MrSwitch/hello.js

Yahoo via OAuth2

Open

#192 opened on Feb 4, 2015

View on GitHub
 (30 comments) (0 reactions) (0 assignees)JavaScript (4,630 stars) (557 forks)batch import
good first issue

Description

Hi,

I have done it myself for Yahoo via its new OAuth2 (https://developer.yahoo.com/oauth2/guide/#implicit-grant-flow-for-client-side-apps).

The Authentication is working just fine, and can get you the access token. However, the Contact API is not working as Yahoo server is not returning the correct Access-Control-Allow-Origin header cause the browser to block the Cross-Origin xhr call.

So the only solution was to take the Access Token and follow the rest via CURL (where it works just fine).

CONCEPTS:

  1. Creating API Access keys from Yahoo.com will require you to insert .com in your localhost. So make a vhost that has .com

  2. Yahoo's OAuth server will not accept such large URL and hence return an error the details of which are not so listed anywhere. So except for state>callback parameter, rest all are passed to the processing page via Session and reinserted into hello.js upon successful authentication.

Contributor guide

Tech stack
javascript
Domain
authenticationapi
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-2 days
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
mostly clear
Prerequisites
understanding of OAuth2 implicit grant flowfamiliarity with hello.js library
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
45
Research direction
The issue requests adding Yahoo OAuth2 support to hello.js. The user describes an implicit grant flow and a CORS workaround. To implement, examine existing provider implementations in the codebase (e.g., src/providers/ directory) and adapt the Yahoo OAuth2 endpoints. Key considerations include handling the callback URL length issue and CORS restrictions. The maintainer should clarify if a proxy is acceptable or if a direct OAuth2 flow is required.