Yahoo OAuth2 Strategy for OmniAuth.
Supports OAuth 2.0 client-side flow. Read about it at:
Add to your Gemfile
gem 'omniauth-yahoo_auth'
Then bundle install
- Go to
- Click on
Create an app
. Give an application name, callback domain and Api Permissions. - This gem is tested with an app that had contacts and profiles API enabled with read access.
- Then hit create app button.
- Yahoo will now give you your app's id and secret.
- Add a route
get 'auth/:provider/callback', to: 'sessions#custom'
in your routes.rb file - Create a sessions controller and a custom method.
- Add the following in one of your initializer files or create a new one(say config/initializers/omniauth.rb)
Rails.application.config.middleware.use OmniAuth::Builder do
provider :yahoo_auth, ENV['YAHOO_APP_ID'], ENV['YAHOO_APP_SECRET']
- You can now restart your server and go to
. - Yahoo should now prompt the user to login using yahoo credentials. Enter them and hit login.
- You should be able to get access to an Auth hash using
inside your session#custom method.
NOTE: While developing your application, if you change the scope in the initializer you will need to restart your app server.
You can configure several options, which you pass in to the provider
method via a Hash
Option name | Default | Explanation |
name |
yahoo_auth |
It can be changed to any value, for example yahoo . The OmniAuth URL will thus change to /auth/yahoo . |
redirect_uri |
/auth/yahoo/callback |
Specify a custom callback URL used during the server-side flow. Default is https://www.your_callback_domain/auth/yahoo/callback |
For example:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :yahoo_auth,
name: "yahoo",
redirect_uri: "https://www.your_callback_domain/auth/yahoo/callback"
Here's an example Auth Hash available in request.env['omniauth.auth']
info: {
nickname: 'Harvey',
email: '[email protected]',
first_name: 'Harvey',
last_name: 'Specter',
image: '',
credentials: {
token: 'HnEU9cep1...', # OAuth 2.0 ACCESS_TOKEN.
refresh_token: 'AFBTm...', # REFRESH_TOKEN to to get a new OAuth 2.0 access_token when the previous one expires.
expires_at: 1503232413, # Time at which your OAuth 2.0 access_token expires.
expires: true # this will always be true.
extra: {
sub: '',
name: '',
middle_name: '',
nickname: '',
gender: 'M',
language: 'en-IN',
website: '',
birth_date: '',
zone_info: '',
updated_at: '',
email_verified: true,
address: '',
phone_number: '',
phone_number_verified: false,
The precise information available will depend on your request.
First define your application id and secret in config/initializers/devise.rb
. Do not use the snippet mentioned in the Usage section.
Configuration options can be passed as the last parameter here as key/value pairs.
config.omniauth :yahoo_auth, 'YAHOO_APP_ID', 'YAHOO_APP_SECRET', {}
Then add the following to 'config/routes.rb' so the callback routes are defined.
devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth_callbacks' }
Make sure your model is omniauthable. Generally this is "/app/models/user.rb"
devise :omniauthable, omniauth_providers: [:yahoo_auth]
Then make sure your callbacks controller is setup.
# app/controllers/users/omniauth_callbacks_controller.rb
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def yahoo_auth
# You need to implement the method below in your model (e.g. app/models/user.rb)
@user = User.from_omniauth(request.env['omniauth.auth'])
if @user.persisted?
flash[:notice] = I18n.t 'devise.omniauth_callbacks.success', kind: 'Yahoo'
sign_in_and_redirect @user, event: :authentication
session['devise.yahoo_data'] = request.env['omniauth.auth']
redirect_to new_user_registration_url, alert: @user.errors.full_messages.join("\n")
and bind to or create the user
# app/models/user.rb
def self.from_omniauth(access_token)
data =
user = User.where(email: data['email']).first
# Uncomment the section below if you want users to be created if they don't exist
# unless user
# user = User.create(name: data['nickname'],
# email: data['email'],
# password: Devise.friendly_token[0,20]
# )
# end
For your views you can login using:
<%= link_to "Sign in with Yahoo", user_yahoo_auth_omniauth_authorize_path %>
<%# Devise prior 4.1.0: %>
<%= link_to "Sign in with Yahoo", user_omniauth_authorize_path(:yahoo_auth) %>
Yahoo doesn't allow localhost or
as callback domain while making an app.
So, you can follow below steps to test this gem on your local environment.
- In case you are using unix or linux system, create a alias like
in /etc/hosts (you need have the line which is similar to the one mentioned here in the file) - Use in call back URL during local testing.
- You will need to run your rails app at port 80.
- To forcefully run your app on port 80 use
rvmsudo rails s -p 80
- Authorization flow of yahoo is described at :
- Yahoo social api documentation :
- Overview of devise and OAuth gems working together :
Bug reports and pull requests are welcome on GitHub at This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.