IDM 7.3.1

Yahoo social identity provider

Social authentication is deprecated and will be removed in a future release of IDM. For more information, refer to Deprecation.

Set up Yahoo

To set up Yahoo as a social identity provider, navigate to the following page: Yahoo OAuth 2.0 Guide. You’ll need a Yahoo account. You can then navigate to the Create an App page, where you can follow the Yahoo process to create a new web application with the following information:

  • Application Name

  • Web Application

  • Callback Domain, such as openidm.example.com; required for IDM

  • API Permissions; for whatever you select, choose Read/Write. IDM only reads Yahoo user information.

When complete and saved, you should see a Client ID and Client Secret for your new web app.

Yahoo supports URLs using only HTTPS, only on port 443. For more information on how to configure IDM to use these ports, refer to Host and port information.

Configure Yahoo as a social identity provider

To configure a Yahoo social identity provider using the admin UI:

  1. From the navigation bar, click Configure > Social ID Providers.

  2. On the Social Identity Providers page, enable Yahoo.

  3. In the Yahoo Provider window, enter applicable values in the fields, and click Save. For a complete list of fields, refer to Yahoo Social Identity Provider Configuration Details.

After you save the social identity provider configuration, IDM generates a conf/identityProvider-yahoo.json file:

{
    "provider" : "yahoo",
    "scope" : [
        "openid",
        "sdpp-w"
    ],
    "uiConfig" : {
        "iconBackground" : "#7B0099",
        "iconClass" : "fa-yahoo",
        "iconFontColor" : "white",
        "buttonClass" : "fa-yahoo",
        "buttonDisplayName" : "Yahoo",
        "buttonCustomStyle" : "background-color: #7B0099; border-color: #7B0099; color:white;",
        "buttonCustomStyleHover" : "background-color: #7B0099; border-color: #7B0099; color:white;"
    },

The next part of the file includes schema information, which includes properties for each social identity account, as collected by IDM, as well as the order in which it appears in the admin UI. When you’ve registered a user with a Yahoo social identity, you can verify this by selecting Manage > Yahoo, and then selecting a user.

Next, there’s the part of the file that you may have configured through the admin UI, plus additional information on the redirectUri, the configClass, and the authenticationIdKey:

    "authorizationEndpoint" : "https://api.login.yahoo.com/oauth2/request_auth",
    "tokenEndpoint" : "https://api.login.yahoo.com/oauth2/get_token",
    "wellKnownEndpoint" : "https://api.login.yahoo.com/.well-known/openid-configuration",
    "issuer" : "https://api.login.yahoo.com",
    "clientId" : "<Client_ID_Name>",
    "clientSecret" : {encrypted-client-secret},
    "authenticationIdKey" : "sub",
    "redirectUri" : "https://openidm.example.com/",
    "basicAuth" : false,
    "configClass" : "org.forgerock.oauth.clients.oidc.OpenIDConnectClientConfiguration",
    "enabled" : true

If you need more information about the properties in this file, refer to the following appendix: Yahoo Social Identity Provider Configuration Details.

Configure user registration to link to Yahoo

Once you’ve configured the Yahoo social identity provider, you can activate it through User Registration. To do so in the admin UI, select Configure > User Registration, and activate that feature. Under the Social tab that appears, enable Social Registration. For more information on IDM user self-service features, refer to Self-service end user UI.

When you enable Social Registration, you’re allowing users to register on IDM through all active social identity providers.

Yahoo social identity provider configuration details

You can set up the Yahoo social identity provider through the admin UI or in a conf/identityProvider-yahoo.json file. IDM generates the identityProvider-yahoo.json file when you configure and enable this social identity provider in the admin UI. Alternatively, you can create the file manually.

The following table includes the information shown in the admin UI Yahoo Provider pop-up window, along with associated information in the identityProvider-yahoo.json file.

Yahoo supports URLs using only HTTPS, only on port 443. For more information on how to configure IDM to use these ports, refer to Host and port information.

Yahoo social identity provider configuration properties
Property (UI) Property (JSON file) Description

Client ID

clientId

The client identifier for your Yahoo App.

Client Secret

clientSecret

Used with the Client ID to access the applicable Yahoo API.

Scope

scope

An array of strings that allows access to user data.

Authorization Endpoint

authorizationEndpoint

Typically, https://api.login.yahoo.com/oauth2/request_auth; known as a Yahoo Authorize URL.

Token Endpoint

tokenEndpoint

Endpoint that receives a one-time authorization code, and returns an access token. Typically, https://api.login.yahoo.com/oauth2/get_token.

Well-Known Endpoint

wellKnownEndpoint

Access for other URIs. Typically, https://login.yahoo.com/.well-known/openid-configuration.

Issuer

issuer

The token issuer. Typically, https://api.login.yahoo.com.

Not in the admin UI

provider

Name of the social identity provider.

Not in the admin UI

configClass

Configuration class for the authentication module.

Not in the admin UI

basicAuth

Whether to use basic authentication.

Not in the admin UI

propertyMap

Mapping between Yahoo and IDM.

For information on social identity provider buttons and badges, refer to Social identity provider button and badge properties.