Yahoo API Changes

Yahoo changed the API that applications need to use to retrieve the User Profile from their Social Directory API to a Yahoo /userinfo endpoint. This change implies that the structure of the user profile for Yahoo users in Auth0 will change.

Auth0 previously loaded all the profile data that Yahoo returned, and added these additional fields that were mapped from the Yahoo profile.

Yahoo stopped returning url, profileUrl, isConnected, and a set of other fields listed in Yahoo’s documentation (see "List Of Attributes Deprecated in Social Directory Profile Api"). Those other fields will also not be part of the profile.

The Yahoo /userinfo endpoint returns different fields depending on the API permissions that you configure in the Yahoo Application definition. Yahoo lets you grant one of four permissions in the Profile (Social Directory) permissions section:

  • Read Public Basic

  • Read Public Extended

  • Read Write Public

  • Read Write Public and Private

Actions

When configuring the Yahoo Connection in your Auth0 Dashboard, select the attribute that corresponds to the permissions you granted in your Yahoo setup. If you choose an attribute that does not match what you specified on Yahoo, the login transaction will fail.

If you do not select any permissions in the Auth0 connection settings, Auth0 will, by default, ask for the openid scope which returns the profile fields that correspond to the API permission you specified in the Yahoo Application. For example, if your Yahoo application is configured with the Read Public Extended permission, Yahoo returns the following fields:

  • sub, name

  • given_name

  • family_name

  • locale

  • email

  • email_verified

  • birthdate

  • profile_images

  • picture

  • preferred_username

  • phone_number

  • nickname

If you are using the Yahoo connection to authenticate users and get their basic information, your application will continue to work without changes.

If your application is accessing fields in the user profile that are no longer available, then you will need to enable the correct Connection Attribute in the Auth0 Dashboard and adjust your application code to use the proper field names.