An unofficial, hastily-written Oauth2 OmniAuth strategy for Yahoo. Uses the authorization flow described at https://developer.yahoo.com/oauth2/guide/flows_authcode/.

Built using https://github.com/intridea/omniauth-oauth2.

gem install omniauth-yahoo-oauth2

Create an app at https://developer.yahoo.com/apps to get a Yahoo client ID and secret.

# In an initializer
Rails.application.config.middleware.use OmniAuth::Builder do
  provider :yahoo_oauth2, yahoo_client_id, yahoo_secret, name: 'yahoo'
end

See https://github.com/intridea/omniauth for Omniauth instructions.

OmniAuth doesn't currently have built-in support for Basic Authentication for retrieving OAuth2 tokens, so YahooOauth2::Client overrides OAuth2::Client#get_token. Yahoo also requires redirect_uri to be set when refreshing the access_token, so YahooOauth2::AccessToken overrides OAuth2::AccessToken#refresh! to handle that.

As with other OAuth2 providers, Yahoo returns an access_token, a refresh_token, and an expiration time for the access_token. They are available in the credentials hash in the callback:

credentials = request.env.fetch('omniauth.auth').fetch(:credentials)
tokens_hash = {
  access_token:  credentials[:token],
  refresh_token: credentials[:refresh_token],
  expires_at:    credentials[:expires_at]
}

They should be saved to your application's database. You can use the access_token directly or use YahooOauth2::AccessToken for requests:

client = YahooOauth2::Client.new(YAHOO_CLIENT_ID, YAHOO_SECRET)
token  = YahooOauth2::AccessToken.from_hash(client, tokens_hash)
token.get(
  "https://social.yahooapis.com/v1/user/#{uid}/profile?format=json"
).parsed

And to refresh the access token once it has expired:

old_token = YahooOauth2::AccessToken.from_hash(client, tokens_hash)
if old_token.expired?
  new_token = old_token.refresh!
  new_token.to_hash # => update your database with this
end

• Handle failure cases. (https://developer.yahoo.com/oauth2/guide/errors/)
• Test something. Anything.