How To
ForgeRock Identity Cloud
Integrations

Yahoo SSO integration with Identity Cloud for social authentication/registration

Last updated Nov 30, 2021

The purpose of this article is to provide information on configuring Identity Cloud to integrate with Yahoo® as a social provider using OpenID Connect (OIDC) for Single Sign-On (SSO).


Overview

This article describes how to configure Identity Cloud to use Yahoo as a social provider for authentication and/or registration. Identity Cloud provides a standards-based solution for Yahoo social sign-on based on OIDC standards. Once configured, users can log in to applications protected by Identity Cloud using their Yahoo profile.

Steps involved:

  1. Configure Yahoo
  2. Configure the Social Identity Provider in Identity Cloud
  3. Create the end user journey
  4. Test the end user experience

Prerequisites

  • You have a working Identity Cloud tenant.
  • You have a Yahoo account.

Configuring Yahoo

Disclaimer

ForgeRock assumes no responsibility for errors or omissions in the third-party software or documentation.

Create a Yahoo app and get the OAuth 2.0 credentials 

Refer to the Yahoo developer documentation for guidance on creating a Yahoo app and getting OAuth 2.0 credentials

  1. Create a Yahoo app, completing (at least) the following details:
    • Application Name: Enter any unique name for the app.
    • Redirect URI(s): Enter the redirect URL for your app. This is the path that users are redirected to after they have authenticated with Yahoo, for example, https://<tenant-name>.forgeblocks.com/login.
    • API Permissions: Select OpenID Connect Permissions, and select Email and Profile.
  2. Copy the Client ID and Client Secret to a secure place. You'll need this information when you configure the Yahoo social identity provider in Identity Cloud.

Configuring the Social Identity Provider in Identity Cloud

  1. In the Identity Cloud Admin UI, navigate to Native Consoles > Access Management > Services > Social Identity Provider Service.
  2. Choose Secondary Configurations, click Add a Secondary Configuration, and select Client configuration for Yahoo.
  3. Complete the following configuration:
    • Name: Enter a name for the social identity provider, for example, Yahoo.
    • Client ID: Enter the Client ID of your Yahoo app.
    • Redirect URL: Enter the URL to go to once access has been granted. This must match the Redirect URI you configured in your Yahoo app, for example, https://<tenant-name>.forgeblocks.com/login.
    • Scope Delimiter: Enter the scope delimiter, which is usually an empty space.
  1. Click Create.
  2. Complete the following configuration:
    • Client Secret: Enter the client secret for your Yahoo app.
    • OAuth Scopes: Delete sdpp-w from the list of scopes. This scope was deprecated in February 2020 and is no longer in use. Deleting the scope will prevent invalid scope errors when authenticating with Yahoo.
  3. Check the rest of the default settings are correct. In particular, check the following fields:
    • Enabled: Ensure the configuration is enabled.
    • Transform Script: Ensure that Yahoo Profile Normalization is entered. This script transforms Yahoo credential data into a normalized form.

The configuration should look similar to this:

  1. Click Save Changes.

Creating the end user journey

You can create custom end user journeys for social registration and sign in. These journeys will include all your enabled social identity providers, so you won't need to create different journeys for different providers.

See How do I create end user journeys for social registration and login in Identity Cloud? for information on how to create end user journeys for SSO with social providers.

Testing the end user experience

  1. In the Identity Cloud Admin UI, navigate to Journeys.
  2. Click the journey that you want to test.
  3. Copy the Preview URL.
  4. Paste the preview URL into a browser using Incognito or Browsing mode.
  5. Follow the sign in and/or registration steps to test your journey.

For example, if Yahoo is configured as a social identity provider for social login, end users are asked if they want to authenticate with Yahoo, similar to the screenshot below. 

See Also

Google SSO integration with Identity Cloud for social authentication/registration

LinkedIn SSO integration with Identity Cloud for social authentication/registration

Facebook SSO integration with Identity Cloud for social authentication/registration

Salesforce SSO integration with Identity Cloud for social authentication/registration

How do I create end user journeys for social registration and login in Identity Cloud?

Single Sign-On Integrations for Identity Cloud

Journeys

Yahoo Social Identity Provider

Social Authentication


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.