Yahoo API Changes
Yahoo changed the API that applications need to use to retrieve the User Profile from their Social Directory API to a Yahoo /userinfo
endpoint. This change implies that the structure of the user profile for Yahoo users in Auth0 will change.
Auth0 previously loaded all the profile data that Yahoo returned, and added these additional fields that were mapped from the Yahoo profile.
Yahoo stopped returning url
, profileUrl
, isConnected
, and a set of other fields listed in Yahoo’s documentation (see "List Of Attributes Deprecated in Social Directory Profile Api"). Those other fields will also not be part of the profile.
The Yahoo /userinfo
endpoint returns different fields depending on the API permissions that you configure in the Yahoo Application definition. Yahoo lets you grant one of four permissions in the Profile (Social Directory) permissions section:
Read Public Basic
Read Public Extended
Read Write Public
Read Write Public and Private
Actions
When configuring the Yahoo Connection in your Auth0 Dashboard, select the attribute that corresponds to the permissions you granted in your Yahoo setup. If you choose an attribute that does not match what you specified on Yahoo, the login transaction will fail.
If you do not select any permissions in the Auth0 connection settings, Auth0 will, by default, ask for the openid
scope which returns the profile fields that correspond to the API permission you specified in the Yahoo Application. For example, if your Yahoo application is configured with the Read Public Extended permission, Yahoo returns the following fields:
sub, name
given_name
family_name
locale
email
email_verified
birthdate
profile_images
picture
preferred_username
phone_number
nickname
If you are using the Yahoo connection to authenticate users and get their basic information, your application will continue to work without changes.
If your application is accessing fields in the user profile that are no longer available, then you will need to enable the correct Connection Attribute in the Auth0 Dashboard and adjust your application code to use the proper field names.