devvm03.ia.wd.org")
>> .setParameter("language", "en-us").buildQueryMessage();
>>
>> I see that I am missing something in the configuration and how the url is being built but I am not sure what it is. YDN forums say that call back url and the redirect url should match, so I have coded the way it is. I am getting the same error with a different error code even if I send " http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml" as the redirect uri. When I created the app in YDN, the only option available was to enter the Application Url, I am not sure if it should be same as redirect url since I did not find a separate place to enter it.
>>
>> I have posted a question in YDN forum but if you or any other user could help me, I would appreciate it much. Thank you.
>>
>> P.S: "http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml" is the correct redirect url.
>>
>> Thanks,
>> Jude.
>> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
>> 50319
>> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>>
>>
>> -----Original Message-----
>> From: Jasha Joachimsthal [mailto:jasha@apache.org]
>> Sent: Friday, January 09, 2015 6:23 PM
>> To: user@oltu.apache.org
>> Cc: dev@oltu.apache.org
>> Subject: Re: Yahoo user authentication using Oltu
>>
>> Hi,
>>
>> Yahoo supports the same authorization code flow as Google and
>> Microsoft, but you cannot copy-paste the implementation dus to subtle
>> differences. You can find the Yahoo documentation on [1]
>>
>> For Yahoo your callback uri must be accessible on port 80 or 443.
>> Other ports are not accepted in the authorization flow and lead to error pages.
>>
>> When requesting an AccessToken, the clientId and clientSecret should be set in the Authorization header, while all other parameters must be in the request body. The AccessToken response contains the user id.
>>
>> final OAuthClientRequest oAuthClientRequest = OAuthClientRequest
>> .tokenLocation("https://api.login.yahoo.com/oauth2/get_token")
>> .setGrantType(GrantType.AUTHORIZATION_CODE)
>> .setRedirectURI(https://myapplication.example.com/callback)
>> .setCode(code)
>> .buildBodyMessage();
>>
>> final String up = clientId + ":" + clientSecret; final byte[] base64
>> = Base64.encodeBase64(up.getBytes());
>> String authorizationHeader = "Basic " + new String(base64);
>> oAuthClientRequest.addHeader("Authorization",
>> base64EncodedBasicAuthentication(idp));
>>
>> return getoAuthClient().accessToken(oAuthClientRequest);
>>
>>
>> To get a user profile the access token must be sent via an http header:
>>
>> final String profileUrl =
>> String.format("https://social.yahooapis.com/v1/user/%s/profile?format
>> =
>> json",
>> yahooGuid);
>> final OAuthClientRequest bearerClientRequest = new
>> OAuthBearerClientRequest(profileUrl)
>> .setAccessToken(oAuthAccessTokenResponse.getAccessToken())
>> .buildHeaderMessage();
>>
>> return getoAuthClient().resource(bearerClientRequest,
>> OAuth.HttpMethod.GET, OAuthResourceResponse.class);
>>
>>
>> [1]
>> https://developer.yahoo.com/oauth2/guide/#authorization-code-flow-for
>> -
>> server-side-apps
>>
>> Regards,
>>
>> Jasha
>>
>> On 9 January 2015 at 18:03, Tiburtius, Ashwanth [IWD] <As...@iwd.iowa.gov> wrote:
>>> Hi,
>>>
>>>
>>>
>>> I am doing a poc to use Apache Oltu to authenticate Google,
>>> Microsoft and Yahoo users. Oltu works great for Google and Microsoft
>>> user authentication but I am not sure if I can use it for Yahoo as well.
>>> Yahoo seems to have a different process compared to other content
>>> providers like Google where you setup your application as a client
>>> and get the client id and client secret, and use those to
>>> authenticate a yourself and the resource owner but Yahoo seems to be
>>> handling this differently. Has anyone tried to authenticate a Yahoo user using Oltu?
>>> Any help in this regard would be awesome. Thank you for your response and your time.
>>>
>>>
>>>
>>> Thanks,
>>>
>>> Jude.
>>>
>>> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
>>> 50319
>>>
>>> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>>>
>>>
Re: Yahoo user authentication using Oltu
Posted by Jasha Joachimsthal <ja...@apache.org>.
On 13 February 2015 at 00:24, Tiburtius, Ashwanth [IWD]
<As...@iwd.iowa.gov> wrote:
> Hi,
>
> With Jasha's help, I was able to get through Yahoo OAuth api to get the profile information. But unfortunately, Yahoo doesn’t send email addresses in the profile information. Based on my research, it looks like we need to use Yahoo OpenID AX implementaion for this. It would be very helpful to know if Oltu provide support for this or if someone has used Oltu to get Yahoo email id after a user authenticates themselves.
>
> Really appreciate your time. Thank you.
You've probably configured your App permissions for "Social Directory
(Profiles)" and then "Read" which only provides public information.
Switch to "Read/Write Public and Private" and you get the email
addresses in the profile. You get a new client id and client secret
from Yahoo! because they implicitly link their clientId to the scopes
(permissions).
Jasha
>
> Regards,
> Jude.
> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA 50319
> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>
> -----Original Message-----
> From: Tiburtius, Ashwanth [IWD] [mailto:Ashwanth.Tiburtius@iwd.iowa.gov]
> Sent: Wednesday, January 14, 2015 1:52 PM
> To: user@oltu.apache.org
> Cc: dev@oltu.apache.org
> Subject: RE: Yahoo user authentication using Oltu
>
> That’s it. It worked. Wow!! After so many days. Thank you so much Jasha.
>
> Thanks,
> Jude.
> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA 50319
> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>
>
> -----Original Message-----
> From: Jasha Joachimsthal [mailto:jasha@apache.org]
> Sent: Wednesday, January 14, 2015 1:22 PM
> To: user@oltu.apache.org
> Cc: dev@oltu.apache.org
> Subject: Re: Yahoo user authentication using Oltu
>
> To get the Authorization location:
>
> return OAuthClientRequest
> .authorizationLocation("https://api.login.yahoo.com/oauth2/request_auth")
> .setClientId(clientId)
> .setResponseType(OAuth.OAUTH_CODE)
> .setState(state)
> .setRedirectURI(redirectUri)
> .buildQueryMessage();
>
> The code for the access token and profile request are already in this thread.
>
> When configuring a new app there's a section "Access Scopes". I checked "This app requires access to private user data."
> The permission is "Social directory (Profiles)" and then the option "Read".
>
> Maybe you didn't check the correct scope to get profile data.
>
> Jasha
>
>
> On 13 January 2015 at 23:38, Tiburtius, Ashwanth [IWD] <As...@iwd.iowa.gov> wrote:
>> Hi Jasha,
>>
>> I had been trying to get past the Yahoo authorization error but I am not able to. I have tried many trial and error methods and I am getting one of 2 errors back and there is no documentation as to what those errors are. So I am stuck. If you don’t mind, can you please send me the code where you get authorization code from yahoo. It might help me identify my mistake. Thanks in advance.
>>
>> Thanks,
>> Jude.
>> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
>> 50319
>> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>>
>>
>> -----Original Message-----
>> From: Jasha Joachimsthal [mailto:jashaj@gmail.com]
>> Sent: Monday, January 12, 2015 11:24 PM
>> To: user@oltu.apache.org
>> Cc: dev@oltu.apache.org
>> Subject: Re: Yahoo user authentication using Oltu
>>
>> I'm sorry but I cannot help you with Yahoo's (undocumented) error codes. The redirectURI should be a valid URI and now you only provide the hostname in the request.
>> One other thing: never publish your consumer secret to the public.
>> It's a password that should only be known by you and the OAuth provider.
>>
>> On 12 January 2015 at 22:39, Tiburtius, Ashwanth [IWD] <As...@iwd.iowa.gov> wrote:
>>> Thank you again Jasha. It was very helpful. I am actually getting an error in the authorization part itself. Following are the details.
>>>
>>> Application:
>>> Consumer Key:
>>> dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc
>>> 3
>>> VtZXJzZWNyZXQmeD02ZA-- Consumer Secret:
>>> 443a42b6cb7e2a8472fa9f09ba6841599749c84b
>>> Application
>>> URL:http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml
>>> Callback Domain:devvm03.ia.wd.org
>>> Application ID: 5gZ0mz6o
>>>
>>> Request Url:
>>> https://api.login.yahoo.com/oauth2/request_auth?response_type=code&re
>>> d
>>> irect_uri=devvm03.ia.wd.org&language=en-us&client_id=dj0yJmk9VERKTlY3
>>> b
>>> GFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD
>>> 0
>>> 2ZA--
>>>
>>> Error: Oops. Yahoo is unable to process your request. We recommend
>>> that you contact the owner of the application or web site to resolve
>>> this issue. [95036]
>>>
>>> Java:
>>> request = OAuthClientRequest.authorizationLocation("https://api.login.yahoo.com/oauth2/request_auth")
>>> .setClientId("dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02ZA--")
>>> .setResponseType(OAuth.OAUTH_CODE).setRedirectURI("devvm03.ia.wd.org")
>>> .setParameter("language", "en-us").buildQueryMessage();
>>>
>>> I see that I am missing something in the configuration and how the url is being built but I am not sure what it is. YDN forums say that call back url and the redirect url should match, so I have coded the way it is. I am getting the same error with a different error code even if I send " http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml" as the redirect uri. When I created the app in YDN, the only option available was to enter the Application Url, I am not sure if it should be same as redirect url since I did not find a separate place to enter it.
>>>
>>> I have posted a question in YDN forum but if you or any other user could help me, I would appreciate it much. Thank you.
>>>
>>> P.S: "http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml" is the correct redirect url.
>>>
>>> Thanks,
>>> Jude.
>>> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
>>> 50319
>>> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>>>
>>>
>>> -----Original Message-----
>>> From: Jasha Joachimsthal [mailto:jasha@apache.org]
>>> Sent: Friday, January 09, 2015 6:23 PM
>>> To: user@oltu.apache.org
>>> Cc: dev@oltu.apache.org
>>> Subject: Re: Yahoo user authentication using Oltu
>>>
>>> Hi,
>>>
>>> Yahoo supports the same authorization code flow as Google and
>>> Microsoft, but you cannot copy-paste the implementation dus to subtle
>>> differences. You can find the Yahoo documentation on [1]
>>>
>>> For Yahoo your callback uri must be accessible on port 80 or 443.
>>> Other ports are not accepted in the authorization flow and lead to error pages.
>>>
>>> When requesting an AccessToken, the clientId and clientSecret should be set in the Authorization header, while all other parameters must be in the request body. The AccessToken response contains the user id.
>>>
>>> final OAuthClientRequest oAuthClientRequest = OAuthClientRequest
>>> .tokenLocation("https://api.login.yahoo.com/oauth2/get_token")
>>> .setGrantType(GrantType.AUTHORIZATION_CODE)
>>> .setRedirectURI(https://myapplication.example.com/callback)
>>> .setCode(code)
>>> .buildBodyMessage();
>>>
>>> final String up = clientId + ":" + clientSecret; final byte[] base64
>>> = Base64.encodeBase64(up.getBytes());
>>> String authorizationHeader = "Basic " + new String(base64);
>>> oAuthClientRequest.addHeader("Authorization",
>>> base64EncodedBasicAuthentication(idp));
>>>
>>> return getoAuthClient().accessToken(oAuthClientRequest);
>>>
>>>
>>> To get a user profile the access token must be sent via an http header:
>>>
>>> final String profileUrl =
>>> String.format("https://social.yahooapis.com/v1/user/%s/profile?format
>>> =
>>> json",
>>> yahooGuid);
>>> final OAuthClientRequest bearerClientRequest = new
>>> OAuthBearerClientRequest(profileUrl)
>>> .setAccessToken(oAuthAccessTokenResponse.getAccessToken())
>>> .buildHeaderMessage();
>>>
>>> return getoAuthClient().resource(bearerClientRequest,
>>> OAuth.HttpMethod.GET, OAuthResourceResponse.class);
>>>
>>>
>>> [1]
>>> https://developer.yahoo.com/oauth2/guide/#authorization-code-flow-for
>>> -
>>> server-side-apps
>>>
>>> Regards,
>>>
>>> Jasha
>>>
>>> On 9 January 2015 at 18:03, Tiburtius, Ashwanth [IWD] <As...@iwd.iowa.gov> wrote:
>>>> Hi,
>>>>
>>>>
>>>>
>>>> I am doing a poc to use Apache Oltu to authenticate Google,
>>>> Microsoft and Yahoo users. Oltu works great for Google and Microsoft
>>>> user authentication but I am not sure if I can use it for Yahoo as well.
>>>> Yahoo seems to have a different process compared to other content
>>>> providers like Google where you setup your application as a client
>>>> and get the client id and client secret, and use those to
>>>> authenticate a yourself and the resource owner but Yahoo seems to be
>>>> handling this differently. Has anyone tried to authenticate a Yahoo user using Oltu?
>>>> Any help in this regard would be awesome. Thank you for your response and your time.
>>>>
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Jude.
>>>>
>>>> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
>>>> 50319
>>>>
>>>> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>>>>
>>>>
Re: Yahoo user authentication using Oltu
Posted by Jasha Joachimsthal <ja...@apache.org>.
On 13 February 2015 at 00:45, Tiburtius, Ashwanth [IWD]
<As...@iwd.iowa.gov> wrote:
> I got it to work without Oltu which is a bummer since I am using Oltu for other providers and it works great.
>
> For Yahoo, the user profile info can be obtained using this URL with the parameters:
>
> https://open.login.yahooapis.com/openid/op/auth?
> openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select
> &openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select
> &openid.mode=checkid_setup
> &openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
> &openid.realm=##Your Domain name - http://qwerq.org##
> &openid.return_to=##Your Return URL##
> &openid.ns.oauth=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Foauth%2F1.0
> &openid.oauth.consumer=##Consumer Key##
> &openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0
> &openid.ax.mode=fetch_request
> &openid.ax.required=email,fullname,nickname
> &openid.ax.type.email=http%3A%2F%2Faxschema.org%2Fcontact%2Femail
> &openid.ax.type.fullname=http%3A%2F%2Faxschema.org%2FnamePerson
> &openid.ax.type.nickname=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffriendly
>
>
> You can only get specific fields from a persons profile.
> In the Required field write the sregs property name (comma seperated) (like openid.ax.required=email,fullname,nickname)
> and then give the schema also (like openid.ax.type.email=http%3A%2F%2Faxschema.org%2Fcontact%2Femail)
>
> Rest parameters need not be changed except for giving your realm,Return Url and Consumer Key
>
> Microsoft wouldn’t send email ids in the profile response either. Have to work through that. If someone in the Oltu group has successfully retrieved user email ids from MS, please help me out. Really appreciate it.
Retrieving the email address from Microsoft requires the additional
scope wl.emails. In your code replace .setScope("wl.signin") with
.setScope("wl.signin,wl.emails")
>
> Thanks,
> Jude.
> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA 50319
> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>
>
> -----Original Message-----
> From: Tiburtius, Ashwanth [IWD] [mailto:Ashwanth.Tiburtius@iwd.iowa.gov]
> Sent: Thursday, February 12, 2015 5:25 PM
> To: user@oltu.apache.org; 'Jasha Joachimsthal'
> Cc: dev@oltu.apache.org
> Subject: RE: Yahoo user authentication using Oltu
>
> Hi,
>
> With Jasha's help, I was able to get through Yahoo OAuth api to get the profile information. But unfortunately, Yahoo doesn’t send email addresses in the profile information. Based on my research, it looks like we need to use Yahoo OpenID AX implementaion for this. It would be very helpful to know if Oltu provide support for this or if someone has used Oltu to get Yahoo email id after a user authenticates themselves.
>
> Really appreciate your time. Thank you.
>
> Regards,
> Jude.
> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA 50319
> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>
> -----Original Message-----
> From: Tiburtius, Ashwanth [IWD] [mailto:Ashwanth.Tiburtius@iwd.iowa.gov]
> Sent: Wednesday, January 14, 2015 1:52 PM
> To: user@oltu.apache.org
> Cc: dev@oltu.apache.org
> Subject: RE: Yahoo user authentication using Oltu
>
> That’s it. It worked. Wow!! After so many days. Thank you so much Jasha.
>
> Thanks,
> Jude.
> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA 50319
> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>
>
> -----Original Message-----
> From: Jasha Joachimsthal [mailto:jasha@apache.org]
> Sent: Wednesday, January 14, 2015 1:22 PM
> To: user@oltu.apache.org
> Cc: dev@oltu.apache.org
> Subject: Re: Yahoo user authentication using Oltu
>
> To get the Authorization location:
>
> return OAuthClientRequest
> .authorizationLocation("https://api.login.yahoo.com/oauth2/request_auth")
> .setClientId(clientId)
> .setResponseType(OAuth.OAUTH_CODE)
> .setState(state)
> .setRedirectURI(redirectUri)
> .buildQueryMessage();
>
> The code for the access token and profile request are already in this thread.
>
> When configuring a new app there's a section "Access Scopes". I checked "This app requires access to private user data."
> The permission is "Social directory (Profiles)" and then the option "Read".
>
> Maybe you didn't check the correct scope to get profile data.
>
> Jasha
>
>
> On 13 January 2015 at 23:38, Tiburtius, Ashwanth [IWD] <As...@iwd.iowa.gov> wrote:
>> Hi Jasha,
>>
>> I had been trying to get past the Yahoo authorization error but I am not able to. I have tried many trial and error methods and I am getting one of 2 errors back and there is no documentation as to what those errors are. So I am stuck. If you don’t mind, can you please send me the code where you get authorization code from yahoo. It might help me identify my mistake. Thanks in advance.
>>
>> Thanks,
>> Jude.
>> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
>> 50319
>> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>>
>>
>> -----Original Message-----
>> From: Jasha Joachimsthal [mailto:jashaj@gmail.com]
>> Sent: Monday, January 12, 2015 11:24 PM
>> To: user@oltu.apache.org
>> Cc: dev@oltu.apache.org
>> Subject: Re: Yahoo user authentication using Oltu
>>
>> I'm sorry but I cannot help you with Yahoo's (undocumented) error codes. The redirectURI should be a valid URI and now you only provide the hostname in the request.
>> One other thing: never publish your consumer secret to the public.
>> It's a password that should only be known by you and the OAuth provider.
>>
>> On 12 January 2015 at 22:39, Tiburtius, Ashwanth [IWD] <As...@iwd.iowa.gov> wrote:
>>> Thank you again Jasha. It was very helpful. I am actually getting an error in the authorization part itself. Following are the details.
>>>
>>> Application:
>>> Consumer Key:
>>> dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc
>>> 3
>>> VtZXJzZWNyZXQmeD02ZA-- Consumer Secret:
>>> 443a42b6cb7e2a8472fa9f09ba6841599749c84b
>>> Application
>>> URL:http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml
>>> Callback Domain:devvm03.ia.wd.org
>>> Application ID: 5gZ0mz6o
>>>
>>> Request Url:
>>> https://api.login.yahoo.com/oauth2/request_auth?response_type=code&re
>>> d
>>> irect_uri=devvm03.ia.wd.org&language=en-us&client_id=dj0yJmk9VERKTlY3
>>> b
>>> GFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD
>>> 0
>>> 2ZA--
>>>
>>> Error: Oops. Yahoo is unable to process your request. We recommend
>>> that you contact the owner of the application or web site to resolve
>>> this issue. [95036]
>>>
>>> Java:
>>> request = OAuthClientRequest.authorizationLocation("https://api.login.yahoo.com/oauth2/request_auth")
>>> .setClientId("dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02ZA--")
>>> .setResponseType(OAuth.OAUTH_CODE).setRedirectURI("devvm03.ia.wd.org")
>>> .setParameter("language", "en-us").buildQueryMessage();
>>>
>>> I see that I am missing something in the configuration and how the url is being built but I am not sure what it is. YDN forums say that call back url and the redirect url should match, so I have coded the way it is. I am getting the same error with a different error code even if I send " http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml" as the redirect uri. When I created the app in YDN, the only option available was to enter the Application Url, I am not sure if it should be same as redirect url since I did not find a separate place to enter it.
>>>
>>> I have posted a question in YDN forum but if you or any other user could help me, I would appreciate it much. Thank you.
>>>
>>> P.S: "http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml" is the correct redirect url.
>>>
>>> Thanks,
>>> Jude.
>>> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
>>> 50319
>>> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>>>
>>>
>>> -----Original Message-----
>>> From: Jasha Joachimsthal [mailto:jasha@apache.org]
>>> Sent: Friday, January 09, 2015 6:23 PM
>>> To: user@oltu.apache.org
>>> Cc: dev@oltu.apache.org
>>> Subject: Re: Yahoo user authentication using Oltu
>>>
>>> Hi,
>>>
>>> Yahoo supports the same authorization code flow as Google and
>>> Microsoft, but you cannot copy-paste the implementation dus to subtle
>>> differences. You can find the Yahoo documentation on [1]
>>>
>>> For Yahoo your callback uri must be accessible on port 80 or 443.
>>> Other ports are not accepted in the authorization flow and lead to error pages.
>>>
>>> When requesting an AccessToken, the clientId and clientSecret should be set in the Authorization header, while all other parameters must be in the request body. The AccessToken response contains the user id.
>>>
>>> final OAuthClientRequest oAuthClientRequest = OAuthClientRequest
>>> .tokenLocation("https://api.login.yahoo.com/oauth2/get_token")
>>> .setGrantType(GrantType.AUTHORIZATION_CODE)
>>> .setRedirectURI(https://myapplication.example.com/callback)
>>> .setCode(code)
>>> .buildBodyMessage();
>>>
>>> final String up = clientId + ":" + clientSecret; final byte[] base64
>>> = Base64.encodeBase64(up.getBytes());
>>> String authorizationHeader = "Basic " + new String(base64);
>>> oAuthClientRequest.addHeader("Authorization",
>>> base64EncodedBasicAuthentication(idp));
>>>
>>> return getoAuthClient().accessToken(oAuthClientRequest);
>>>
>>>
>>> To get a user profile the access token must be sent via an http header:
>>>
>>> final String profileUrl =
>>> String.format("https://social.yahooapis.com/v1/user/%s/profile?format
>>> =
>>> json",
>>> yahooGuid);
>>> final OAuthClientRequest bearerClientRequest = new
>>> OAuthBearerClientRequest(profileUrl)
>>> .setAccessToken(oAuthAccessTokenResponse.getAccessToken())
>>> .buildHeaderMessage();
>>>
>>> return getoAuthClient().resource(bearerClientRequest,
>>> OAuth.HttpMethod.GET, OAuthResourceResponse.class);
>>>
>>>
>>> [1]
>>> https://developer.yahoo.com/oauth2/guide/#authorization-code-flow-for
>>> -
>>> server-side-apps
>>>
>>> Regards,
>>>
>>> Jasha
>>>
>>> On 9 January 2015 at 18:03, Tiburtius, Ashwanth [IWD] <As...@iwd.iowa.gov> wrote:
>>>> Hi,
>>>>
>>>>
>>>>
>>>> I am doing a poc to use Apache Oltu to authenticate Google,
>>>> Microsoft and Yahoo users. Oltu works great for Google and Microsoft
>>>> user authentication but I am not sure if I can use it for Yahoo as well.
>>>> Yahoo seems to have a different process compared to other content
>>>> providers like Google where you setup your application as a client
>>>> and get the client id and client secret, and use those to
>>>> authenticate a yourself and the resource owner but Yahoo seems to be
>>>> handling this differently. Has anyone tried to authenticate a Yahoo user using Oltu?
>>>> Any help in this regard would be awesome. Thank you for your response and your time.
>>>>
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Jude.
>>>>
>>>> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
>>>> 50319
>>>>
>>>> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>>>>
>>>>
RE: Yahoo user authentication using Oltu
Posted by "Tiburtius, Ashwanth [IWD]" <As...@iwd.iowa.gov>.
I got it to work without Oltu which is a bummer since I am using Oltu for other providers and it works great.
For Yahoo, the user profile info can be obtained using this URL with the parameters:
https://open.login.yahooapis.com/openid/op/auth?
openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select
&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select
&openid.mode=checkid_setup
&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
&openid.realm=##Your Domain name - http://qwerq.org##
&openid.return_to=##Your Return URL##
&openid.ns.oauth=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Foauth%2F1.0
&openid.oauth.consumer=##Consumer Key##
&openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0
&openid.ax.mode=fetch_request
&openid.ax.required=email,fullname,nickname
&openid.ax.type.email=http%3A%2F%2Faxschema.org%2Fcontact%2Femail
&openid.ax.type.fullname=http%3A%2F%2Faxschema.org%2FnamePerson
&openid.ax.type.nickname=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffriendly
You can only get specific fields from a persons profile.
In the Required field write the sregs property name (comma seperated) (like openid.ax.required=email,fullname,nickname)
and then give the schema also (like openid.ax.type.email=http%3A%2F%2Faxschema.org%2Fcontact%2Femail)
Rest parameters need not be changed except for giving your realm,Return Url and Consumer Key
Microsoft wouldn’t send email ids in the profile response either. Have to work through that. If someone in the Oltu group has successfully retrieved user email ids from MS, please help me out. Really appreciate it.
Thanks,
Jude.
Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA 50319
(515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
-----Original Message-----
From: Tiburtius, Ashwanth [IWD] [mailto:Ashwanth.Tiburtius@iwd.iowa.gov]
Sent: Thursday, February 12, 2015 5:25 PM
To: user@oltu.apache.org; 'Jasha Joachimsthal'
Cc: dev@oltu.apache.org
Subject: RE: Yahoo user authentication using Oltu
Hi,
With Jasha's help, I was able to get through Yahoo OAuth api to get the profile information. But unfortunately, Yahoo doesn’t send email addresses in the profile information. Based on my research, it looks like we need to use Yahoo OpenID AX implementaion for this. It would be very helpful to know if Oltu provide support for this or if someone has used Oltu to get Yahoo email id after a user authenticates themselves.
Really appreciate your time. Thank you.
Regards,
Jude.
Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA 50319
(515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
-----Original Message-----
From: Tiburtius, Ashwanth [IWD] [mailto:Ashwanth.Tiburtius@iwd.iowa.gov]
Sent: Wednesday, January 14, 2015 1:52 PM
To: user@oltu.apache.org
Cc: dev@oltu.apache.org
Subject: RE: Yahoo user authentication using Oltu
That’s it. It worked. Wow!! After so many days. Thank you so much Jasha.
Thanks,
Jude.
Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA 50319
(515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
-----Original Message-----
From: Jasha Joachimsthal [mailto:jasha@apache.org]
Sent: Wednesday, January 14, 2015 1:22 PM
To: user@oltu.apache.org
Cc: dev@oltu.apache.org
Subject: Re: Yahoo user authentication using Oltu
To get the Authorization location:
return OAuthClientRequest
.authorizationLocation("https://api.login.yahoo.com/oauth2/request_auth")
.setClientId(clientId)
.setResponseType(OAuth.OAUTH_CODE)
.setState(state)
.setRedirectURI(redirectUri)
.buildQueryMessage();
The code for the access token and profile request are already in this thread.
When configuring a new app there's a section "Access Scopes". I checked "This app requires access to private user data."
The permission is "Social directory (Profiles)" and then the option "Read".
Maybe you didn't check the correct scope to get profile data.
Jasha
On 13 January 2015 at 23:38, Tiburtius, Ashwanth [IWD] <As...@iwd.iowa.gov> wrote:
> Hi Jasha,
>
> I had been trying to get past the Yahoo authorization error but I am not able to. I have tried many trial and error methods and I am getting one of 2 errors back and there is no documentation as to what those errors are. So I am stuck. If you don’t mind, can you please send me the code where you get authorization code from yahoo. It might help me identify my mistake. Thanks in advance.
>
> Thanks,
> Jude.
> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
> 50319
> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>
>
> -----Original Message-----
> From: Jasha Joachimsthal [mailto:jashaj@gmail.com]
> Sent: Monday, January 12, 2015 11:24 PM
> To: user@oltu.apache.org
> Cc: dev@oltu.apache.org
> Subject: Re: Yahoo user authentication using Oltu
>
> I'm sorry but I cannot help you with Yahoo's (undocumented) error codes. The redirectURI should be a valid URI and now you only provide the hostname in the request.
> One other thing: never publish your consumer secret to the public.
> It's a password that should only be known by you and the OAuth provider.
>
> On 12 January 2015 at 22:39, Tiburtius, Ashwanth [IWD] <As...@iwd.iowa.gov> wrote:
>> Thank you again Jasha. It was very helpful. I am actually getting an error in the authorization part itself. Following are the details.
>>
>> Application:
>> Consumer Key:
>> dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc
>> 3
>> VtZXJzZWNyZXQmeD02ZA-- Consumer Secret:
>> 443a42b6cb7e2a8472fa9f09ba6841599749c84b
>> Application
>> URL:http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml
>> Callback Domain:devvm03.ia.wd.org
>> Application ID: 5gZ0mz6o
>>
>> Request Url:
>> https://api.login.yahoo.com/oauth2/request_auth?response_type=code&re
>> d
>> irect_uri=devvm03.ia.wd.org&language=en-us&client_id=dj0yJmk9VERKTlY3
>> b
>> GFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD
>> 0
>> 2ZA--
>>
>> Error: Oops. Yahoo is unable to process your request. We recommend
>> that you contact the owner of the application or web site to resolve
>> this issue. [95036]
>>
>> Java:
>> request = OAuthClientRequest.authorizationLocation("https://api.login.yahoo.com/oauth2/request_auth")
>> .setClientId("dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02ZA--")
>> .setResponseType(OAuth.OAUTH_CODE).setRedirectURI("devvm03.ia.wd.org")
>> .setParameter("language", "en-us").buildQueryMessage();
>>
>> I see that I am missing something in the configuration and how the url is being built but I am not sure what it is. YDN forums say that call back url and the redirect url should match, so I have coded the way it is. I am getting the same error with a different error code even if I send " http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml" as the redirect uri. When I created the app in YDN, the only option available was to enter the Application Url, I am not sure if it should be same as redirect url since I did not find a separate place to enter it.
>>
>> I have posted a question in YDN forum but if you or any other user could help me, I would appreciate it much. Thank you.
>>
>> P.S: "http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml" is the correct redirect url.
>>
>> Thanks,
>> Jude.
>> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
>> 50319
>> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>>
>>
>> -----Original Message-----
>> From: Jasha Joachimsthal [mailto:jasha@apache.org]
>> Sent: Friday, January 09, 2015 6:23 PM
>> To: user@oltu.apache.org
>> Cc: dev@oltu.apache.org
>> Subject: Re: Yahoo user authentication using Oltu
>>
>> Hi,
>>
>> Yahoo supports the same authorization code flow as Google and
>> Microsoft, but you cannot copy-paste the implementation dus to subtle
>> differences. You can find the Yahoo documentation on [1]
>>
>> For Yahoo your callback uri must be accessible on port 80 or 443.
>> Other ports are not accepted in the authorization flow and lead to error pages.
>>
>> When requesting an AccessToken, the clientId and clientSecret should be set in the Authorization header, while all other parameters must be in the request body. The AccessToken response contains the user id.
>>
>> final OAuthClientRequest oAuthClientRequest = OAuthClientRequest
>> .tokenLocation("https://api.login.yahoo.com/oauth2/get_token")
>> .setGrantType(GrantType.AUTHORIZATION_CODE)
>> .setRedirectURI(https://myapplication.example.com/callback)
>> .setCode(code)
>> .buildBodyMessage();
>>
>> final String up = clientId + ":" + clientSecret; final byte[] base64
>> = Base64.encodeBase64(up.getBytes());
>> String authorizationHeader = "Basic " + new String(base64);
>> oAuthClientRequest.addHeader("Authorization",
>> base64EncodedBasicAuthentication(idp));
>>
>> return getoAuthClient().accessToken(oAuthClientRequest);
>>
>>
>> To get a user profile the access token must be sent via an http header:
>>
>> final String profileUrl =
>> String.format("https://social.yahooapis.com/v1/user/%s/profile?format
>> =
>> json",
>> yahooGuid);
>> final OAuthClientRequest bearerClientRequest = new
>> OAuthBearerClientRequest(profileUrl)
>> .setAccessToken(oAuthAccessTokenResponse.getAccessToken())
>> .buildHeaderMessage();
>>
>> return getoAuthClient().resource(bearerClientRequest,
>> OAuth.HttpMethod.GET, OAuthResourceResponse.class);
>>
>>
>> [1]
>> https://developer.yahoo.com/oauth2/guide/#authorization-code-flow-for
>> -
>> server-side-apps
>>
>> Regards,
>>
>> Jasha
>>
>> On 9 January 2015 at 18:03, Tiburtius, Ashwanth [IWD] <As...@iwd.iowa.gov> wrote:
>>> Hi,
>>>
>>>
>>>
>>> I am doing a poc to use Apache Oltu to authenticate Google,
>>> Microsoft and Yahoo users. Oltu works great for Google and Microsoft
>>> user authentication but I am not sure if I can use it for Yahoo as well.
>>> Yahoo seems to have a different process compared to other content
>>> providers like Google where you setup your application as a client
>>> and get the client id and client secret, and use those to
>>> authenticate a yourself and the resource owner but Yahoo seems to be
>>> handling this differently. Has anyone tried to authenticate a Yahoo user using Oltu?
>>> Any help in this regard would be awesome. Thank you for your response and your time.
>>>
>>>
>>>
>>> Thanks,
>>>
>>> Jude.
>>>
>>> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
>>> 50319
>>>
>>> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>>>
>>>