Archive for September, 2006

BBAuth Coding – Single Sign On

Friday, September 29th, 2006

I put together a BBAuth sample to test the userhash / SSO feature and you can download the source code for it. The application uses a database connection to store the userhash and the data that the user submitted. If you want to use it for more than just a sample I recommend adding error handling.

To make the sample work you need to get your own appid:

  1. Go to
  2. Fill in your info – The Web Application URL is where Yahoo! redirects the user after he signs in successfully. This should be PATHTOTHEFILES/success.php
  3. Pick the scope that is called something like “Yahoo Authentication, no user data access” (SSO)
  4. Follow the steps in the flow until you get your appid / secret
  5. Enter both in the file where it says appid and secret.
  6. At this point the redirect to Yahoo and redirect back to the server should work, but the success.php will fail because of the missing database.
  7. Set up a database – feed sso.sql to your db
  8. Enter the database info in success.php where it says “Edit your info here:”
  9. Now it should run like a Prius in the carpool lane.


Launching the Un-Launch-Able

Friday, September 29th, 2006

Opening up Yahoo! I’ve been looking forward to this day and writing this exact post for quite some time now! So this is it! Wow, this feels great! We just pushed Browser Based Authentication (BBAuth) out the door.

Let’s start this post with what BBAuth is and what it can be used for. It was designed to allow third-party applications to interact with user-specific data with the users’ consent. On top of doing the obvious, it supports Single Sign-On out of the box.

That means you can build applications that instead of creating your own sign-up flow, which requires users to pick yet another username and password, you can let them sign in with their existing Yahoo! account. The best thing about it is that it’s safe, the YahooId does not get shared with the applications. Your application needs to redirect the user to the Yahoo! BBAuth login and after the user successfully logs in, your app will receive an encrypted and unique userid for each user that logs in. This sample application makes use of SSO.

Good or bad? That is up-to-you do decide. My opinion is that this can make navigating the web so much easier for users, and I am one of them! I don’t want to have to remember ‘x’ usernames and ‘y ‘passwords and keep adding to the list everyday. There are also other ways of dealing with that problem, but here is a solution that is really straightforward. Feel free to leave a comment and let me know what you think! I want to add that this is not driven by a huge initiative to get everyone on Yahoo!, but an attempt to put out another tool that developers can decide to adopt if they like it.

But that’s not all! Yahoo! Photos opened up an API that takes advantage of BBAuth as well. I wrote a sample application that is using it, which allows user to view and update titles and descriptions for photos stored on Yahoo!. The ajaxy parts are using the YUI libraries. On top of all that, we are doing a private beta for developers who attend our public Hackday! The new Yahoo! Mail is opening up their backend!! Appid sign-up will be limited for now but stay tuned for future updates.

For me, this has been quite a ride from the first time we talked about making BBAuth happen until today, the day we finally launched. In a big company like Yahoo!, you need to get input / approval from quite some folks if you want to do something out of the box and open up the company. All that makes sense and is justifiable but sometimes I wish it would have been faster. On the other side, I learned a lot about the company I work for, how big companies work in general, egos, friends and allies and most importantly how you get stuff done that is obviously not on everyone’s “need this today” list.

Like most platform projects that have to support a lot of different use-cases, the list of people that have made this happen is very long and I don’t even want to try to list them all. Instead I want to send a big “general” thank you out to all the thinkers and do-ers, the try-to-stop-it-ers and the must-have-today-ers! Thanks to all of you for making it what it is today!

Further reading: On the Developer Network page we have the official announcement. Jeremy posted something on his blog as well. Without his help to clear last minute “congestions” I am not sure if would have gone out today :)

Hackday – Final Countdown

Wednesday, September 27th, 2006

It’s getting close! A little over two days are left before we kick off the Yahoo Hack Day! A lot has been written, the guest list / registration will close very soon and we are about to buckle up and go on the ride! There will be classes on Friday during the day ranging from social networks to performance, and in the evening we will have a huge performance that goes way beyond all the usual corporate music gigs, you name it. People are already speculating and we will see who gets it right at the end.

Besides the entertainment and classes we will have networking, coding, camping, presentations, wifi, food (not free – sorry, we spent the $ somewhere else), parking and and and. It will be a lot of fun! If you didn’t sign up already, this is your last call! You can do this on

Sidenote: The timer on the hackday page gets powered by the RESTful getTime web service that I wrote for fun. How much more basic then getTime can a web service get? That’s not the point :) The nice thing about it is that it supports JSON and serialized PHP on top of the XML output.

Jobs, Jobs, Jobs

Thursday, September 7th, 2006

Yahoo! is hiring and both, my wife and I have very interesting job openings within our teams:

Sr. Engineer, Exceptional Performance
Product Manager, Developer Network

If you or someone you know is interested (and qualified), send me a resume (dan at yahoo-inc . com). Both jobs are on-site in Sunnyvale, California. Also, I think I’m suppose to include this lawyer stuff: In the interest of full disclosure, I get a referral bonus and you get a great job at a great company! Yahoo! Inc. is an equal opportunity employer. For more information or to search all of our openings, please visit

(more…) – Evite for documents

Tuesday, September 5th, 2006

Earlier today, Jeffrey McManus announced the launch of a service that let’s you share, comment on and approve documents. The idea is to provide a solution that replaces the need to mail around documents and have to follow up manually with each recipient. Have a look!

Places I visited – Nice Toy

Monday, September 4th, 2006

create your own visited countries map or vertaling Duits Nederlands

create your own visited states map

Camera phone stolen – Pictures on Flickr

Sunday, September 3rd, 2006

Here is a great story that just made it on Slashdot.

Someone stole a cell phone that runs ShoZu, a mobile photo sharing service. The person who “found” the phone took pictures of the now famous (65.000 view at the time of writing the post) Chihuahua. Enjoy!

Zonetag is another solution that can upload pictures form a mobile device to Flickr and on top of that is able to geotag images based on the cell tower information.