How can Yahoo Mail be accessed by IMAP using OAuth or OAuth2 authentication

oauth oauth-2.0 imap yahoo-mail yahoo-oauth

14,410

Solution 1

Update February 27, 2017: This work-around will not work anymore as Yahoo has unfortunately taken down the cck-form.html page referenced below and does not seem to allow new apps to request mail related API access. Hopefully this changes.

Here is how you can create an App on yahoo with full access to emails. (recently yahoo remove this option from their UI) once proper permissions are in place, getting oauth tokens and accessing mail boxes should be straight forward and I am not covering it here.

Visit https://developer.yahoo.com/oauth/guide/cck-form.html and look for "Here is an example form along with sample values you can use in the form" and copy the example html into a local file and save it. A Copy of the html is available below.
Open the file on browser. fill appropriate info (set scope=ymrf for full mail access) and click on "pop window with debug".
Click on allow on the popup window. Sign in is required if you did not already login to yahoo on the browser.

go to https://developer.yahoo.com/apps/ and you should see your app with appropriate permissions.

<html>  
<head>  
    <title>CCK Example</title>  
</head>  
<body>  
  
<form target="yCredWindow" action="http://developer.apps.yahoo.com/projects/createconsumerkey" method="post" id="extAuthForm" name="extAuthForm">  
  
<h2>Inputs</h2>  
<p>* = Required</p>    
<table>  
    <tr><th>Field</th>  
        <th>Input</th></tr>  
  
    <tr><td>* Application Name: </td>  
        <td><input name="name" id="name" value="Janrain Engage"></td></tr>  
  
    <tr><td>Description: </td>  
        <td><input name="description" id="desc"></td></tr>  
  
    <tr><td>appid: </td>  
        <td><input name="appid" id="appid"></td></tr>  
  
    <tr><td>Return to: </td>  
        <td><input name="return_to" id="return_to"></td></tr>  
  
    <tr><td>* Third Party Name: </td>  
        <td><input name="third_party" id="third_party" value="Janrain"></td></tr>  
  
    <tr><td>* Scopes: </td>  
        <td><input name="scopes" id="scope" value="ysrw"></td></tr>  
  
    <tr><td>Favicon URL: </td>  
        <td><input name="favicon" id="favicon"></td></tr>  
  
    <tr><td>Application URL: </td>  
        <td><input name="application_url" id="application_url"></td></tr>  
  
    <tr><td>* Domain: </td>  
        <td><input name="domain" id="domain" value="www.janrain.com"></td></tr></table>  
  
<input type="hidden" name="debug" id="debug" value="true">  
  
<button type="reset">clear all fields</button>  
<button type="button" id="submitWithDebug">pop window with debug</button>  
</form>  
  
<h6>Note: A URL that starts with http:// is required for: Return to, Favicon URL and Application URL.  However, you will get an error if you include http:// for the Domain.</h6>  
  
<h2>Returns</h2>  
<table>  
    <tr><td>Key returned:</td>  
        <td><input type="text" id="cKeyInputField"></td></tr>  
  
    <tr><td>Secret returned:</td>  
        <td><input type="text" id="cSecretInputField"></td></tr>  
  
    <tr><td>Appid returned:</td>  
        <td><input type="text" id="returnAppid"></td></tr></table>  
  
<script src="http://yui.yahooapis.com/3.0.0/build/yui/yui-min.js"></script>  
<script>  
  
var formTarget = null;  
  
// used by return_to.html to set the fields with the data that comes back  
var setFields = function(id, val)  { document.getElementById(id).value = val; };  
  
// pops the window, then submits to it  
var popWindowOnSubmit = function(e)  {  
    window.open('', formTarget, 'status=0,toolbar=0,location=0,menubar=0,width=545,height=650');  
    document.extAuthForm.submit();  
};  
  
// handle submit when the button is clicked  
YUI().use('node', function(Y) {  
    formObject = Y.one('#extAuthForm');  
    formTarget = formObject.getAttribute('target');  
    Y.on('click', popWindowOnSubmit, '#submitWithDebug');  
});  
  
</script>  
  
</body>  
</html>

Solution 2

As of august 2017, the only way to get the Email address is to use the scope called Profiles - Read/Write Public and Private. A very stupid choice of misleading options by Yahoo, since we don't want to "write" anything at all.

As a bonus headache, this will also return a list of all emails associated with the account, not just the main one. And there's no way to accurately identify which is the real one - the primary=true field returned in the list cannot be trusted.

14,410

Author by

Aleksey

Updated on June 16, 2022

Comments

Aleksey almost 2 years
According to developer.yahoo.com/mail/ and IMAP responses:
```
* OK [CAPABILITY IMAP4rev1 ID MOVE NAMESPACE X-ID-ACLID UIDPLUS LITERAL+ CHILDREN XAPPLEPUSHSERVICE XYMHIGHESTMODSEQ AUTH=PLAIN AUTH=LOGIN AUTH=XOAUTH2 AUTH=XYMCOOKIE AUTH=XYMECOOKIE AUTH=XYMCOOKIEB64 AUTH=XYMPKI] IMAP4rev1 imapgate-1.8.1_01.20166 imap1009.mail.ne1.yahoo.com
```
Yahoo Mail can be accessed by IMAP using OAuth(2) authentication.

I registered my app on https://developer.yahoo.com/apps/ so I have got Client ID and Client Secret. I didn't find any scopes(API Permissions) related to Mail. Nevertheless I selected all API Permissions which were presented when I registered my app.

I tried to implement both OAuth and OAuth2.

OAuth2: I cannot get the authorization code for scope "mail-r". When I generate URL(https://api.login.yahoo.com/oauth2/request_auth?client_id=CLIENT_ID&redirect_uri=oob&scope=mail-r&response_type=code) and open it in browser, the page with text "Developers: Please request scope from registered scopes and submit again." is displayed. It works for other scopes. For example, I'm able to get the authorization code for "sdct-r"

OAuth: I'm able to get an access token. But when I send it with AUTHENTICATE XOAUTH2 command, I get "NO [AUTHENTICATIONFAILED] (#AUTH007) Bad scope" response.

So questions is what scope(s) should be set to access Yahoo Mail using IMAP and OAuth(2)?
klefevre almost 8 years

This guy deserve a cookie
Vinnyq12 almost 8 years

The solution works but is a work around to something Yahoo have removed from their UI. Does anyone know why they removed it? Also, what is the scope for read-only?
Crystal Paladin over 7 years

@user3377687 , you are a life saver. This miraculously added the permissions to the Yahoo APP... Now the only thing remaining is to get the yahoo documentation on how to access the mails and their headers... It seems they didn't include it in Mail Docs
Crystal Paladin over 7 years

@user3377687 , though I have to check it with OAuth2 flow for yahoo once I complete it... then we'll be double sure that this is a working method... coz this submits the app request as per oauth guide... if this didn't work with OAuth2 requests, we might need to use oauth methods to consume this service
Tymur Yarosh over 7 years

This workaround doesn't work now. When opening popup in debug mode window tries to open developer.yahoo.com/projects/createconsumerkey and fails with status 404. Is there any another workaround?
Jeshurun about 7 years

This creates the client ID and secret, but you get a 'oauth_problem=consumer_key_rejected' when trying to obtain a request token.
mike nelson over 6 years

@ewein - did you get past the problem mentioned in comment oauth_problem=consumer_key_rejected?
Arpit Kumar almost 6 years

Getting not found message.