Yahoo Login suddenly not working

Have last several months on app requiring Yahoo login. Was working great for months, took two weeks to focus on another project, come back today and I get the following error:

"error": "invalid_request",
"error_description": "InternalOAuthError: Failed to fetch user profile"

This occurs both via my app or with the Auth0 test function on the Auth0 dashboard.

So it appears when this has happened in the past it has only been a temporary issue.

I am using auth0-spa-js with Vue. I get a push notification from Yahoo that i have successfully signed in, so there is some other get that occurs afterwards that returns 302.

Has anyone experienced this yet? Is there a fix coming? This app is reliant on Yahoo so access is key for me.

Any feedback would be greatly appreciated.

My assumption is that Yahoo has changed something on their end and it’s not reflected in the Yahoo Social Connection in the Auth0 dashboard. I’ll give it a try myself.

Update: just enabled Yahoo and I don’t even get that far, already getting an error page on Yahoo end saying:

I’m using the Auth0 dev keys though, maybe it’s related to those. So, my assumption is as stated above. I’ll report it internally.

The OIDC discovery url of Yahoo is at https://api.login.yahoo.com/.well-known/openid-configuration and the endpoint that Auth0 is calling is correct at least.

@rjskene83 we changed the way we retrieve the profile from Yahoo a week ago because Yahoo is deprecating the endpoint we were using.

We notified customers that had active usage of Yahoo connections. The documentation is here https://auth0.com/docs/migrations/guides/yahoo-userinfo-updates

Make sure you select in Auth0 the same Permissions you select in the Yahoo application.

If that does not fix it, please share with me your tenant information by private message so we can check if there’s something special going on.

Regards,

Andres

2 Likes

Thank you will test and revert

2 Likes

Thank you and let us know if you have any other further questions!

Apologies … seemed like a simply fix but it is not working for me.

First, my app is Fantasy Sports app and I only have two options in Yahoo under API Permissions: 1) Read 2) Read / Write

versus the Auth0 connections structure which has 4 1) Basic Profile 2) extended profile 3) Basic Profile Write 4) Extended Profile Write

So the options do not align.

I tried all of the options under the Auth0 dashboard and all options in any combination resulted in the same error described my original post, all using the “Try” function in dashboard.

So i will provide my tenant details by PM as suggested

It doesn’t like like Auth0 supports the Fantasy Sports scopes out of the box, I don’t see an option in our Auth0 Dashboard > Social Connections > Yahoo config for it. So, I assume, that would require a custom social connection, if that’s needed (unless/until it gets updated in the Auth0 Dashboard).

Or easier: pass the respective necessary scopes for Fantasy Sports as connection_scope, as per https://auth0.com/docs/connections/adding-scopes-for-an-external-idp#2-pass-scopes-to-authorize-endpoint. (I haven’t tested this myself for Yahoo in particular, should work).


But that aside: it seems that Yahoo changes something again once more. FYI @andres.aguiar

This is a screenshot I took yesterday, when I tested the Yahoo connection, regarding the permission settings:

Today, the options looks like this (they seem to have removed the “Profiles (Social Directory)” section, renamed it to “Relationships (Social Directory)” with only two scopes.

We’ll take a look.

It seems that if you don’t select any scope on Auth0’s side (which will cause Auth0 to ask just for ‘openid’), and enable all permissions in the app, including Fantasy Sports, it prompts the user for consent for those:

image

@rjskene83 could you please give that a try and see if you can achieve what you need?

And please share the results with us once you have a chance to test it

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.