Three-Legged OAuth Implementation Example

Now that we have examined the particulars of the OAuth 1.0a process, let’s look at a practical implementation of what we’ve learned to see how to build out an end-to-end project using OAuth.

In this example, we’ll use OAuth to connect to Yahoo! on a user’s behalf and then post out an activity to that user’s update stream. This update stream will be available throughout the site—most notably, on,, and through Yahoo! Messenger. This process will display that we have authenticated on a user’s behalf and used read/write access permissions to push our new data to the user’s private stream.

To start out this process, we need to create a new application on the Yahoo! system. Follow these steps to create the base application:

  1. Go to to load the application dashboard.

  2. Click New Project at the top of the page that opens. When prompted, select a Standard application (not a YAP application, as those are applications that run on Yahoo-specific dropzones like

  3. Once you’ve selected the preceding options and the domain has been verified (if needed), you will be presented with a new, blank application.

Within the application window, you’ll see a section under a Permissions header. This is where we will select the type of personal data access we want to bind to our application. For our needs, since we will simply be outputting a new activity to a user’s update ...

Get Programming Social Applications now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.