Loading ...
Sorry, an error occurred while loading the content.

Re: Very confused about the use of OAuth in PlaceFinder

Expand Messages
  • r.hertzman
    I m no expert at this yet, but... You do need OAuth, but as I understand it, you should skip steps 2-5 in the flow, since you re doing the two-legged
    Message 1 of 2 , Jun 29, 2013
    • 0 Attachment
      I'm no expert at this yet, but... You do need OAuth, but as I understand it, you should skip steps 2-5 in the flow, since you're doing the two-legged authorization rather than the three-legged version. You're not requesting private information so you don't need a user authorization. Did you check out the code examples at http://developer.yahoo.com/boss/geo/docs/codeexamples.html?

      What language and Oauth library are you using?


      --- In ysearchboss@yahoogroups.com, "visokiodev" <chris@...> wrote:
      >
      > Hi,
      >
      > We are in the process of developing a client to use the BOSS PlaceFinder.
      >
      > We signed up and obtained a consumer key and consumer secret. So in order to execute queries we would need to follow the OAuth Authorization flow (or so we thought):
      >
      > http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html
      >
      > This should result in an Access Token and a Token Secret that we can then use to undertake API requests. HOWEVER when we tried to pass these in through the request authorization header we get an "invalid_signiture" error. After a lot of testing and fiddling around we figured out that we don't need to pass this. Infact all we need to pass is the consumer key and consumer secret. So this means that PlaceFinder doesn't actually use OAuth after All.
      >
      > We are very confused. Do we need to follow the OAuth flow and ask the user to authorize every request? If not will this be implemented in the future?
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.