YQL, Flickr, OAuth, YAP

Erik Eldridge

Yahoo! Developer Network

3/31/09Photo credit: Marco Bellucci((http://ow.ly/1M0c)

Follow along (or skip ahead)

• http://slideshare.net/erikeldridge

YQL

YQL is select * from internet

• Allows you to quickly & simply mashup data from Yahoo! and elsewhere

• Programmatic SQL-like language

• Successor to Yahoo! Pipes

YQL on YDN

YQL console

BOSS-like search

Public data

YQL proxy & frontend

YQL trogdor

HTML to extract

HTML extraction in console

HTML extraction code

RSS extraction

RSS raw

RSS extraction in console

RSS extraction code

RSS extracted

YQL Open Tables

Open table examples

Twitter status Open Table

Twitter status table raw

Twitter status Open Table in action

Resources

• YQL:http://developer.yahoo.com/yql

• Open Table examples: http://github.com/spullara/yql-tables/tree/master

• PHP:http://php.net

Flickr

Flickr homepage

Flickr API page

Use YQL for public pics

Desc flickr.photos.search

Resolve Flickr username

Request user’s photos in YQL

Use proxy to get data

Catch the data in the client

Output

Flickr API endpoint

Flickr API explorer

Flickr Auth: fetching frob

Flickr auth: fetching token

Flickr auth: making request

Resources

• Flickr APIs:http://www.flickr.com/services/api/

OAuth

Overview

• What is OAuth?

• In general, how do I use it?

• Getting started with Oauth on Yahoo!

OAuth is an open protocol

• Allows developers to safely access a user’s private data

• Similar to OpenID• Used to secure HTTP requests• Credentials given only to trusted sites• Open alternative to proprietary protocols

– Google’s AuthSub– AOL’s OpenAuth– Yahoo’s BBAuth and FlickrAuth– Facebook’s FacebookAuth

How does a developer use it?

1. Fetch a request token

2. Redirect user to authorize with request token

3. Fetch and store an access token

4. Make signed API requests

For the visually-inclinedYour App (the consumer) API (Oauth provider)

Your App APIAccess token

Your App APISigned request

The user APIAuthorization

Your App APIRequest token

Fetch request token

Yahoo! Oauth diagram

http://ow.ly/1KuX

How to get a Yahoo! Oauth API key and secret

The YDN registration form

• be sure to:– Select “Web-based” from the drop-down if

you want to make a web app– Request access to “private user data” if

you need social data in your app

Successful registration

• Shows the key and secret used for signing a request

Domain verification

• For web-based apps, you will need to verify that you own the domain that will be hosting your app

The easiest way to get started is with the Yahoo! PHP SDK

<?phprequire('yosdk/lib/Yahoo.inc');

$key = 'dj0yJmk9b25tMTdCb3NndVc3JmQ9WVdrOWRFRlFXbFJqTkRnbWNHbzlNakV6TmpNMU16TTUmcz1jb25zdW1lcnNlY3JldCZ4PWQ4';

$secret = 'ccb100d2ddd70c90e999055311b714db17a35029';$app_id = 'tAPZTc48';

$session = YahooSession::requireSession($key, $secret, $app_id);$user = $session->getSessionedUser();

$title = ' installed this OAuth app';$link = 'http://example.erikeldridge.com/oauth/';$suid = 'update'.time();

$user->insertUpdate($suid, $title, $link);

An example update on the Yahoo! profile page

App Updates

Updates are distributed across Yahoo! and beyond• Properties, e.g., Mail, Profiles, Buzz, etc.• Clients, e.g., Messenger, Toolbar• Externally through Updates API

The next easiest way is to use one of the freely available

libraries

Fetching request token without the Yahoo! PHP SDK

<?php$key =

'dj0yJmk9b25tMTdCb3NndVc3JmQ9WVdrOWRFRlFXbFJqTkRnbWNHbzlNakV6TmpNMU16TTUmcz1jb25zdW1lcnNlY3JldCZ4PWQ4';$secret = 'ccb100d2ddd70c90e999055311b714db17a35029'; require('yosdk/lib/OAuth.php'); $consumer = new OAuthConsumer($key, $secret);//key/secret from Y!$url = 'https://api.login.yahoo.com/oauth/v2/get_request_token';$request = OAuthRequest::from_consumer_and_token($consumer, NULL, 'POST', $url, array());$request->sign_request(new OAuthSignatureMethod_PLAINTEXT(), $consumer, NULL); $ch = curl_init($url);$options = array(

CURLOPT_POSTFIELDS => $request->to_postdata(),CURLOPT_RETURNTRANSFER => true

);curl_setopt_array($ch, $options);parse_str(curl_exec($ch), $resp);curl_close($ch); $requestToken = new stdclass();$requestToken->key = $resp["oauth_token"];$requestToken->secret = $resp["oauth_token_secret"]; file_put_contents('token.txt', json_encode($requestToken));$url = sprintf("https://%s/oauth/v2/request_auth?oauth_token=%s",

'api.login.yahoo.com', urlencode($requestToken->key)

);echo “go here & authorize: $url”;

Fetching the access token without the Yahoo! PHP SDK,

part 1

$key = 'dj0yJmk9b25tMTdCb3NndVc3JmQ9WVdrOWRFRlFXbFJqTkRnbWNHbzlNakV6TmpNMU16TTUmcz1jb25zdW1lcnNlY3JldCZ4PWQ4';

$secret = 'ccb100d2ddd70c90e999055311b714db17a35029';$app_id = 'tAPZTc48';require('yosdk/OAuth.php');$consumer = new OAuthConsumer(KEY, SECRET);$requestToken = json_decode(file_get_contents('token.txt')); $url = 'https://api.login.yahoo.com/oauth/v2/get_token';$request = OAuthRequest::from_consumer_and_token($consumer, $requestToken, 'POST', $url, array());$request->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $consumer, $requestToken);$headers = array(

"Accept: application/json");$ch = curl_init($url);$options = array( CURLOPT_POST=> true,

CURLOPT_POSTFIELDS => $request->to_postdata(),CURLOPT_RETURNTRANSFER => true

);curl_setopt_array($ch, $options);parse_str(curl_exec($ch), $response); curl_close($ch);

Fetching the access token without the Yahoo! PHP SDK,

part 2

$now = time();$accessToken = new stdclass();$accessToken->key = $response["oauth_token"];$accessToken->secret = $response["oauth_token_secret"];$accessToken->guid = $response["xoauth_yahoo_guid"];$accessToken->consumer = $consumer;$accessToken->sessionHandle = $response["oauth_session_handle"];if(array_key_exists("oauth_expires_in", $response)) { $accessToken->tokenExpires = $now + $response["oauth_expires_in"];}else { $accessToken->tokenExpires = -1;}if(array_key_exists("oauth_authorization_expires_in", $response)) { $accessToken->handleExpires = $now + $response["oauth_authorization_expires_in"];}else { $accessToken->handleExpires = -1;}file_put_contents('token.txt', json_encode($accessToken));

Making a signed request to Updates API without the Yahoo! PHP SDK, part 1

$guid = $response["xoauth_yahoo_guid"];$title = 'Confirmation update';//arbitrary title$description = 'The time is now '.date("g:i a");//arbitrary desc$link = sprintf('http://%s/oauth/', ‘example.erikeldridge.com/oauth’);//arbitrary link$source = ’APP.'.$app_id;//note: 'APP.' syntax$date = time();$suid = ’update'.time();//arbitrary, unique string$body = array(

"updates" => array(array(

"collectionID" => $guid,"collectionType" => "guid","class" => "app","source" => $source,"type" => 'appActivity',"suid" => $suid,"title" => $title,"description" => $description,"link" => $link,"pubDate" => (string)$date

))

);

Making a signed request to Updates API without the Yahoo! PHP SDK, part 2

$url = sprintf("http://%s/v1/user/%s/updates/%s/%s",'social.yahooapis.com', $guid, $source, urlencode($suid)

);$request = OAuthRequest::from_consumer_and_token(

$consumer, $accessToken, 'PUT', $url, array());

$request->sign_request(new OAuthSignatureMethod_HMAC_SHA1(),$consumer, $accessToken

);

Making a signed request to the Updates API without the

Yahoo! PHP SDK, part 3

$headers = array("Accept: application/json");$headers[] = $request->to_header();$headers[] = "Content-type: application/json";$content = json_encode($body); $ch = curl_init($url);$options = array(

CURLOPT_HTTPHEADER => $headers,CURLOPT_POSTFIELDS => $content,CURLOPT_RETURNTRANSFER => true,CURLOPT_CUSTOMREQUEST => 'PUT',CURLOPT_TIMEOUT => 3

);curl_setopt_array($ch, $options);$resp = curl_exec($ch);curl_close($ch);

Resources

• Hueniverse’s introduction:http://www.hueniverse.com/hueniverse/2007/10/beginners-guide.html

• Yahoo!’s Oauth documentation:http://developer.yahoo.com/oauth

• Yahoo! PHP and ActionScript SDKs:http://developer.yahoo.com/social/sdk/

• Google’s OAuth playground:http://googlecodesamples.com/oauth_playground/

Yahoo! Application Platform

Why is Yahoo! opening up?

• A history of supporting open technology– Apache, MySQL, PHP, JavaScript,

BSD/Linux, to name a few

• A history of hacking

• Yahoo! wants to share its audience

What is the Yahoo! Application Platform?

• It’s a way to run apps on Yahoo!

3 views of YAP: My Y! screenshot

3 views of YAP: canvas screenshot

3 views of YAP: y! metro

Yahoo! Application Platform (YAP)

• Optimized for speed and security (YML, Caja)• Uses raw Javascript, CSS, and HTML, and

Yahoo! Markup Language (YML)• Supports OpenSocial JavaScript API

How do I use it?

YDN key/secret

+

Your server

+

Your code

=

Your app on Yahoo!

Example: OpenSocial Activities

<script>var params = {};params[opensocial.Activity.Field.TITLE] = 'title';params[opensocial.Activity.Field.BODY] = 'body';

var activity = opensocial.newActivity(params);

opensocial.requestCreateActivity(activity,opensocial.CreateActivityPriority.LOW,function(){});

</script>

Example: Screenshot of results

What does YAP do for me?

• Hundreds of millions of Yahoo! users

• Instant publication

• Secure, Standard JavaScript, HTML, CSS

• OpenSocial JS API

Resources

• developer.yahoo.com– /dashboard– /yap– /yap/yml– /social– /forums

• Caja project• iframe security

תודה!Thank you!

• Find me on slideshare, twitter and github @erikeldridge