get yahoo account contacts list with openid and OAuth (hybrid-OAuth) in java

In this tutorial we will see how to get user yahoo account contacts and use them. For example inviting on your website.We will see every step from creating YDN app to getting yahoo account contact list.

To invite users first of all you need to create YDN App. Sign up in your yahoo account and create YDN APP  to get contact list.

Note : There are two type of application in Yahoo .

You need to select Installed application . Because if you would select Web application then it would create lot of problem and we will messed up. We can use Installed application for Web Application also.

Problem if you will select Web Application

Yahoo does not allow localhost URL. So we can not give domain name and call back url. So batter we create Installed App and use it in web also. Here is screen for app create

developer-yahoo-com-apps-create contacts


After creating your app you will get client id and client secrate like this

developer-yahoo-com-apps-credential contact

Now we have created YDN app to get contacts and we get client id and client secret, next is to use these credntial to get user account contacts.

With Hybrid Oauth(OpenID+OAuth) there are two step :

  1. Authentication
  2. Authorization

Authentication is the process of verifying the identity of a user by obtaining some sort of credentials and using those credentials to verify the user’s identity. If the credentials are valid, the authorization process starts. Authentication process always proceeds to Authorization process.
Authorization is the process of allowing an authenticated users to access the resources by checking whether the user has access rights to the system. Authorization helps you to control access rights by granting or denying specific permissions to an authenticated user.

The first step is done by OpenID and second step is done with AOuth. Now let see how it is done .



Table Pre-approved Request Token, Request Parameters

Request Parameter Request Type Description
openid.ns OpenID This parameter should always be for OpenID 2.0 requests.
openid.mode OpenID Yahoo only supports checkid_setup. If you use checkid_immediate, the response will instead direct you to use checkid_setup.
openid.claimed_id OpenID (optional) The OpenID that the user provided.
openid.identity OpenID (optional) The OP-Local identifier, or if equal to:, the OP should choose an identifier for the user.
openid.assoc_handle OpenID (optional) The Association handle. You can set this association if your app and Yahoo have established an association.
openid.return_to OpenID After signing in, the user is taken to this URL.
openid.realm OpenID URL pattern of the domain that a user should trust. Example: *
openid.ns.oauth OpenID + OAuth Hybrid This OAuth-specific parameter should always be:
openid.oauth.consumer OpenID + OAuth Hybrid This OAuth-specific parameter is the OAuth Consumer Key provided by Yahoo upon registration.

Note: there is no scope parameter in above request, beacuse it is already included in Consumer Key. So we do not need to mention that.

Once user has Authorize APP for contacts detail we get response similer to this

If we decode this the exect respose will look like below code

In this response we have openid.oauth.request_token is most most important parameter which is usefull to us.This is user consent token . With this user consent token we will make request for oauth_token which will actually help us to get what we are looking for.

Now let see how to request for oauth_token and what parameter are required for getting oauth_token.

Get Access Token (get_token) Request Parameters

Request Parameter Description
oauth_consumer_key Consumer Key provided to you when you signed up.
oauth_signature_method The signature method that you use to sign the request. This can be PLAINTEXT or HMAC-SHA1.
oauth_nonce A random string
oauth_signature The concatenated Consumer Secret and Token Secret separated by an “&” character. If you are using the PLAINTEXT signature method, add %26 at the end of the Consumer Secret.
oauth_timestamp Current timestamp of the request. This value must be +-600 seconds of the current time.
oauth_verifier The OAuth Verifier is a verification code tied to the Request Token.
oauth_version OAuth version (1.0).
oauth_token The Request Token, which is required during the User authorization process and is short enough for the end User to easily enter. The Request Token is provided in the response to the get_request_token request.

The response of this request will get us oauth_token,  oauth_token_secret and xoauth_yahoo_guid  with these we will make request for contacts.

Let see what response we get with this request .

When we decode this response we will see oauth_token,  oauth_token_secret, xoauth_yahoo_guid and other paramerter more clearly like below

Now with we will make request for contact with  oauth_token,  oauth_token_secret, xoauth_yahoo_guid parameter.

Thats all . We are done with requests for getting contacts. We finally have got contacts with out lat request .

Let see complete code of getting contacts


We are making request for user Authentication and Autherization in single step with openId. If user is Autherizing our APP then we will be redirected at the url that we have specified in this request.


This is the code to get contacts. Most of things i have made clear in comments in the code. If you still have any doublt you may comment or email me for your queries.

Once user have autherized APP then he will be redired to this jsp page and we will get openid.oauth.request_token . By this token we will make request to get oauth_token. With this oauth_token and oauth_token_secret of this response we make call to Contact API and get contacts.

You can download complete code from github javafreakers directory

This is all in this tutorial. Enjoy programming,  keep learning new thing, keep smilling forever.

About the Author: devender kumar

java/j2EE developer

Comments are closed.