Opening up Yahoo! I’ve been looking forward to this day and writing this exact post for quite some time now! So this is it! Wow, this feels great! We just pushed Browser Based Authentication (BBAuth) out the door.
Let’s start this post with what BBAuth is and what it can be used for. It was designed to allow third-party applications to interact with user-specific data with the users’ consent. On top of doing the obvious, it supports Single Sign-On out of the box.
That means you can build applications that instead of creating your own sign-up flow, which requires users to pick yet another username and password, you can let them sign in with their existing Yahoo! account. The best thing about it is that it’s safe, the YahooId does not get shared with the applications. Your application needs to redirect the user to the Yahoo! BBAuth login and after the user successfully logs in, your app will receive an encrypted and unique userid for each user that logs in. This sample application makes use of SSO.
Good or bad? That is up-to-you do decide. My opinion is that this can make navigating the web so much easier for users, and I am one of them! I don’t want to have to remember ‘x’ usernames and ‘y ‘passwords and keep adding to the list everyday. There are also other ways of dealing with that problem, but here is a solution that is really straightforward. Feel free to leave a comment and let me know what you think! I want to add that this is not driven by a huge initiative to get everyone on Yahoo!, but an attempt to put out another tool that developers can decide to adopt if they like it.
But that’s not all! Yahoo! Photos opened up an API that takes advantage of BBAuth as well. I wrote a sample application that is using it, which allows user to view and update titles and descriptions for photos stored on Yahoo!. The ajaxy parts are using the YUI libraries. On top of all that, we are doing a private beta for developers who attend our public Hackday! The new Yahoo! Mail is opening up their backend!! Appid sign-up will be limited for now but stay tuned for future updates.
For me, this has been quite a ride from the first time we talked about making BBAuth happen until today, the day we finally launched. In a big company like Yahoo!, you need to get input / approval from quite some folks if you want to do something out of the box and open up the company. All that makes sense and is justifiable but sometimes I wish it would have been faster. On the other side, I learned a lot about the company I work for, how big companies work in general, egos, friends and allies and most importantly how you get stuff done that is obviously not on everyone’s “need this today” list.
Like most platform projects that have to support a lot of different use-cases, the list of people that have made this happen is very long and I don’t even want to try to list them all. Instead I want to send a big “general” thank you out to all the thinkers and do-ers, the try-to-stop-it-ers and the must-have-today-ers! Thanks to all of you for making it what it is today!
Further reading: On the Developer Network page we have the official announcement. Jeremy posted something on his blog as well. Without his help to clear last minute “congestions” I am not sure if would have gone out today :)