How can Yahoo Mail be accessed by IMAP using OAuth or OAuth2 authentication

Asked 17/3, 2016 at 10:57 Answered 16/8, 2017 at 22:59

Solved oauth oauth-2.0 imap yahoo-mail yahoo-oauth

According to developer.yahoo.com/mail/ and IMAP responses:

* OK [CAPABILITY IMAP4rev1 ID MOVE NAMESPACE X-ID-ACLID UIDPLUS LITERAL+ CHILDREN XAPPLEPUSHSERVICE XYMHIGHESTMODSEQ AUTH=PLAIN AUTH=LOGIN AUTH=XOAUTH2 AUTH=XYMCOOKIE AUTH=XYMECOOKIE AUTH=XYMCOOKIEB64 AUTH=XYMPKI] IMAP4rev1 imapgate-1.8.1_01.20166 imap1009.mail.ne1.yahoo.com

Yahoo Mail can be accessed by IMAP using OAuth(2) authentication.

I registered my app on https://developer.yahoo.com/apps/ so I have got Client ID and Client Secret. I didn't find any scopes(API Permissions) related to Mail. Nevertheless I selected all API Permissions which were presented when I registered my app.

I tried to implement both OAuth and OAuth2.

OAuth2: I cannot get the authorization code for scope "mail-r". When I generate URL(https://api.login.yahoo.com/oauth2/request_auth?client_id=CLIENT_ID&redirect_uri=oob&scope=mail-r&response_type=code) and open it in browser, the page with text "Developers: Please request scope from registered scopes and submit again." is displayed. It works for other scopes. For example, I'm able to get the authorization code for "sdct-r"

OAuth: I'm able to get an access token. But when I send it with AUTHENTICATE XOAUTH2 command, I get "NO [AUTHENTICATIONFAILED] (#AUTH007) Bad scope" response.

So questions is what scope(s) should be set to access Yahoo Mail using IMAP and OAuth(2)?

Siddons answered 17/3, 2016 at 10:57 Comment(4)

It seems mail api is available for the premium mail accounts... looking at packagetracker website, when signing up with yahoo, it shows the mail scope during oauth2 process... I couldn't find a way to include that scope either... If you've found out a way to include it, please post the answer here, It'll be a great help... – Culliton 1/4, 2016 at 5:45

@Siddons did you find something on this ? – Rizzo 6/6, 2016 at 8:52

@Aleksey, please mark user3377687 answer as accepted... I've checked it and it works... it definitely adds the mail full permission if you set the scope as ymrf => full access – Culliton 1/8, 2016 at 14:3

Done, thank you. And, of course, thank you very much, @user3377687. – Siddons 2/8, 2016 at 15:4

Update February 27, 2017: This work-around will not work anymore as Yahoo has unfortunately taken down the cck-form.html page referenced below and does not seem to allow new apps to request mail related API access. Hopefully this changes.

Here is how you can create an App on yahoo with full access to emails. (recently yahoo remove this option from their UI) once proper permissions are in place, getting oauth tokens and accessing mail boxes should be straight forward and I am not covering it here.

Visit https://developer.yahoo.com/oauth/guide/cck-form.html and look for "Here is an example form along with sample values you can use in the form" and copy the example html into a local file and save it. A Copy of the html is available below.
Open the file on browser. fill appropriate info (set scope=ymrf for full mail access) and click on "pop window with debug".
Click on allow on the popup window. Sign in is required if you did not already login to yahoo on the browser.

go to https://developer.yahoo.com/apps/ and you should see your app with appropriate permissions.

<html>  
<head>  
    <title>CCK Example</title>  
</head>  
<body>  
  
<form target="yCredWindow" action="http://developer.apps.yahoo.com/projects/createconsumerkey" method="post" id="extAuthForm" name="extAuthForm">  
  
<h2>Inputs</h2>  
<p>* = Required</p>    
<table>  
    <tr><th>Field</th>  
        <th>Input</th></tr>  
  
    <tr><td>* Application Name: </td>  
        <td><input name="name" id="name" value="Janrain Engage"></td></tr>  
  
    <tr><td>Description: </td>  
        <td><input name="description" id="desc"></td></tr>  
  
    <tr><td>appid: </td>  
        <td><input name="appid" id="appid"></td></tr>  
  
    <tr><td>Return to: </td>  
        <td><input name="return_to" id="return_to"></td></tr>  
  
    <tr><td>* Third Party Name: </td>  
        <td><input name="third_party" id="third_party" value="Janrain"></td></tr>  
  
    <tr><td>* Scopes: </td>  
        <td><input name="scopes" id="scope" value="ysrw"></td></tr>  
  
    <tr><td>Favicon URL: </td>  
        <td><input name="favicon" id="favicon"></td></tr>  
  
    <tr><td>Application URL: </td>  
        <td><input name="application_url" id="application_url"></td></tr>  
  
    <tr><td>* Domain: </td>  
        <td><input name="domain" id="domain" value="www.janrain.com"></td></tr></table>  
  
<input type="hidden" name="debug" id="debug" value="true">  
  
<button type="reset">clear all fields</button>  
<button type="button" id="submitWithDebug">pop window with debug</button>  
</form>  
  
<h6>Note: A URL that starts with http:// is required for: Return to, Favicon URL and Application URL.  However, you will get an error if you include http:// for the Domain.</h6>  
  
<h2>Returns</h2>  
<table>  
    <tr><td>Key returned:</td>  
        <td><input type="text" id="cKeyInputField"></td></tr>  
  
    <tr><td>Secret returned:</td>  
        <td><input type="text" id="cSecretInputField"></td></tr>  
  
    <tr><td>Appid returned:</td>  
        <td><input type="text" id="returnAppid"></td></tr></table>  
  
<script src="http://yui.yahooapis.com/3.0.0/build/yui/yui-min.js"></script>  
<script>  
  
var formTarget = null;  
  
// used by return_to.html to set the fields with the data that comes back  
var setFields = function(id, val)  { document.getElementById(id).value = val; };  
  
// pops the window, then submits to it  
var popWindowOnSubmit = function(e)  {  
    window.open('', formTarget, 'status=0,toolbar=0,location=0,menubar=0,width=545,height=650');  
    document.extAuthForm.submit();  
};  
  
// handle submit when the button is clicked  
YUI().use('node', function(Y) {  
    formObject = Y.one('#extAuthForm');  
    formTarget = formObject.getAttribute('target');  
    Y.on('click', popWindowOnSubmit, '#submitWithDebug');  
});  
  
</script>  
  
</body>  
</html>

Ungrudging answered 21/6, 2016 at 11:46 Comment(6)

This guy deserve a cookie – Rizzo 28/6, 2016 at 10:18

The solution works but is a work around to something Yahoo have removed from their UI. Does anyone know why they removed it? Also, what is the scope for read-only? – Qualls 6/7, 2016 at 12:18

@Ungrudging , you are a life saver. This miraculously added the permissions to the Yahoo APP... Now the only thing remaining is to get the yahoo documentation on how to access the mails and their headers... It seems they didn't include it in Mail Docs – Culliton 1/8, 2016 at 14:1

@Ungrudging , though I have to check it with OAuth2 flow for yahoo once I complete it... then we'll be double sure that this is a working method... coz this submits the app request as per oauth guide... if this didn't work with OAuth2 requests, we might need to use oauth methods to consume this service – Culliton 1/8, 2016 at 14:7

This workaround doesn't work now. When opening popup in debug mode window tries to open developer.yahoo.com/projects/createconsumerkey and fails with status 404. Is there any another workaround? – Fullscale 25/8, 2016 at 6:16

Getting not found message. – Nudicaul 5/7, 2018 at 4:42

As of august 2017, the only way to get the Email address is to use the scope called Profiles - Read/Write Public and Private. A very stupid choice of misleading options by Yahoo, since we don't want to "write" anything at all.

As a bonus headache, this will also return a list of all emails associated with the account, not just the main one. And there's no way to accurately identify which is the real one - the primary=true field returned in the list cannot be trusted.

Columbite answered 16/8, 2017 at 22:59 Comment(0)

You have to add the "Mail Read-Only" scope when you're creating/configuring the app on https://developer.yahoo.com/apps/.

Unfortunately, when I just tried to do that on a newly created app, the option wasn't available.

You may have to get in touch with Yahoo to have them allow you to request these scopes.

Forfeit answered 7/6, 2016 at 20:42 Comment(0)

you have to add scope=openid while hitting authorization endpoint, then after obtaining the token after hittng token endpoint, hit profile endpoint with the obtained access token, then we get emails under profile json object

Lollard answered 9/9, 2016 at 9:25 Comment(0)

In order for you to see the mail checkboxes in the list of potential scopes, Yahoo have to white-list your developer account. I could not find any documentation about this, or instructions for how to ask for it, so I can't back this up with any documentation.

Southeastwardly answered 22/5, 2017 at 6:44 Comment(0)

-1

I have found another way to create an app with the Mail API permissions enabled. I noticed if you include an 'api' parameter in the URL you can specify which scopes you want to include regardless of whether they are checked at the bottom. I noticed if you provided 'api=mail' in the URL it defaults to include Mail permissions. So to create a new app with Mail permissions use this URL:

https://developer.yahoo.com/apps/create/?api=mail

Parasite answered 22/3, 2017 at 20:57 Comment(2)

This creates the client ID and secret, but you get a 'oauth_problem=consumer_key_rejected' when trying to obtain a request token. – Sanctuary 31/3, 2017 at 21:0

@Parasite - did you get past the problem mentioned in comment oauth_problem=consumer_key_rejected? – Ctenoid 28/11, 2017 at 18:36

Recommended topics

Hot tags