So the main unique selling point for Andricious (my Delicious app for Android) is that it supports Yahoo OAuth.
It took me quite a while to get OAuth working, the protocol is difficult to debug and most libraries were focussed on Twitter or similar at the time. In the end I wrote my own OAuth code which was quite satisfying.
Recently I had a number of complaints concerning Yahoo auth in Andricious, it just plain stopped working. I narrowed it down to the oauth_callback parameter after some time spent debugging it .
If I passed a value with a custom scheme ie “dandroid://callback” I would receive a 401, if I passed a value using a http scheme ie http://www.sherbertsystems.com/oauth.html all was fine. So it seems Yahoo changed something.
I raised a question on the Yahoo OAuth forum, see here . So seems Yahoo decided some time ago to only accept http/https/oob but don’t actively publish it and only tightened up their servers recently. A little frustrating as custom schemes are mentioned quite a lot around the web as a good option for my scenario.
To fix Andricious I now set oauth_callback=http://www.sherbertsystems.com/oauth.html. The oauth.html page on my website simply uses Javascript to redirect to dandroid://callback passing through the oauth parameters. Android recognises the redirect by the dandroid scheme and passes control back to Andricous.
I would rather avoid this extra step but it works and the user experience is not changed.
