Three-Legged OAuth Implementation Example

Now that we have examined the particulars of the OAuth 1.0a process, let’s look at a practical implementation of what we’ve learned to see how to build out an end-to-end project using OAuth.

In this example, we’ll use OAuth to connect to Yahoo! on a user’s behalf and then post out an activity to that user’s update stream. This update stream will be available throughout the site—most notably, on http://mail.yahoo.com, http://pulse.yahoo.com, and through Yahoo! Messenger. This process will display that we have authenticated on a user’s behalf and used read/write access permissions to push our new data to the user’s private stream.

To start out this process, we need to create a new application on the Yahoo! system. Follow these steps to create the base application:

  1. Go to https://developer.apps.yahoo.com/projects to load the application dashboard.

  2. Click New Project at the top of the page that opens. When prompted, select a Standard application (not a YAP application, as those are applications that run on Yahoo-specific dropzones like http://my.yahoo.com).

  3. Once you’ve selected the preceding options and the domain has been verified (if needed), you will be presented with a new, blank application.

Within the application window, you’ll see a section under a Permissions header. This is where we will select the type of personal data access we want to bind to our application. For our needs, since we will simply be outputting a new activity to a user’s update ...

Get Programming Social Applications now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.