An unofficial, hastily-written Oauth2 OmniAuth strategy for Yahoo. Uses the authorization flow described at https://developer.yahoo.com/oauth2/guide/flows_authcode/.
Built using https://github.com/intridea/omniauth-oauth2.
gem install omniauth-yahoo-oauth2
Create an app at https://developer.yahoo.com/apps to get a Yahoo client ID and secret.
# In an initializer
Rails.application.config.middleware.use OmniAuth::Builder do
provider :yahoo_oauth2, yahoo_client_id, yahoo_secret, name: 'yahoo'
endSee https://github.com/intridea/omniauth for Omniauth instructions.
OmniAuth doesn't currently have built-in support for Basic Authentication for
retrieving OAuth2 tokens, so YahooOauth2::Client overrides
OAuth2::Client#get_token. Yahoo also requires redirect_uri to be set when
refreshing the access_token, so YahooOauth2::AccessToken overrides
OAuth2::AccessToken#refresh! to handle that.
As with other OAuth2 providers, Yahoo returns an access_token, a
refresh_token, and an expiration time for the access_token. They are
available in the credentials hash in the callback:
credentials = request.env.fetch('omniauth.auth').fetch(:credentials)
tokens_hash = {
access_token: credentials[:token],
refresh_token: credentials[:refresh_token],
expires_at: credentials[:expires_at]
}They should be saved to your application's database. You can use the
access_token directly or use YahooOauth2::AccessToken for requests:
client = YahooOauth2::Client.new(YAHOO_CLIENT_ID, YAHOO_SECRET)
token = YahooOauth2::AccessToken.from_hash(client, tokens_hash)
token.get(
"https://social.yahooapis.com/v1/user/#{uid}/profile?format=json"
).parsedAnd to refresh the access token once it has expired:
old_token = YahooOauth2::AccessToken.from_hash(client, tokens_hash)
if old_token.expired?
new_token = old_token.refresh!
new_token.to_hash # => update your database with this
end- Handle failure cases. (https://developer.yahoo.com/oauth2/guide/errors/)
- Test something. Anything.