验证后Yahoo API的问题

Question

I've been searching for answers for this for a while but I can't seem to find the answer. I've tried several things, all of which I'll list here, and hopefully someone can point me in the right direction.

First off, I've built a simple Node app using the Hapi framework. In addition, I'm using the Bell library, also from the Hapi guys, to authenticate with Yahoo and hapi-auth-cookie to set my session with the authentication results. This, from what I can tell, is working perfectly.

Bell, once the user is authenticated, provides me with a token and a secret.

The token looks something like this:

A=vvnxl1_FhCK6FPEFbIA.p_N8cSet7Ifmye.i3mWa6hrlh7fXecZhQvumjKSXPkRGfcj2BaFSmZCWPXeW67G8kqiS4G3Z7yBR

The secret looks something like this:

9e17917hsjf863c220c35f3f3385b6e4cd586c84

So once I authenticate and am redirected to my homepage, i have these two and a cookie is set. It's my understanding that I'm ready roll. I then try to hit the Yahoo API using the following URL:

https://fantasysports.yahooapis.com/fantasy/v2/leagues;league_keys=328.l.5668/standings?format=json

The response to hitting this URL is:

{
"error":
    {
        "lang": "en-US",
        "description": "Please provide valid credentials. OAuth oauth_problem=\"unable_to_determine_oauth_type\", realm=\"yahooapis.com\""
     }
 }

Obviously the URL I'm trying to hit is incomplete. However, I am unsure of what the required params are. I've been to the Yahoo docs 1000 times, but I can't seem to find this specific answer. All the examples there mostly relate to the authentication bit, which I should be done with. So, hoping I'd get lucky, I started trying to pass in the token and secret in the URL. In this one I tried API URL + token + secret + signature. The token and secret I'm using are the ones provided by Bell referenced above:

https://fantasysports.yahooapis.com/fantasy/v2/leagues;league_keys=328.l.5668/standings?format=json&&oauth_token=A=tqq2L3D54ATsQZbgHB95b0ZyCj_kgq01R69vTulZ6lP9evhzddrIaksmd6u21fNSPFQ8WtVBsWr9GFk1zQtsw_OP4pKKaDKs2TxHlqwAYp4ZyIkthzPcSnJQka.J2THeK8BHC8eeisT4EeQpMqcDgefX6Hbb1CsQ_bD00ECd3AE.uGdF_6sm&oauth_secret=b5d2359f191cc72cfd318b5cf&oauth_signature=524a4f6e1407acd00a98f53973180%26b5d2359f191cc4c7d7d7bfd318b5cf

Now, it tells me that the token was rejected:

{
    "error": {
        "lang": "en-US",
        "description": "Please provide valid credentials. OAuth oauth_problem=\"token_rejected\", realm=\"yahooapis.com\""
    }
}

I also tried it without the signature first, in which case the error tells me that the signature is missing.

Any help here would be appreciated. From searching for the past week I see that the Yahoo API isn't the easiest thing to work with, but hopefully someone has some insight here as it seems that I'm so close. I hope I included all the info you need, thank you!!

Answer 1

Once user is authenticated properly then you will have the "oauth_token" and the "oauth_token_secret", which you have as you mentioned.

Now, while trying to access the Yahoo API, you need to provide the "token" and "secret" as per oauth spec, so that Yahoo understands that you are allowed to access their APIs.

This is how oauth works, you can either provide the oauth information as part of "Authorization" header or query params with the url.

"oauth_token_secret" (with all other call information) should be used to generate the "oauth_signature" which yahoo will verify at their end. "secret" is not supposed to be sent as it is, while accessing their apis.

Note that, oauth information doesn't only involve the "token" and the "signature" but also the "nonce", "timestamp", "version", "signature_method", etc. All the information (along with secret) will be used to generate the signature which will then be passed to the yahoo as part of their api call.

Oauth docs can be found at http://tools.ietf.org/pdf/rfc5849.pdf

HTH