Three-Legged OAuth Implementation Example
Now that we have examined the particulars of the OAuth 1.0a process, let’s look at a practical implementation of what we’ve learned to see how to build out an end-to-end project using OAuth.
In this example, we’ll use OAuth to connect to Yahoo! on a user’s behalf and then post out an activity to that user’s update stream. This update stream will be available throughout the site—most notably, on http://mail.yahoo.com, http://pulse.yahoo.com, and through Yahoo! Messenger. This process will display that we have authenticated on a user’s behalf and used read/write access permissions to push our new data to the user’s private stream.
To start out this process, we need to create a new application on the Yahoo! system. Follow these steps to create the base application:
Go to https://developer.apps.yahoo.com/projects to load the application dashboard.
Click New Project at the top of the page that opens. When prompted, select a Standard application (not a YAP application, as those are applications that run on Yahoo-specific dropzones like http://my.yahoo.com).
Once you’ve selected the preceding options and the domain has been verified (if needed), you will be presented with a new, blank application.
Within the application window, you’ll see a section under a Permissions header. This is where we will select the type of personal data access we want to bind to our application. For our needs, since we will simply be outputting a new activity to a user’s update ...