Yahoo OAuth2 Implicit Grant flow not working for new yahoo app

Question

I have existing web app and dedicated Yahoo App working. It uses OAuth2 Implicit Grant Flow

Now I want to set up another domain working by same principle. I have created new Yahoo App with new callback domain

Url used to get user consent (in both cases) is https://api.login.yahoo.com/oauth2/request_auth?client_id=consumer_key&redirect_uri=https://redir_url&response_type=token

It is working for old domain and old Yahoo App (Consumer key ends in --) But it doesn't want to work with new domain and new Yahoo app (Consumer Key does NOT end in -- for some reason).

I get this message after vising user consent link:

Developers: Please choose response types from code, token or id_token and submit again.

although I provided valid response_token. Do you know the reason why it's not working for new domain and new Yahoo app?

code:

var authorizationUrl = 'https://api.login.yahoo.com/oauth2/request_auth'
            + '?client_id=' + encodeURIComponent(consumerKey)
            + '&redirect_uri=' + encodeURIComponent(redirectUri)
            + '&response_type=token';

window.open(authorizationUrl, '_blank', 'location=yes,height=570,width=650,scrollbars=yes,status=yes');

Answer 1

Looks like the API is asking for the literal word "id_token" (or "code" or "token") as the response_type parameter. You didn't post your code, but it sounds like you're actually putting in a response_token id value for that parameter.

Looking at the Yahoo API documentation, here is a sample URL which is similar to yours:

https://api.login.yahoo.com/oauth2/request_auth?client_id=dj0yJmk9WGx0QlE0UWdCa0hKJmQ9WVdrOWNrNUhXVnBhTkhFbWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD01OA--&response_type=id_token&redirect_uri=https://yahoo.com&scope=openid%20mail-r&nonce=YihsFwGKgt3KJUh6tPs2

You can see they wrote: &response_type=id_token, rather than &response_type=934984kklsdkjklfs or similar.

In general, OAuth API calls usually send back an access token or response token which is valid for your API session and eventually expires. This parameter is describing what type of token you want the API to return.

I can't talk to what might have changed between the 2 versions of your app, but I recommend that you check out the versioning and What's New section of Yahoo's API documentation.