Yahoo OAuth working without consumer key/secret?
https://stackoverflow.com/questions/4435835
-
09-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am using DotNetOpenAuth to connect to Yahoo and Google; and extract user data. The funny thing is, I have been able to authenticate against Yahoo without specifying the consumer key/secret anywhere. I guess Yahoo provides access to the following without requiring these?
- Email, Name, Gender
Is there anywhere in DotNetOpenAuth I can sign my requests, in case I require access to other details, like DOB?
Solution
What you're doing with Yahoo isn't OAuth at all, therefore consumer key and secret do not apply. OAuth doesn't do authentication (at least not natively). OpenID is what you're using, and doesn't require the RP to first form a relationship with the OP the way OAuth does.
I don't know whether Yahoo! ever reveals a user's date of birth. But if it does, it certainly could do so over OpenID as easily (or moreso) as OAuth.
