This is a fork of https://github.com/jaredhanson/passport-yahoo-oauth, that I have customized for my own use. The only changes are that I've changed the profile URL to https (now required by Yahoo!) and I've added the "oauth_session_handle" to the user object which aids in renewing client tokens after the hour that they expire in.
Passport strategies for authenticating with Yahoo! using the OAuth 1.0a API.
This module lets you authenticate using Yahoo! in your Node.js applications. By plugging into Passport, Yahoo! authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express.
$ npm install passport-yahoo-oauth
The Yahoo authentication strategy authenticates users using a Yahoo account
and OAuth tokens. The strategy requires a verify
callback, which accepts
these credentials and calls done
providing a user, as well as options
specifying a consumer key, consumer secret, and callback URL.
passport.use(new YahooStrategy({
consumerKey: YAHOO_CONSUMER_KEY,
consumerSecret: YAHOO_CONSUMER_SECRET,
callbackURL: "http://127.0.0.1:3000/auth/yahoo/callback"
},
function(token, tokenSecret, profile, done) {
User.findOrCreate({ yahooId: profile.id }, function (err, user) {
return done(err, user);
});
}
));
Use passport.authenticate()
, specifying the 'yahoo'
strategy, to
authenticate requests.
For example, as route middleware in an Express application:
app.get('/auth/yahoo',
passport.authenticate('yahoo'));
app.get('/auth/yahoo/callback',
passport.authenticate('yahoo', { failureRedirect: '/login' }),
function(req, res) {
// Successful authentication, redirect home.
res.redirect('/');
});
For a complete, working example, refer to the login example.
If you receive a 401 Unauthorized
error, it is most likely because you have
not yet specified any application "Permissions". Once you do so, Yahoo! will
generate new credentials for usage, and will then authenticate your requests
properly.
$ npm install --dev
$ make test
Copyright (c) 2012-2013 Jared Hanson <http://jaredhanson.net/>