Mike Peat
16-Aug-2015, 12:32 PM
In the wise words of Sheldon Cooper: "Bazinga!"
I have, after far too long banging my head against a series of brick walls, just managed to get the OAuth2 component to connect to the Yahoo! REST API (OK, I got one API call to give me back a bunch of XML telling me not very much, but it is a start! :)):
GET https://social.yahooapis.com/v1/user/745KCX5MZAWG2PVDZSZERUG3ZM/profile/usercard
returns:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<profile xmlns="http://social.yahooapis.com/v1/profile/social.profile" xmlns:ns2="http://www.yahooapis.com/v1/base.rng" ns2:uri="https://social.yahooapis.com/v1/user/745KCX5MZAWG2PVDZSZERUG3ZM/profile/usercard" cache="true">
<guid>745KCX5MZAWG2PVDZSZERUG3ZM</guid>
<created>2015-08-16T16:48:19Z</created>
<image>
<height>48</height>
<imageUrl>https://s.yimg.com/dh/ap/social/profile/profile_b48.png</imageUrl>
<size>48x48</size>
<width>48</width>
</image>
<memberSince>2014-10-14T10:38:37Z</memberSince>
<nickname>Mike</nickname>
<notStored>true</notStored>
<profileUrl>http://profile.yahoo.com/745KCX5MZAWG2PVDZSZERUG3ZM</profileUrl>
<bdRestricted>true</bdRestricted>
</profile>
This is important because Yahoo! uses OAuth 1.0a, rather than OAuth 2.0.
OAuth 1.0a (the "a" referring to a fix for a security hole identified after 1.0 was first published) is a significantly more prescriptive standard than OAuth 2.0 (which is a good thing: less scope for variation among implementations... or so I hope). It is also quite a bit more complicated in terms of implementation (at least from my experience so far).
Why should we care about OAuth 1.0a? Because a number of significant providers are using that rather than OAuth 2.0, including Yahoo! (obviously), Twitter and Xero Accounts (and probably many others I have not yet found out about).
I will keep you posted as I make progress, but I got so excited I had to tell somebody who might understand. (Does this sound like "My wife doesn't understand me"? - If so there is a reason for that! :))
So... a question. Currently I have this capability in an updated version of the cOAuth 2.0 class, where it might be argued it does not really belong (the clue being in the name), controlled by a wpbUseOAuth10a property. Do you think I should:
Just leave it in there
Leave it in there, but rename the component to just "cOAuth" (no "2")
Split it out into a separate component called cOAuth10a (or similar)
Some other approach...
Mike
I have, after far too long banging my head against a series of brick walls, just managed to get the OAuth2 component to connect to the Yahoo! REST API (OK, I got one API call to give me back a bunch of XML telling me not very much, but it is a start! :)):
GET https://social.yahooapis.com/v1/user/745KCX5MZAWG2PVDZSZERUG3ZM/profile/usercard
returns:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<profile xmlns="http://social.yahooapis.com/v1/profile/social.profile" xmlns:ns2="http://www.yahooapis.com/v1/base.rng" ns2:uri="https://social.yahooapis.com/v1/user/745KCX5MZAWG2PVDZSZERUG3ZM/profile/usercard" cache="true">
<guid>745KCX5MZAWG2PVDZSZERUG3ZM</guid>
<created>2015-08-16T16:48:19Z</created>
<image>
<height>48</height>
<imageUrl>https://s.yimg.com/dh/ap/social/profile/profile_b48.png</imageUrl>
<size>48x48</size>
<width>48</width>
</image>
<memberSince>2014-10-14T10:38:37Z</memberSince>
<nickname>Mike</nickname>
<notStored>true</notStored>
<profileUrl>http://profile.yahoo.com/745KCX5MZAWG2PVDZSZERUG3ZM</profileUrl>
<bdRestricted>true</bdRestricted>
</profile>
This is important because Yahoo! uses OAuth 1.0a, rather than OAuth 2.0.
OAuth 1.0a (the "a" referring to a fix for a security hole identified after 1.0 was first published) is a significantly more prescriptive standard than OAuth 2.0 (which is a good thing: less scope for variation among implementations... or so I hope). It is also quite a bit more complicated in terms of implementation (at least from my experience so far).
Why should we care about OAuth 1.0a? Because a number of significant providers are using that rather than OAuth 2.0, including Yahoo! (obviously), Twitter and Xero Accounts (and probably many others I have not yet found out about).
I will keep you posted as I make progress, but I got so excited I had to tell somebody who might understand. (Does this sound like "My wife doesn't understand me"? - If so there is a reason for that! :))
So... a question. Currently I have this capability in an updated version of the cOAuth 2.0 class, where it might be argued it does not really belong (the clue being in the name), controlled by a wpbUseOAuth10a property. Do you think I should:
Just leave it in there
Leave it in there, but rename the component to just "cOAuth" (no "2")
Split it out into a separate component called cOAuth10a (or similar)
Some other approach...
Mike