ydn-auth : Messages : 704-733 of 733

Hi Ricardo:

Hope you have gotten past this.

Verified your signature generation function. It looks
OK.

Regards,
-Ravi



--- In ydn-auth@yahoogroups.com, Ricardo Scattini <rscattini@...> wrote:
>
> Hi:
>
> I'm developing an app in PHP to import contacts from Yahoo API
> throughout BBAuth.
> I followed carefully all the steps to generate/make the
> Signature.
>
> The user can login successfully and yahoo redirects to my
> entrypoint with the token on the GET. When I want to "get credentials" yahoo
response:
> "Signature mismatch"...
>
> the timestamp is correctly. the secret and the
> appid too.
>
>
> [...]
> private $authURL =
"https://api.login.yahoo.com/WSLogin/V1/wspwtoken_login?appid=%s&ts=%d&token=%s&\
sig=%s";
>
> private $authSIG = "/WSLogin/V1/wspwtoken_login?appid=%s&token=%s&ts=%d";
>
> private function generateAuthURL($ts = '') {
>     if($ts == '') $ts = $this->getTs();
>     return
sprintf($this->authURL,$this->appId,$ts,$this->token,$this->generateAuthSIG($ts)\
);
>   }
>
>   private function generateAuthSIG($ts) {
>     $unhashed =
sprintf($this->authSIG,$this->appId,$_GET['token'],$ts).$this->secret;
>     $hash =
>  md5($unhashed);
>     return $hash;
>   }
> [...]
>
> When I try to do (after the user login):
>
> header("Location: ".$this->generateAuthURL($_GET['ts'] );
>
>
> Yahoo retrives a : "SIGNATURE MISMATCH"
>
> I don't know what to do!
>
> Tnks!
>
>
>       Yahoo! Cocina
>
> Registrate y cargá tu receta. Podés ganar premios.
>
> www.promorecetas.com
>

#732

From: Demon GAMERS <demongamers@...>
Date: Wed Sep 9, 2009 3:07 pm
Subject: Re: Developer Registration Questions

demongamers

Offline

Hiya,

Wrong place indeed to post this; you need to make your own thread rather than posting in mine...

But I can help you with these issues all teh same to save you sometime :)

I'm pretty sure that you don't need BBAuth for this as the Yahoo! Maps API is public, meaning it does not require access to Yahoo! users' personal information.

BBAuth (and the other authentication mechanisms available (OAuth, Open), are for use when you have a website that logs a user into Yahoo and then retrieves their personal account information for use on their website. Yahoo Maps is public which means that you can use it without needing to login to Yahoo... therefore you shouldn't require BBAuth for this.

You need only sign up for a generic (public) AppID and you can then use that to make calls to the public Maps! web service via a SOAP object if you're using PHP, or via whatever request mechanism in the language of your choice. The documentation for the Maps API can be found from here http://developer.yahoo.com/maps/

Yahoo provide an SDK with usable beginners code etc.

If you do find that you require BBAuth after all, then the endpoint URL is merely the URL (this is what you see in your browser address bar) that you want yahoo to direct your users' back to once they have logged in. For example, your user might start on your blog page, be redirected to the Yahoo BBAuth Login page on which they would enter their login details and login to Yahoo... Yahoo would then redirect them back to your endpoint URL which in your case would be your blog page again. (http://name. reslight. net/).

I hope this is helpful and good luck :)

Tim.

Courtesy of

Admin
Demon Gamers,
DMU LAN & Console Gaming Society
www.demongamers.co.uk
demontfort-social.oncampus.net/lanandinternet

From: reslight <rday888@...>
To: ydn-auth@yahoogroups.com
Sent: Monday, 7 September, 2009 3:45:03
Subject: [ydn-auth] Developer Registration Questions

I am not sure if this is where I should be asking this, but I am almost totally lost as to what I am supposed to be doing, and the instructions seem to be assuming that I know a lot that I do not know.

I am trying to set up whatever I am supposed to set up get Yahoo to read the sitemaps on my Wordpress blogs on my sites. I am using Google XML Sitemaps plugin with the link provided through which I am supposed to obtain a "key" that I need from Yahoo. The link provided with the Wordpress plugin takes me to the form for "Developer Registration" , but I still have little idea as to what I am supposed to do.

Here is one of my blogs for an example:
http://name. reslight. net/

I do not know what is the difference between Generic and Browser-Based Authentication and don't know which I should choose.

I do not know what is the end point URL is that I am supposed to supply; where I am supposed to get this URL from?

Ron

#731

From: "tnbt.developer" <tnbt.developer@...>
Date: Wed Sep 2, 2009 11:00 am
Subject: User's Yahoo! account information in a third party email client. BBAUTH

tnbt.developer

Offline

HI, I am able to auhtenticate the user with BBAUTH and I am getting users
contact list too. How I can fetch user's Yahoo! account information in a third
party email client.

Like logged in yahoo users email id.

Thanks in advance.

#730

From: "demongamers" <demongamers@...>
Date: Sun Aug 30, 2009 3:40 am
Subject: Re: Using APIs for Single Login?

demongamers

Offline

--- In ydn-auth@yahoogroups.com, "demongamers" <demongamers@...> wrote:
>
> Hi,
>
> I wish to have my website simply login to the yahoo mail account for the my
organisation so as to retrieve our address book and keep the details of the
website users synchronised with the details in the yahoo address book.
>
> I don't want to have visitors to the site login to their own Yahoo account, I
simply want the site to automatically connect to a single account, the
credentials for which are obviously known by the website and can be hard-coded.
>
> All the authentication mechanisms I can find in the docs appear to only deal
with applications where each visitor to a site logs into his/her own Yahoo
account. Am I missing something... Is it possible to have my site merely connect
to the Address Book API and/or Mail Service for a single, known account, without
having to have a login page or such like?
>
> Many thanks,
> Tim Morgan.
>

ps. I'm aware I could probably hack together the login page form details for
OAuth or BBAuth (if the key creation facility was working) and spoof an end-user
request in the background for the same user every time... but it seems pretty
silly to do so

#729

From: "DiGI" <digipetest@...>
Date: Tue Oct 6, 2009 1:09 pm
Subject: unable to determine aouth type

digipetest

Offline

Hi,
i wrote the following class in java for getting contacts. I am using BBauth.
public class GetAllContactsTest extends AbstractTestCase{
	 final Logger LOGGER = LoggerFactory.getLogger(GetAllContactsTest.class);
	 String appid ="Wwuo87zIkY2QgCjTbxJIEmmv_SF3pGlJfcw-";
	 String wssid = "aQ4NwuFa.dN";
	 //String cookie =
"Y=3hxmZLR_7aO93vNxNcAPYfNPt6W9c5Vk97zSvV2e8H1Rn_uS0IpexYhZKdlA1unz3IU22qJydp9rt\
.Z4iNAvZdUGCFvZuvs3AKI1nydgMwwcb_9g2qeqUkwWZbH_B.aVzpvMDy9sTzZB5kb3CDQV2UILgR9yw\
.OlKxON56EI.p36daf1Yr4UcPlaeMPNjSR3aRKxPTP6P6kp4s4RtgaqxsTApW5lDRpSSGy_Ag4C0nLRd\
dwV2NRmPuaBZPPxLK7FbjJZ0X0bwx7ZsCWJa2ccL2EWYlq6LGgMW.CDVEU0GLjvO7U4iZIUa45.hlEhk\
RQhlVfzgMiabIegN21NBIfpeX6p.B7ReMaY9SRTRpVIaAtrFdSkWQQvNHCpBJ7idHbzKM1Gh_rP.VJX3\
xbW7SKpX7FX01CLjZaxZq65FMlVwyb.8SUrYDCrpzFmMRGyCf8fuBtL1P_e2fgJ8fYBc_P0SAxSutj4E\
w4YuqSfjId8cDV94M1R1Jf4z7MoCAeJFSAF84IgqnNoI5QhK3ZipS5XujSRkIEN9hPutGnG8Y4r7iWpo\
cglduvMDg_aGyHjQD3XiuDftg--";
	 String cookie =
"Y=3hxmZLR_7aO93vNxNcAPYfNPt6W9c5Vk97zSvV2e8H1Rn_uS0IpexYhZKdlA1unz3IU22qJydp9rt\
.Z4iNAvZdUGCFvZuvs3AKI1nydgMwwcb_9g2qeqUkwWZbH_B.aVzpvMDy9sTzZB5kb3CDQV2UILgR9yw\
.OlKxON56EI.p36daf1Yr4UcPlaeMPNjSR3aRKxPTP6P6kp4s4RtgaqxsTApW5lDRpSSGy_Ag4C0nLRd\
dwV2NRmPuaBZPPxLK7FbjJZ0X0bwx7ZsCWJa2ccL2EWYlq6LGgMW.CDVEU0GLjvO7U4iZIUa45.hlEhk\
RQhlVfzgMiabIegN21NBIfpeX6p.B7ReMaY9SRTRpVIaAtrFdSkWQQvNHCpBJ7idHbzKM1Gh_rP.VJX3\
xbW7SKpX7FX01CLjZaxZq65FMlVwyb.8SUrYDCrpzFmMRGyCf8fuBtL1P_e2fgJ8fYBc_P0SAxSutj4E\
w4YuqSfjId8cDV94M1R1Jf4z7MoCAeJFSAF84IgqnNoI5QhK3ZipS5XujSRkIEN9hPutGnG8Y4r7iWpo\
cglduvMDg_aGyHjQD3XiuDftg--";
	 String userHash = "uuB9.tNxY.ucl_6ayCGDTZY-";

	 public GetAllContactsTest(String name) {
		 super(name);
	 }

	 public void setUp() throws Exception{
		 super.setUp();
	 }

	 public void testAllContact() throws Exception{
		 HttpMethod method=null;
		 try{

			 String uri
="http://social.yahooapis.com/v1/user/"+userHash+"/contacts?count=max&appid="+ap\
pid+"&WSSID="+wssid;
			 HttpClient client = new HttpClient();
			 method = new GetMethod(uri);
			 Header hCookie = new Header("Cookie:", cookie);
			 Header accept = new Header("Accept","*");
			 Header contentType = new Header("Content-Type", "application/xml;
charset=utf-8");
			 Header pragma = new Header("Pragma", "No-Cache");
			 method.addRequestHeader(hCookie);
			 method.addRequestHeader(accept);
			 method.addRequestHeader(contentType);
			 //method.addRequestHeader(pragma);
			 method.getParams().setParameter(HttpMethodParams.RETRY_HANDLER,
		    		 new DefaultHttpMethodRetryHandler(3, false));
		     int statusCode = client.executeMethod(method);

		     if (statusCode != HttpStatus.SC_OK) {
		    	 //fail("Can not get the Contacts Stream: "+method.getStatusLine());
		     }
		     //byte[] responseBody = method.getResponseBody();
		     InputStream responseStream = method.getResponseBodyAsStream();
		     BufferedReader bufReader = new BufferedReader( new
InputStreamReader(responseStream));
		     String stResponseBody = "",oneLine=null;
		     while((oneLine=bufReader.readLine())!=null)
		    	 stResponseBody = stResponseBody + oneLine +"\n";
		     LOGGER.debug("==================The response body is=====");
		     LOGGER.debug(stResponseBody);
		     LOGGER.debug("==================End of response body=====");


		 }catch(Exception e){
			 LOGGER.debug("An exception has occured: "+e.toString());
			 fail("An exception has occured: "+e.toString());
		 }finally{
			 method.releaseConnection();
		 }
	 }

}

The response i get is the following:

15:08:52,772 WARN  [HttpMethodDirector] Unable to respond to any of these
challenges: {oauth=OAuth oauth_problem="unable_to_determine_oauth_type",
realm="yahooapis.com"}
15:08:52,772 DEBUG [GetAllContactsTest] ==================The response body
is=====
15:08:52,772 DEBUG [GetAllContactsTest] <?xml version='1.0' encoding='UTF-8'?>
<yahoo:error xmlns:yahoo='http://yahooapis.com/v1/base.rng'
   xml:lang='en-US'>
   <yahoo:description>Please provide valid credentials. OAuth
oauth_problem="unable_to_determine_oauth_type",
realm="yahooapis.com"</yahoo:description>
</yahoo:error>
<!-- ws107.socdir.ch1.yahoo.com uncompressed/chunked Tue Oct  6 06:06:32 PDT
2009 -->

15:08:52,772 DEBUG [GetAllContactsTest] ==================End of response
body=====

Could someone please let me know what might be wrong?

Many thanks in advance
Faisal

#728

From: "digipetest" <digipetest@...>
Date: Fri Sep 11, 2009 1:22 pm
Subject: Write Access to Address Book(Contacts API)

digipetest

Offline

Hi,
When i tried to register for my application, i get a list of all the scopes. I
found that the scope for Address Book is read only. Can i modify or delete
Contacts with this scope? If not then how can i get the full scope (read/write)
for the Address Book?

Thanks in Advance,
Digipetest

#727

From: "reslight" <rday888@...>
Date: Mon Sep 7, 2009 2:45 am
Subject: Developer Registration Questions

reslight

Offline

I am not sure if this is where I should be asking this, but I am almost totally
lost as to what I am supposed to be doing, and the instructions seem to be
assuming that I know a lot that I do not know.

I am trying to set up whatever I am supposed to set up get Yahoo to read the
sitemaps on my Wordpress blogs on my sites. I am using Google XML Sitemaps
plugin with the link provided through which I am supposed to obtain a "key" that
I need from Yahoo. The link provided with the Wordpress plugin takes me to the
form for "Developer Registration", but I still have little idea as to what I am
supposed to do.

Here is one of my blogs for an example:
http://name.reslight.net/

I do not know what is the difference between Generic and Browser-Based
Authentication and don't know which I should choose.

I do not know what is the end point URL is that I am supposed to supply; where I
am supposed to get this URL from?

Ron

#726

From: "demongamers" <demongamers@...>
Date: Fri Aug 28, 2009 8:02 pm
Subject: Using APIs for Single Login?

demongamers

Offline

Hi,

I wish to have my website simply login to the yahoo mail account for the my
organisation so as to retrieve our address book and keep the details of the
website users synchronised with the details in the yahoo address book.

I don't want to have visitors to the site login to their own Yahoo account, I
simply want the site to automatically connect to a single account, the
credentials for which are obviously known by the website and can be hard-coded.

All the authentication mechanisms I can find in the docs appear to only deal
with applications where each visitor to a site logs into his/her own Yahoo
account. Am I missing something... Is it possible to have my site merely connect
to the Address Book API and/or Mail Service for a single, known account, without
having to have a login page or such like?

Many thanks,
Tim Morgan.

#725

From: "ravi_mohandas" <ravi.mohandas@...>
Date: Tue Aug 4, 2009 12:41 am
Subject: getting user Credentials: What am I doing wrong?

ravi_mohandas

Offline

Hi:

I have registered a strawman application, "Email Teller" that can potentially
access the yahoo mail services for a given user.

Unexpected output in the BBAuth Process
========================================

The initial login step redirects and receives a token representing user
authentication.

In the next step to retrieve the user credentials, the server responds with a
200 status. However, the output is unlegible.

It is not quite the XML  document that is expected with the user credentials.
Instead, I get back something as seen at the end of the email.

Will appreciate any ideas to resolve this issue.

Thanks,
Ravi

San diego, CA 92104
Tel: 858.705.2286


WGET Results

Here using wget to make the call and setting the user agent to the appId. The
results appear to be the same, when url is referenced from a browser as well.

REQUEST MADE

C:\Users\Ravi>wget --user-agent="ESuPzHnIkY3R70205GtifhsCcUIYTewM7uMEtgc-" "http
s://api.login.yahoo.com/WSLogin/V1/wspwtoken_login?appid=ESuPzHnIkY3R70205Gtifhs
CcUIYTewM7uMEtgc-&token=AIZxdkru9keQzbR2iBgREIiP6XssdrJ.DvOr37qcaulr7EAO6Sdt2A--
&ts=1249342847&sig=43aec4238f2b6dfaa9d50af67d8a9dea" --no-check-certificate

RESPONSE PRINTED

--2009-08-03 16:42:55--  https://api.login.yahoo.com/WSLogin/V1/wspwtoken_login?
appid=ESuPzHnIkY3R70205GtifhsCcUIYTewM7uMEtgc-&token=AIZxdkru9keQzbR2iBgREIiP6Xs
sdrJ.DvOr37qcaulr7EAO6Sdt2A--&ts=1249342847&sig=43aec4238f2b6dfaa9d50af67d8a9dea

Resolving api.login.yahoo.com... 72.30.12.29
Connecting to api.login.yahoo.com|72.30.12.29|:443... connected.
WARNING: cannot verify api.login.yahoo.com's certificate, issued by `/C=US/O=Equ
ifax/OU=Equifax Secure Certificate Authority':
   Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/xml]
Saving to: `wspwtoken_login@appid=ESuPzHnIkY3R70205GtifhsCcUIYTewM7uMEtgc-&token
=AIZxdkru9keQzbR2iBgREIiP6XssdrJ.DvOr37qcaulr7EAO6Sdt2A--&ts=1249342847&sig=43ae
c4238f2b6dfaa9d50af67d8a9dea'

     [ <=>                                   ] 2,042       --.-K/s   in 0s

2009-08-03 16:42:55 (245 MB/s) - `wspwtoken_login@appid=ESuPzHnIkY3R70205GtifhsC
cUIYTewM7uMEtgc-&token=AIZxdkru9keQzbR2iBgREIiP6XssdrJ.DvOr37qcaulr7EAO6Sdt2A--&
ts=1249342847&sig=43aec4238f2b6dfaa9d50af67d8a9dea' saved [2042]

#724

From: "jabuchoto" <jabuchoto@...>
Date: Mon Jul 27, 2009 5:42 pm
Subject: Dont know how to recognize the user authenticating

jabuchoto

Offline

Hello! I am building an application using yahoo's bbauth. I have managed to
authenticate the user correctly. The thing is that I do not know which user is
the one that has done the process, and I am really interested in knowing it.
I am using bbauth for the register process of my web application. I dont want to
send an email with a confirmation link. If only I could know the email of the
user that has done the bbauthentication, I could compare it with the one entered
and avoid mail confirmation.
Thanks in adavanced for any help =)
Byee

#723

From: "Brian Cantoni" <bcantoni@...>
Date: Thu Jul 23, 2009 11:06 pm
Subject: Re: Displaying BBAuth appid Bad?

brian.cantoni

Offline

--- In ydn-auth@yahoogroups.com, "Diego" <diego@...> wrote:

> Is it bad or a security issue to  display the BBAuth "appid" in the query
string for others to see?
>
> for example: http://myapp.com/user/?appid=Pw9sWJHIkY4vhz.....&user=billy

I don't believe the AppID by itself would pose a problem, just make sure to not
include the AppID *with* the secret, otherwise someone could start impersonating
your application.

Brian Cantoni
Yahoo! Developer Network

#722

From: "Brian Cantoni" <bcantoni@...>
Date: Thu Jul 23, 2009 11:05 pm
Subject: Re: bbauth - when user chooses "i do not agree"

brian.cantoni

Offline

--- In ydn-auth@yahoogroups.com, "hazarsemih" <shazar@...> wrote:

> I've implemented Yahoo's BBAuth and it's working alright, but when the user
chooses not to give permission and clicks "I Do Not Agree" button in the
permission page, Yahoo redirects to
> http://developer.yahoo.com/?appid=<appid>&ts=<tsid>&sig=<sig>
>
> Why doesn't it redirect to my application so that I can understand that the
permission is not given. This is a terrible experience for users. (Being
redirected to a developer page all of a sudden)
>
> In case of authorization, it works smoothly and redirects to my application.
>
> Can this be fixed or am I doing something wrong ?

Semih, this is working "as designed", meaning that it always defaults back to
the YDN homepage when permission is denied or canceled. (Actually, it now
redirects to the Yahoo homepage instead.)

The protocol does not support specifying a destination URL in the case of a
deny/cancel, so apps will have to live with this current behavior.

Brian Cantoni
Yahoo! Developer Network

#721

From: "hazarsemih" <shazar@...>
Date: Mon Jun 22, 2009 11:05 am
Subject: bbauth - when user chooses "i do not agree"

hazarsemih

Offline

Hi All,

I've implemented Yahoo's BBAuth and it's working alright, but when the user
chooses not to give permission and clicks "I Do Not Agree" button in the
permission page, Yahoo redirects to
http://developer.yahoo.com/?appid=<appid>&ts=<tsid>&sig=<sig>

Why doesn't it redirect to my application so that I can understand that the
permission is not given. This is a terrible experience for users. (Being
redirected to a developer page all of a sudden)

In case of authorization, it works smoothly and redirects to my application.

Can this be fixed or am I doing something wrong ?

Regards,
Semih

#720

From: "Diego" <diego@...>
Date: Wed Jun 10, 2009 1:56 am
Subject: Displaying BBAuth appid Bad?

earthoid

Offline

Is it bad or a security issue to  display the BBAuth "appid" in the query string
for others to see?

for example: http://myapp.com/user/?appid=Pw9sWJHIkY4vhz.....&user=billy

Thanks in advance!

#719

From: "hira sirojudin" <setpersibnuaing@...>
Date: Tue Jun 9, 2009 4:43 am
Subject: Please confirm your request to join ydn-auth

setpersibnuaing

Online Now

Hi guys,
I'm trying rerun kennedy app sample.
as long as  i've not token yet, i add function login
in after create BBAuthentication instance.
look like this:
BrowserBasedAuthManager authManager = new BrowserBasedAuthManager(appid,
secret);
         authManager.login(); // which refer to link
http://developer.yahoo.com/auth/user.html
         authManager.authenticate();

but unfortunately, while login my app sample returning error such this:
[Fatal Error] strict.dtd:81:5: The declaration for the entity "ContentType" must
end with '>'.
Exception in thread "main" YmwsSample$AuthException: Error parsing XML
	 at YmwsSample$BrowserBasedAuthManager.login(YmwsSample.java:446)
	 at YmwsSample.main(YmwsSample.java:59)
	 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	 at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	 at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.jav\
a:25)
	 at java.lang.reflect.Method.invoke(Method.java:597)
	 at com.intellij.rt.execution.application.AppMain.main(AppMain.java:90)

anyone could help me... im really stuck regarding this and has spent much time
for this.:(

thanks for your help

#718

From: "Diego" <diego@...>
Date: Wed Jun 10, 2009 2:23 am
Subject: Passing BBAUTH appid with Query string bad?

earthoid

Offline

If I have an application and it is displaying the BBAuth appid in the query
string is it a security problem?

example:  http://my-application.com/user/?appid=Pw9sWJHIkY4vhz...&user=billybob

Thanks in advance!

#717

From: Hira Sirojudin <hira.sirojudin@...>
Date: Tue Jun 9, 2009 4:47 am
Subject: Fw: HTTP Transport error : '411' - 'Length Required'; nested exception is:

hira.sirojud...

Offline

Hi All,

I'm facing below error during getUserData via axis transport ws.

HTTP Transport error : '411' - 'Length Required'; nested exception is:

this is little snippet of code being error:

// Instantiate the SOAP proxy. Override the default endpoint so the application ID and the WSSID

// can be added to the URL.

YmwsStub stub = new YmwsStub("http://mail.yahooapis.com/ws/mail/v1.1/soap?appid=" +

URLEncoder.encode(appid, "UTF-8") + "&wssid=" + URLEncoder.encode(authManager.getWssid(), "UTF-8"));

logger.debug("stub: " + stub);

// Axis2 requires you to jump through some hoops to set a cookie on the SOAP proxy. This is the

// only way I have found to get this working. Set up a handler that will take care of injecting

// the cookie into the request.

HandlerDescription description = new HandlerDescription("CookieHandler");

description.setHandler(new CookieHandler(authManager.getCookie()));

PhaseRule rule = new PhaseRule("Security");

description.setRules(rule);

// Add the handler description to the outflow module.

AxisModule module = new AxisModule(new QName("OutFlow"));

module.setOutFlow(new Flow());

module.getOutFlow().addHandler(description);

// Add the outflow module to the Axis configuration.

stub._getServiceClient().getServiceContext().getConfigurationContext().getAxisConfiguration().addModule(module);

stub._getServiceClient().getServiceContext().getConfigurationContext().getAxisConfiguration().engageModule(

new QName("OutFlow"));

// Axis2 throws Exceptions whenever the server returns a SOAP fault. So wrap your

// calls in a try/catch block.

try {

// GetUserData, pulls user preferences and account settings.

logger.debug("start retrieving user data ");

YmwsStub.GetUserData9 getUserData = new YmwsStub.GetUserData9();

getUserData.setGetUserData(new YmwsStub.GetUserData());

YmwsStub.GetUserDataResponse userData = stub.GetUserData(getUserData, null).getGetUserDataResponse();

logger.debug("are you an premium user? " + userData.getData().getUserFeaturePref().getIsPremium());

System.out.println(String.format("Loaded user data for %1$s",

userData.getData().getUserSendPref().getDefaultFromName()));

} catch (AxisFault e) {

// A SOAP fault was thrown by the service.

logger.debug("e.getMessage() = " + e.getMessage());

logger.debug("e " + e.getCause().getMessage());

}

some body could advice me, what does code tobe made the error?

thanks alot.

#716

From: Diego Montalvo <diego@...>
Date: Wed Jun 10, 2009 1:47 pm
Subject: Displaying BBAuth "appid" in querystring a security issue?

earthoid

Offline

I am building a web app with "single sign on" and was wondering if displaying
the "appid" is a security issue for example:

http://my_app.com/user/?appid=Pw9sWJHIkY4vhz...&user=billybob
Thanks in Advance!

#715

From: Ricardo Scattini <rscattini@...>
Date: Tue Jun 2, 2009 6:37 pm
Subject: Re: Error: signature Mismatch

rscattini

Offline

before make the curl call i'm doing this

[...]
$url = urlencode($this->generateAuthURL());
curl_setopt( $ch, CURLOPT_URL, $url);
[...]

..and I have the same result...

any character isn't URL illegal

--- El mar 2-jun-09, Ryan Kennedy <rckenned@...> escribió:

De: Ryan Kennedy <rckenned@...>
Asunto: Re: [ydn-auth] Error: signature Mismatch
Para: ydn-auth@yahoogroups.com
Fecha: martes, 2 de junio de 2009, 5:58 pm

On Jun 2, 2009, at 6:46 AM, Ricardo Scattini wrote:
> private function generateAuthURL( $ts = '') {
> if($ts == '') $ts = $this->getTs( );
> return sprintf($this- >authURL, $this->appId, $ts,$this- >token,
> $this->generateAuth SIG($ts)) ;
> }

You're not calling urlencode() on any of the URL query parameters.
It's entirely possible that would cause a signature verification error.

--
Ryan Kennedy
Technical Yahoo!
rckenned@yahoo- inc.com

Yahoo! Cocina
Recetas prácticas y comida saludable
Visitá http://ar.mujer.yahoo.com/cocina/

#714

From: Ryan Kennedy <rckenned@...>
Date: Tue Jun 2, 2009 5:58 pm
Subject: Re: Error: signature Mismatch

rckenned_at_...

Offline

On Jun 2, 2009, at 6:46 AM, Ricardo Scattini wrote:
> private function generateAuthURL($ts = '') {
>     if($ts == '') $ts = $this->getTs();
>     return sprintf($this->authURL,$this->appId,$ts,$this->token,
> $this->generateAuthSIG($ts));
>   }

You're not calling urlencode() on any of the URL query parameters.
It's entirely possible that would cause a signature verification error.

--
Ryan Kennedy
Technical Yahoo!
rckenned@...

#713

From: Ricardo Scattini <rscattini@...>
Date: Tue Jun 2, 2009 1:46 pm
Subject: Error: signature Mismatch

rscattini

Offline

Hi:

I'm developing an app in PHP to import contacts from Yahoo API throughout BBAuth.
I followed carefully all the steps to generate/make the Signature.

The user can login successfully and yahoo redirects to my entrypoint with the token on the GET. When I want to "get credentials" yahoo response: "Signature mismatch"...

the timestamp is correctly. the secret and the appid too.

[...]
private $authURL = "https://api.login.yahoo.com/WSLogin/V1/wspwtoken_login?appid=%s&ts=%d&token=%s&sig=%s";

private $authSIG = "/WSLogin/V1/wspwtoken_login?appid=%s&token=%s&ts=%d";

private function generateAuthURL($ts = '') {
    if($ts == '') $ts = $this->getTs();
    return sprintf($this->authURL,$this->appId,$ts,$this->token,$this->generateAuthSIG($ts));
}

private function generateAuthSIG($ts) {
    $unhashed = sprintf($this->authSIG,$this->appId,$_GET['token'],$ts).$this->secret;
    $hash = md5($unhashed);
    return $hash;
}
[...]

When I try to do (after the user login):

header("Location: ".$this->generateAuthURL($_GET['ts'] );

Yahoo retrives a : "SIGNATURE MISMATCH"

I don't know what to do!

Tnks!

Yahoo! Cocina
Recetas prácticas y comida saludable
Visitá http://ar.mujer.yahoo.com/cocina/

#712

From: "Raul Macias" <raulhmacias@...>
Date: Sun May 31, 2009 7:46 pm
Subject: Re: How is Twitter authenticating user with Yahoo! without the redirection?

raulhmacias

Offline

Probably they are not using BBAuth
Maybe all they are doing is a manual HTTP request to the Yahoo AddressBook site
to export the user's contact list as a CSV file, and then parse the data on the
fly.
Search for OpenContacts.NET on Google to see what I'm talking about.

-Raul

--- In ydn-auth@yahoogroups.com, "Rubayeet Islam" <rubayat2003@...> wrote:
>
> Hi,
>
> I am trying to build an invitation tool for my web app just like Twitter's
(http://twitter.com/invitations). I've been reading about the BBAuth mechanism
for user authentication. But I'm wondering how Twitter manages to authenticate a
user with Yahoo! without redirecting him to the Yahoo! login page. Can anyone
tell me?
>
> I have also posted this question to ydn-addressbook group.
>
> Thanks
>

#711

From: "Rubayeet Islam" <rubayat2003@...>
Date: Sun May 31, 2009 7:52 am
Subject: How is Twitter authenticating user with Yahoo! without the redirection?

rubayat2003

Offline

Hi,

I am trying to build an invitation tool for my web app just like Twitter's
(http://twitter.com/invitations). I've been reading about the BBAuth mechanism
for user authentication. But I'm wondering how Twitter manages to authenticate a
user with Yahoo! without redirecting him to the Yahoo! login page. Can anyone
tell me?

I have also posted this question to ydn-addressbook group.

Thanks

#710

From: "jbtibor@..." <jbtibor@...>
Date: Fri May 29, 2009 5:34 pm
Subject: Re: Re: Testing BBAuth -- Does https "referer" header element matter?

jbtibor

Offline

Hi Pete, a mock service is something you create, it behaves like you program it, so it depends only on you if it requires a new app id or it accepts your live app id (or it doesn't require app id at all).
Yahoo services are quite well documented, so one can know what the output should be for an input - and this is the only thing you need to create a mock.

Starting point for mocks (just replace 'object' with 'service'):
http://en.wikipedia.org/wiki/Mock_object

--- On Fri, 5/29/09, clinicahealth <admins@...> wrote:

From: clinicahealth <admins@...>
Subject: [ydn-auth] Re: Testing BBAuth -- Does https "referer" header element matter?
To: ydn-auth@yahoogroups.com
Date: Friday, May 29, 2009, 3:56 PM

Tibor --

Have you succeeded with "pointing your app to [a test site]"?

When we try this, we get errors, per previous emails in this thread.

In order to set up a "mock" (I would call these dev, test, beta and live) service, do we need to create separate app ID's for each?

Please share some details of your approach, and what you learned.

Pete.

--- In ydn-auth@yahoogroup s.com, "Tibor" <jbtibor@... > wrote:
>
> You could try setting up a mock service and point your app to that one
> while testing.
>
> > what is the best way to test Yahoo Browser Based Authentication
> > locally?

#709

From: "clinicahealth" <admins@...>
Date: Fri May 29, 2009 1:56 pm
Subject: Re: Testing BBAuth -- Does https "referer" header element matter?

clinicahealth

Offline

Tibor --

Have you succeeded with "pointing your app to [a test site]"?

When we try this, we get errors, per previous emails in this thread.

In order to set up a "mock" (I would call these dev, test, beta and live)
service, do we need to create separate app ID's for each?

Please share some details of your approach, and what you learned.

Pete.

--- In ydn-auth@yahoogroups.com, "Tibor" <jbtibor@...> wrote:
>
> You could try setting up a mock service and point your app to that one
> while testing.
>
> > what is the best way to test Yahoo Browser Based Authentication
> > locally?

#708

From: "Tibor" <jbtibor@...>
Date: Tue May 19, 2009 8:28 pm
Subject: Re: Testing BBAuth -- Does https "referer" header element matter?

jbtibor

Offline

You could try setting up a mock service and point your app to that one while
testing.


--- In ydn-auth@yahoogroups.com, "Raul Macias" <raulhmacias@...> wrote:
>
> I have exactly the same question:
>
> what is the best way to test Yahoo Browser Based Authentication locally?
> there should be a way for us developers to test this in our local boxes
without to having to expose our code to the web without testing it beforehand.
>
>
> --- In ydn-auth@yahoogroups.com, "clinicahealth" <admins@> wrote:
> >
> > I'm getting the infamous "Invalid (missing) src or appid" error.
> > I'm running this from a dev machine, and have tweaked my /etc/hosts file so
my browser thinks it's hitting the production host (www, vs. dev).
> >
> > While it could be an error in constructing the uri, I'm hoping someone can
tell me if the BBAuth service would notice the discrepancy between the referer
and my IP address, or some such, and error out?  BBAuth is a bit of a black box,
so I'm trying to figure out where to look for the solution...
> >
> > Or, to ask the more general question, what is the best way to develop BBAuth
systems without deploying it on production servers first?
> >
> > Thanks!
> >
>

#707

From: "Raul Macias" <raulhmacias@...>
Date: Mon May 11, 2009 6:08 pm
Subject: Re: Testing BBAuth -- Does https "referer" header element matter?

raulhmacias

Offline

I have exactly the same question:

what is the best way to test Yahoo Browser Based Authentication locally?
there should be a way for us developers to test this in our local boxes without
to having to expose our code to the web without testing it beforehand.


--- In ydn-auth@yahoogroups.com, "clinicahealth" <admins@...> wrote:
>
> I'm getting the infamous "Invalid (missing) src or appid" error.
> I'm running this from a dev machine, and have tweaked my /etc/hosts file so my
browser thinks it's hitting the production host (www, vs. dev).
>
> While it could be an error in constructing the uri, I'm hoping someone can
tell me if the BBAuth service would notice the discrepancy between the referer
and my IP address, or some such, and error out?  BBAuth is a bit of a black box,
so I'm trying to figure out where to look for the solution...
>
> Or, to ask the more general question, what is the best way to develop BBAuth
systems without deploying it on production servers first?
>
> Thanks!
>

#706

From: "Raul Macias" <raulhmacias@...>
Date: Mon May 11, 2009 6:13 pm
Subject: Re: bbAuth C# - Cannot Access Session after login

raulhmacias

Offline

In the first page, where you send the user to the login screen, you need to
store the Yahoo.Authentication object in session state first like so:

			 // Create an instance of Yahoo.Authentication
			 Yahoo.Authentication auth = new Yahoo.Authentication("xxx", "yyy");

			 //store in session
			 Session["Auth"] = auth;

			 // Redirect the user to the use sign-in page
			 Response.Redirect(auth.GetUserLogOnAddress().ToString());


--- In ydn-auth@yahoogroups.com, "zeeshan_ncba" <zeeshan_ncba@...> wrote:
>
> Hi,
>    I made two pages in asp.net, one to call the login page and the second to
get response from login aftre bbAuth. My problem is, my page calls the yahoo
login service, which is fine but when the response comes to my second page to
authorize the Session,i cannot access the session on following line
>
> Yahoo.Authentication auth = Session["auth"] as Yahoo.Authentication;
>
> its gives me an error as seesion does not exist.
>
> Please help, i have tried all possible solutions.
>
> I am using Yahoo.Authentication.dll.
>

#705

From: "Raul Macias" <raulhmacias@...>
Date: Mon May 11, 2009 6:18 pm
Subject: Testing Yahoo Browser Based Authentication locally

raulhmacias

Offline

I want to know what is the best way to test BBAuthentication locally (in a dev
machine that is not exposed to the internet).

I know for example that this can be done for other services, like Microsoft
Live, where you modifiy your hosts file to cheat and run your test web site in a
fake domain like 'http://mydevmachine.com'

can the same be done to test Yahoo BBAuthentication?

#704

From: "archanasingh_14" <archanasingh_14@...>
Date: Wed Apr 29, 2009 10:36 am
Subject: Hi, i want to know how to use yahoo api for authentication of email id.

archanasingh_14

Offline

Hi, i want to know how to use yahoo api for authentication of email id.
Where can i find the skelton code of the yahoo api function which enable email
authenication. I require this for my college project.
If anybody has any idea about how to approach it, please do help me.