Yahoo OAuth2 has been deprecated

SocialConnect / auth

:atom: Social (OAuth1\OAuth2\OpenID\OpenIDConnect) sign with PHP :shipit:

https://socialconnect.lowl.io/

MIT License

551 stars 102 forks source link

Yahoo OAuth2 has been deprecated #124

Open curtisgibby opened 4 years ago

curtisgibby commented 4 years ago

Issue

Yahoo! has EOL'd their OAuth2 ("Social Directory") API, and is encouraging developers to adopt an OpenID Connect pattern for their user authentication flow.

My env

PHP: 7.2

Library: ADmad cakephp-social-auth

Provider: Yahoo (OAuth2)

Provider options:

'yahoo' => [
    'applicationId' => Configure::read('Yahoo.app_id'),
    'applicationSecret' => Configure::read('Yahoo.app_secret'),
]

I'll try to figure out how to adapt the existing Google OpenID Connect provider to create a version for Yahoo.

curtisgibby commented 4 years ago

I spent hours last night trying to get the OpenID Connect version of Yahoo's implementation working correctly, but was stymied by decoding the id_token that they return. They're giving it back with an algorithm of ES256, but the SocialConnect JWX library doesn't support this algo. @ovr can you tell me why this support was removed?

Is there a way to tell Yahoo "these are the decoding methods that we support", so that it gives us back the token in, say, RS256 instead?

ovr commented 4 years ago

Hey!

hey're giving it back with an algorithm of ES256, but the SocialConnect JWX library doesn't support this algo.

A lot of time passed, I am trying to remember and possible ES was disabled, because I was not able to implement ES keys encoding... (maybe)

This moment,

https://github.com/SocialConnect/jwx/blob/master/tests/JWTTest.php#L228

Who knows 😸

ovr commented 4 years ago

Added ES256/384/512 support back with tests on real EC keys.

Released as 1.2.0

Should works I think.

ovr commented 4 years ago

ping @curtisgibby