Yahoo API with Ruby on Rails and OAUTH2

Question

I have an RoR site that gets data from stock exchanges and I am using Yahoo's finance table via the Yahoo API. I need authorization to gain full access to YQL, which requires that I use Oauth2. I need help getting OAuth access to Yahoo.

This is what I have tried:

client = OAuth2::Client.new(oauth_consumer_key,oauth_consumer_secret, {
        access_token_path:   '/oauth/v2/get_token',
        authorize_path:      '/oauth/v2/request_auth',
        authorize_url:       'https://api.login.yahoo.com/oauth/v2/request_auth',
        request_token_path:  '/oauth/v2/get_request_token',
        site:                'https://api.login.yahoo.com'
    })
puts client.auth_code.authorize_url( redirect_uri: "http://localhost:3000")
code = gets.chomp
token = client.auth_code.get_token(code, redirect_uri: "http://localhost:3000")

I don't know which "code" I must use. Authorize_url returns me this URL, but it is unclear what the "code". I was inspired by this Question.

Answer 1

Don't ask me why but Yahoo has made it very hard to find their OAuth 2.0 documention. I found it, though!

Also, pretty "awesome" that you get a refresh_token without needing to explicitly ask the user for "offline" permissions. In my opinion, this is a security concern for Yahoo. Both Google and Microsoft require explicit "offline" access.

require 'oauth2'

OAuth2::Client.new(Rails.application.secrets.yahoo_consumer_id, Rails.application.secrets.yahoo_consumer_secret, site: 'https://api.login.yahoo.com', authorize_url: '/oauth2/request_auth', token_url: '/oauth2/get_token')
client.auth_code.authorize_url(redirect_uri: redirect_uri, headers: { "Authorization" => basic_authorization })
token = client.auth_code.get_token(code, redirect_uri: redirect_uri)

# Later
token.refresh!

Answer 2

As per quatermain's request, I post my solution as answer here:

https://docs.google.com/document/d/1SdGSfakQM3ZuiqJK7keXhOfh6310-z_h0THl1_Jswxk/pub

P/S: There is some mistype I made within the document, as below:

• The sentence: "I don't this this URL affect to authentication process..." --> shoud be "I don't think this URL affect to authentication process..."

• The word "and ready through" --> should be "and read through"