Does Yahoo support state parameter for oauth?
-
13-12-2019 - |
Question
Google and FB correctly support "state" parameter for oauth. How about Yahoo ?
How to pass custom data across requests in Yahoo oauth process ?
Solution
The Yahoo OAuth2 implementation supports the parameter state. You can attach it within the main request. This is a basic php-example:
https://api.login.yahoo.com/oauth2/request_auth?client_id='.$client_id.'&redirect_uri='.$redirect_uri.'&response_type=code&state='.$state
OTHER TIPS
Like Jan said, Yahoo is OAuth 1... and doesn't require a state parameter.
You'll notice that Google and FB require that each callback URL be explicitly defined/registered with Google/FB. If you want to deviate from those URLs... you need to use the state parameter.
Yahoo only requires that you register the host/domain of your call back URL.. the rest is completely variable and may contain any parameter you'd like http://myregistereddomain.com/whateverpath/?some_param=whatevr&state=heres_your_state&foo=bar
Google and Facebook implement OAuth 2, that requires the provider to support the state
parameter. OAuth 1, that is implemented by Yahoo, does not have such a parameter.
You could e.g. store a cookie in the user's browser to save state.