Does Yahoo support state parameter for oauth?

Question

Google and FB correctly support "state" parameter for oauth. How about Yahoo ?

How to pass custom data across requests in Yahoo oauth process ?

Answer 1

The Yahoo OAuth2 implementation supports the parameter state. You can attach it within the main request. This is a basic php-example:

https://api.login.yahoo.com/oauth2/request_auth?client_id='.$client_id.'&redirect_uri='.$redirect_uri.'&response_type=code&state='.$state

Answer 2

Like Jan said, Yahoo is OAuth 1... and doesn't require a state parameter.

You'll notice that Google and FB require that each callback URL be explicitly defined/registered with Google/FB. If you want to deviate from those URLs... you need to use the state parameter.

Yahoo only requires that you register the host/domain of your call back URL.. the rest is completely variable and may contain any parameter you'd like http://myregistereddomain.com/whateverpath/?some_param=whatevr&state=heres_your_state&foo=bar

Answer 3

Google and Facebook implement OAuth 2, that requires the provider to support the state parameter. OAuth 1, that is implemented by Yahoo, does not have such a parameter.

You could e.g. store a cookie in the user's browser to save state.