Yahoo OAuth2 has been deprecated

[curtisgibby]

Issue

Yahoo! has EOL'd their OAuth2 ("Social Directory") API, and is encouraging developers to adopt an OpenID Connect pattern for their user authentication flow.

My env

PHP: 7.2

Library: ADmad cakephp-social-auth

Provider: Yahoo (OAuth2)

Provider options:

'yahoo' => [
    'applicationId' => Configure::read('Yahoo.app_id'),
    'applicationSecret' => Configure::read('Yahoo.app_secret'),
]

I'll try to figure out how to adapt the existing Google OpenID Connect provider to create a version for Yahoo.

[curtisgibby]

I spent hours last night trying to get the OpenID Connect version of Yahoo's implementation working correctly, but was stymied by decoding the id_token that they return. They're giving it back with an algorithm of ES256, but the SocialConnect JWX library doesn't support this algo. @ovr can you tell me why this support was removed?

Is there a way to tell Yahoo "these are the decoding methods that we support", so that it gives us back the token in, say, RS256 instead?

[ovr]

Hey!

hey're giving it back with an algorithm of ES256, but the SocialConnect JWX library doesn't support this algo.

A lot of time passed, I am trying to remember and possible ES was disabled, because I was not able to implement ES keys encoding... (maybe)

This moment,

https://github.com/SocialConnect/jwx/blob/master/tests/JWTTest.php#L228

Who knows 😸

[ovr]

Added ES256/384/512 support back with tests on real EC keys.

Released as 1.2.0

Should works I think.

[ovr]

ping @curtisgibby