Search code examples
phpcodeigniteraccess-tokenguidyahoo-api

Yahoo YOS Social PHP5 library error

I'm trying to sign a user in using Yahoo. I'm using the Yos social php5 sdk. It asks for permission and after that, dies with the error token_rejected.

That's all I get back. This is what my code looks like (note: I'm using this in codeigniter):

function yahoo($url) {
    if($url == 'login') {
        $url = base_url('user/yahoologin');
    } else {
        $url = base_url('user/yahooregister');
    }
    set_include_path(APPPATH . "libraries/Yahoo");
    require_once APPPATH . "libraries/Yahoo/OAuth/OAuth.php";
    require_once APPPATH . "libraries/Yahoo/Yahoo/YahooOAuthApplication.class.php";
    $CONSUMER_KEY      = 'consumerkey--';
    $CONSUMER_SECRET   = 'secret';
    $APPLICATION_ID    = 'appid';
    $CALLBACK_URL      = $url;
    $oauthapp      = new YahooOAuthApplication($CONSUMER_KEY, $CONSUMER_SECRET, $APPLICATION_ID, $CALLBACK_URL);

    # Fetch request token
    $request_token = $oauthapp->getRequestToken($CALLBACK_URL);

    # Redirect user to authorization url
    $redirect_url  = $oauthapp->getAuthorizationUrl($request_token);
    redirect($redirect_url);
}

public function yahoologin() {
    set_include_path(APPPATH . "libraries/Yahoo");
    require_once APPPATH . "libraries/Yahoo/OAuth/OAuth.php";
    require_once APPPATH . "libraries/Yahoo/Yahoo/YahooOAuthApplication.class.php";
    $CONSUMER_KEY      = 'consumerkey--';
    $CONSUMER_SECRET   = 'secret';
    $APPLICATION_ID    = 'appid';
    $CALLBACK_URL      = base_url("user/yahoologin");
    $oauthapp      = new YahooOAuthApplication($CONSUMER_KEY, $CONSUMER_SECRET, $APPLICATION_ID, $CALLBACK_URL);

    # Fetch request token
    $request_token = $oauthapp->getRequestToken($CALLBACK_URL);
    # Exchange request token for authorized access token
    $access_token = $oauthapp->getAccessToken($request_token, $_REQUEST['oauth_verifier']);

    # update access token
    $oauthapp->token = $access_token;

    # fetch user profile
    $profile = $oauthapp->getProfile();

    var_dump($profile);
}

The only error I'm getting is this:

YahooOAuthAccessToken Object
(
    [key] => 
    [secret] => 
    [expires_in] => 
    [session_handle] => 
    [authorization_expires_in] => 
    [yahoo_guid] => 
    [oauth_problem] => token_rejected
)

And that's on the $access_token = $oauthapp->getAccessToken($request_token, $_REQUEST['oauth_verifier']); line. Any assistance to get this working? I seriously think Yahoo's got the worst API ever.

Solution

  • Because there isn't much out there that helps with yahoo api, I thought I'd post my solution so people who struggle can get answers.

    What I didn't realise is that every time you call $oauthapp->getRequestToken($url), Yahoo returns a random signature and key, and it's up to you to save them to a session or variable or database or whatever. I opted for a session. So right after I get my request token, I save it to the session:

    function yahoo($url) {
    if($url == 'login') {
        $url = base_url('user/yahoologin');
    } else {
        $url = base_url('user/yahooregister');
    }
    set_include_path(APPPATH . "libraries/Yahoo");
    require_once APPPATH . "libraries/Yahoo/OAuth/OAuth.php";
    require_once APPPATH . "libraries/Yahoo/Yahoo/YahooOAuthApplication.class.php";
    $CONSUMER_KEY      = 'xxxx';
    $CONSUMER_SECRET   = 'xxxx';
    $APPLICATION_ID    = 'xxxx';
    $CALLBACK_URL      = $url;
    $oauthapp      = new YahooOAuthApplication($CONSUMER_KEY, $CONSUMER_SECRET, $APPLICATION_ID, $CALLBACK_URL);

    # Fetch request token
    $request_token = $oauthapp->getRequestToken($CALLBACK_URL);
    $this->session->set_userdata('request_token',json_encode($request_token));

    # Redirect user to authorization url
    $redirect_url  = $oauthapp->getAuthorizationUrl($request_token);
    redirect($redirect_url);
}

    Now just for some clarification: This function is called by the link provided by the Yahoo! Login button on my home page (this is in codeigniter):

    <?php
    echo form_button(
    array(
        'name'    => 'yahoo-login',
        'id'      => 'yahoo-login',
        'title'   => 'Yahoo Login',
        'class'   => 'btn span12 btn-yahoo',
        'type'    => 'button',
        'onclick' => "javascript:void openWindow('" . base_url('user/yahoo') . "/login','Yahoo! Login',580,400);return false;"),
    "<i class='icon icon-yahoo'></i> Log in with Yahoo!"
); ?>

    As you can see, I set a user session with the request_token as a json_encoded string. In my login function, I get the token from the session and just decode it. and pass it to whatever function needs it:

    public function yahoologin() {
    set_include_path(APPPATH . "libraries/Yahoo");
    require_once APPPATH . "libraries/Yahoo/OAuth/OAuth.php";
    require_once APPPATH . "libraries/Yahoo/Yahoo/YahooOAuthApplication.class.php";
    $CONSUMER_KEY      = 'xxxx';
    $CONSUMER_SECRET   = 'xxxx';
    $APPLICATION_ID    = 'xxxx';
    $CALLBACK_URL      = base_url("user/yahoologin");
    $oauthapp      = new YahooOAuthApplication($CONSUMER_KEY, $CONSUMER_SECRET, $APPLICATION_ID, $CALLBACK_URL);

    # Fetch request token
    $request_token = json_decode($this->session->userdata('request_token'));
    # Exchange request token for authorized access token
    $access_token = $oauthapp->getAccessToken($request_token, $_REQUEST['oauth_verifier']);

    # update access token
    $oauthapp->token = $access_token;

    # fetch user profile
    $profile = $oauthapp->getProfile();

    var_dump($profile);
}

    Note: Obviously this doesn't log anyone in at the moment, but it does get me way further than I've been for a week.

    I hope this helps someone that's struggling with Yahoo!'s API.