ydn-auth at Yahoo! Groups

ydn-auth at Yahoo! Groups http://tech.groups.yahoo.com/group/ydn-auth/ Yahoo! Authenticated Web Services bbauth - when user chooses "i do not agree" Wed, 24 Jun 2009 15:20:57 GMT hazarsemih http://tech.groups.yahoo.com/group/ydn-auth/message/721 http://tech.groups.yahoo.com/group/ydn-auth/message/721 Hi All, I've implemented Yahoo's BBAuth and it's working alright, but when the user chooses not to give permission and clicks "I Do Not Agree" button in the Displaying BBAuth appid Bad? Mon, 15 Jun 2009 21:06:54 GMT Diego http://tech.groups.yahoo.com/group/ydn-auth/message/720 http://tech.groups.yahoo.com/group/ydn-auth/message/720 Is it bad or a security issue to display the BBAuth "appid" in the query string for others to see? for example: Please confirm your request to join ydn-auth Mon, 15 Jun 2009 21:06:15 GMT hira sirojudin http://tech.groups.yahoo.com/group/ydn-auth/message/719 http://tech.groups.yahoo.com/group/ydn-auth/message/719 Hi guys, I'm trying rerun kennedy app sample. as long as i've not token yet, i add function login in after create BBAuthentication instance. look like this: Passing BBAUTH appid with Query string bad? Mon, 15 Jun 2009 21:06:12 GMT Diego http://tech.groups.yahoo.com/group/ydn-auth/message/718 http://tech.groups.yahoo.com/group/ydn-auth/message/718 If I have an application and it is displaying the BBAuth appid in the query string is it a security problem? example: Fw: HTTP Transport error : '411' - 'Length Required'; nested excepti Mon, 15 Jun 2009 21:05:58 GMT Hira Sirojudin http://tech.groups.yahoo.com/group/ydn-auth/message/717 http://tech.groups.yahoo.com/group/ydn-auth/message/717 Hi All, I'm facing below error during getUserData via axis transport ws. HTTP Transport error : '411' - 'Length Required'; nested exception is: this is little Displaying BBAuth "appid" in querystring a security issue? Wed, 10 Jun 2009 18:14:23 GMT Diego Montalvo http://tech.groups.yahoo.com/group/ydn-auth/message/716 http://tech.groups.yahoo.com/group/ydn-auth/message/716 I am building a web app with "single sign on" and was wondering if displaying the "appid" is a security issue for example: Re: Error: signature Mismatch Thu, 04 Jun 2009 22:23:44 GMT Ricardo Scattini http://tech.groups.yahoo.com/group/ydn-auth/message/715 http://tech.groups.yahoo.com/group/ydn-auth/message/715 before make the curl call i'm doing this [...] $url = urlencode($this->generateAuthURL()); curl_setopt( $ch, CURLOPT_URL, $url); [...] ...and I have the same Re: Error: signature Mismatch Tue, 02 Jun 2009 17:58:50 GMT Ryan Kennedy http://tech.groups.yahoo.com/group/ydn-auth/message/714 http://tech.groups.yahoo.com/group/ydn-auth/message/714 ... You're not calling urlencode() on any of the URL query parameters. It's entirely possible that would cause a signature verification error. -- Ryan Kennedy Error: signature Mismatch Tue, 02 Jun 2009 17:55:23 GMT Ricardo Scattini http://tech.groups.yahoo.com/group/ydn-auth/message/713 http://tech.groups.yahoo.com/group/ydn-auth/message/713 Hi: I'm developing an app in PHP to import contacts from Yahoo API throughout BBAuth. I followed carefully all the steps to generate/make the Signature. The Re: How is Twitter authenticating user with Yahoo! without the redir Sun, 31 May 2009 21:17:44 GMT Raul Macias http://tech.groups.yahoo.com/group/ydn-auth/message/712 http://tech.groups.yahoo.com/group/ydn-auth/message/712 Probably they are not using BBAuth Maybe all they are doing is a manual HTTP request to the Yahoo AddressBook site to export the user's contact list as a CSV How is Twitter authenticating user with Yahoo! without the redirecti Sun, 31 May 2009 17:17:52 GMT Rubayeet Islam http://tech.groups.yahoo.com/group/ydn-auth/message/711 http://tech.groups.yahoo.com/group/ydn-auth/message/711 Hi, I am trying to build an invitation tool for my web app just like Twitter's (http://twitter.com/invitations). I've been reading about the BBAuth mechanism Re: Testing BBAuth -- Does https "referer" header element matter? Fri, 29 May 2009 17:39:20 GMT jbtibor@... http://tech.groups.yahoo.com/group/ydn-auth/message/710 http://tech.groups.yahoo.com/group/ydn-auth/message/710 Hi Pete, a mock service is something you create, it behaves like you program it, so it depends only on you if it requires a new app id or it accepts your live Re: Testing BBAuth -- Does https "referer" header element matter? Fri, 29 May 2009 17:00:24 GMT clinicahealth http://tech.groups.yahoo.com/group/ydn-auth/message/709 http://tech.groups.yahoo.com/group/ydn-auth/message/709 Tibor -- Have you succeeded with "pointing your app to [a test site]"? When we try this, we get errors, per previous emails in this thread. In order to set up Re: Testing BBAuth -- Does https "referer" header element matter? Tue, 19 May 2009 20:51:29 GMT Tibor http://tech.groups.yahoo.com/group/ydn-auth/message/708 http://tech.groups.yahoo.com/group/ydn-auth/message/708 You could try setting up a mock service and point your app to that one while testing. Re: Testing BBAuth -- Does https "referer" header element matter? Tue, 19 May 2009 18:16:26 GMT Raul Macias http://tech.groups.yahoo.com/group/ydn-auth/message/707 http://tech.groups.yahoo.com/group/ydn-auth/message/707 I have exactly the same question: what is the best way to test Yahoo Browser Based Authentication locally? there should be a way for us developers to test this