Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Does Yahoo and MS support Oauth 2.0? and few questions about oAuth 2.0

i have several questions...

  1. Does yahoo and microsoft api support oAuth 2.0?
  2. If yes then what are the main security measures those should be taken care of while shifting from oAuth 1.0 to oAuth 2.0.
  3. Google API supports oAuth 2.0. But they have still marked it as an experimental. Is it good to start shifting even though it is experimental?
  4. I see while registering an application on google (for oAuth 2.0), they ask for callback url. If a single application uses a condition dependent callback url such as -

    if($myVar == NULL) $callbackUrl = 'http://www.mydomain.com/test.php?m=f&params=null' else $callbackUrl = 'http://www.mydomain.com/test.php?m=x&params=1'

How can i implement above when the callback url is already specified? The above conditional mainly handles fallback model of an application or if browser supports java then java based model of an application. Kindly suggest

  1. May i know how many of email providing websites and social networks supports oAuth 2.0?
like image 713
Vinay Jeurkar Avatar asked Jun 23 '11 05:06

Vinay Jeurkar


People also ask

Does Yahoo mail use OAUTH2?

Yahoo IMAP/SMTP Exchange using OAUTH2. All identities supported by Yahoo share the same identify infrastructure. This means applications can use the same mechanism to obtain Oauth2 tokens for both Yahoo and AOL accounts. However applications and services need a separate set of client credentials for each namespace.

What is Yahoo OpenID and OAuth terms?

OpenID Connect is an authentication mechanism built on top of OAuth 2.0. Web, mobile, and JavaScript Clients can use OpenID Connect to verify the identity and obtain basic profile information of users.

Does outlook work with OAUTH2?

OAuth2 support for IMAP, POP, SMTP protocols as described below is supported for both Microsoft 365 (which includes Office on the web) and Outlook.com users. If you're not familiar with the OAuth 2.0 protocol, start by reading the OAuth 2.0 protocol on Microsoft identity platform overview.

What is OAUTH2?

OAuth 2.0, which stands for “Open Authorization”, is a standard designed to allow a website or application to access resources hosted by other web apps on behalf of a user. It replaced OAuth 1.0 in 2012 and is now the de facto industry standard for online authorization.


1 Answers

  1. Yahoo does not support OAuth2 yet, only Oauth 1.
    Microsoft does support OAuth2. http://msdn.microsoft.com/en-us/library/hh243647.aspx

  2. Oauth 2 is simpler since it uses SSL (HTTPS) to provide transport security, so the signatures and token-secrets are not needed. When you switch you will need to re-implement your OAuth flow. I can't think of any specific security measures specifically applicable to upgrading from OAuth1 to OAuth2, but the spec details some security considerations in section 10 (The parts applicable to clients are 10.3, 10.4, 10.5, 10.6, 10.8 and 10.9).

  3. The OAuth2 specification is still not finalized, and may change. You could begin to implement your OAuth2 flow with Google, but bear in mind that it is possible that names or requirements of parameters, endpoints etc. could change and your application will break / you will need to make changes in future. [Experimental Features] could change (or even be removed) at any time. It is probably a bad idea to use experimental (or beta) software in a critical production environment.
    Also, not all Google services support OAuth2 at the moment. eg. If you want to use OAuth for IMAP access to Gmail you will have to use OAuth1 for now.

  4. In the API Console, you can specify multiple callback URLs for your OAuth2 application, one per line. An alternative would be to store your 'm' and 'params' parameters in a browser session / cookie and do the redirect to the correct page once authorization is complete.

Support (some revision of) OAuth2: Facebook, Microsoft/Live, Google (with exceptions described above), Foursquare, GitHub, Gowalla, GeoLoqi, Salesforce.
Support OAuth1 Only: Yahoo, Flickr, Twitter.
Source.

like image 137
Crashthatch Avatar answered Sep 21 '22 10:09

Crashthatch