Albert Albert - 2 months ago 13
PHP Question

Yahoo YOS Social PHP5 library error

I'm trying to sign a user in using Yahoo. I'm using the Yos social php5 sdk. It asks for permission and after that, dies with the error token_rejected.

That's all I get back. This is what my code looks like (note: I'm using this in codeigniter):

function yahoo($url) {
if($url == 'login') {
$url = base_url('user/yahoologin');
} else {
$url = base_url('user/yahooregister');
}
set_include_path(APPPATH . "libraries/Yahoo");
require_once APPPATH . "libraries/Yahoo/OAuth/OAuth.php";
require_once APPPATH . "libraries/Yahoo/Yahoo/YahooOAuthApplication.class.php";
$CONSUMER_KEY = 'consumerkey--';
$CONSUMER_SECRET = 'secret';
$APPLICATION_ID = 'appid';
$CALLBACK_URL = $url;
$oauthapp = new YahooOAuthApplication($CONSUMER_KEY, $CONSUMER_SECRET, $APPLICATION_ID, $CALLBACK_URL);

# Fetch request token
$request_token = $oauthapp->getRequestToken($CALLBACK_URL);

# Redirect user to authorization url
$redirect_url = $oauthapp->getAuthorizationUrl($request_token);
redirect($redirect_url);
}

public function yahoologin() {
set_include_path(APPPATH . "libraries/Yahoo");
require_once APPPATH . "libraries/Yahoo/OAuth/OAuth.php";
require_once APPPATH . "libraries/Yahoo/Yahoo/YahooOAuthApplication.class.php";
$CONSUMER_KEY = 'consumerkey--';
$CONSUMER_SECRET = 'secret';
$APPLICATION_ID = 'appid';
$CALLBACK_URL = base_url("user/yahoologin");
$oauthapp = new YahooOAuthApplication($CONSUMER_KEY, $CONSUMER_SECRET, $APPLICATION_ID, $CALLBACK_URL);

# Fetch request token
$request_token = $oauthapp->getRequestToken($CALLBACK_URL);
# Exchange request token for authorized access token
$access_token = $oauthapp->getAccessToken($request_token, $_REQUEST['oauth_verifier']);

# update access token
$oauthapp->token = $access_token;

# fetch user profile
$profile = $oauthapp->getProfile();

var_dump($profile);
}


The only error I'm getting is this:

YahooOAuthAccessToken Object
(
[key] =>
[secret] =>
[expires_in] =>
[session_handle] =>
[authorization_expires_in] =>
[yahoo_guid] =>
[oauth_problem] => token_rejected
)


And that's on the
$access_token = $oauthapp->getAccessToken($request_token, $_REQUEST['oauth_verifier']);
line. Any assistance to get this working? I seriously think Yahoo's got the worst API ever.

Answer

Because there isn't much out there that helps with yahoo api, I thought I'd post my solution so people who struggle can get answers.

What I didn't realise is that every time you call $oauthapp->getRequestToken($url), Yahoo returns a random signature and key, and it's up to you to save them to a session or variable or database or whatever. I opted for a session. So right after I get my request token, I save it to the session:

function yahoo($url) {
    if($url == 'login') {
        $url = base_url('user/yahoologin');
    } else {
        $url = base_url('user/yahooregister');
    }
    set_include_path(APPPATH . "libraries/Yahoo");
    require_once APPPATH . "libraries/Yahoo/OAuth/OAuth.php";
    require_once APPPATH . "libraries/Yahoo/Yahoo/YahooOAuthApplication.class.php";
    $CONSUMER_KEY      = 'xxxx';
    $CONSUMER_SECRET   = 'xxxx';
    $APPLICATION_ID    = 'xxxx';
    $CALLBACK_URL      = $url;
    $oauthapp      = new YahooOAuthApplication($CONSUMER_KEY, $CONSUMER_SECRET, $APPLICATION_ID, $CALLBACK_URL);

    # Fetch request token
    $request_token = $oauthapp->getRequestToken($CALLBACK_URL);
    $this->session->set_userdata('request_token',json_encode($request_token));

    # Redirect user to authorization url
    $redirect_url  = $oauthapp->getAuthorizationUrl($request_token);
    redirect($redirect_url);
}

Now just for some clarification: This function is called by the link provided by the Yahoo! Login button on my home page (this is in codeigniter):

<?php
    echo form_button(
    array(
        'name'    => 'yahoo-login',
        'id'      => 'yahoo-login',
        'title'   => 'Yahoo Login',
        'class'   => 'btn span12 btn-yahoo',
        'type'    => 'button',
        'onclick' => "javascript:void openWindow('" . base_url('user/yahoo') . "/login','Yahoo! Login',580,400);return false;"),
    "<i class='icon icon-yahoo'></i> Log in with Yahoo!"
); ?>

As you can see, I set a user session with the request_token as a json_encoded string. In my login function, I get the token from the session and just decode it. and pass it to whatever function needs it:

public function yahoologin() {
    set_include_path(APPPATH . "libraries/Yahoo");
    require_once APPPATH . "libraries/Yahoo/OAuth/OAuth.php";
    require_once APPPATH . "libraries/Yahoo/Yahoo/YahooOAuthApplication.class.php";
    $CONSUMER_KEY      = 'xxxx';
    $CONSUMER_SECRET   = 'xxxx';
    $APPLICATION_ID    = 'xxxx';
    $CALLBACK_URL      = base_url("user/yahoologin");
    $oauthapp      = new YahooOAuthApplication($CONSUMER_KEY, $CONSUMER_SECRET, $APPLICATION_ID, $CALLBACK_URL);

    # Fetch request token
    $request_token = json_decode($this->session->userdata('request_token'));
    # Exchange request token for authorized access token
    $access_token = $oauthapp->getAccessToken($request_token, $_REQUEST['oauth_verifier']);

    # update access token
    $oauthapp->token = $access_token;

    # fetch user profile
    $profile = $oauthapp->getProfile();

    var_dump($profile);
}

Note: Obviously this doesn't log anyone in at the moment, but it does get me way further than I've been for a week.

I hope this helps someone that's struggling with Yahoo!'s API.

Comments