Kind of hitting a wall here. I setup my callback domain to be my ngrok instance (paid account). My redirect request to Yahoo's auth looks like this:
"https://api.login.yahoo.com/oauth2/request_auth?client_id=fakeclientid--&redirect_uri=https://myname.ngrok.io/api/authentication_handler&response_type=code&language=en-us"
I'm redirecting to that as so:
return new RedirectResult(yahooOauthUrl);
I correctly get redirected, enter my credentials, get logged into Yahoo, but I'm presented with a screen on Yahoo's side with this:
If I publicly submit a GET/POST request to my redirect URI in postman or through Chrome, I get a request hitting my localhost fine. I've also verified that my Yahoo app has the exact same callback domain of:
myname.ngrok.io
The code to handle my callback request is here:
// GET/POST api/authentication_handler
[HttpGet]
[Route("/api/authentication_handler")]
public HttpResponseMessage HandleAuthentication(string code)
{
return string.IsNullOrWhiteSpace(code)
? new HttpResponseMessage(HttpStatusCode.InternalServerError)
: new HttpResponseMessage(HttpStatusCode.OK);
}
Am I missing anything obvious?
So, found out what was happening. Make sure you clear your cookies or use incognito mode when testing this kind of stuff. Seems as if Chrome was caching my calls since I was never even hitting the initial endpoint after changing some code and testing this out. Once I did I was able to find that the client_id wasn't properly getting set due to the way I was using string literals.