To make the sample work you need to get your own appid:

1. Go to https://developer.yahoo.com/wsregapp/
2. Fill in your info – The Web Application URL is where Yahoo! redirects the user after he signs in successfully. This should be PATHTOTHEFILES/success.php
3. Pick the scope that is called something like “Yahoo Authentication, no user data access” (SSO)
4. Follow the steps in the flow until you get your appid / secret
5. Enter both in the bbauth.inc file where it says appid and secret.
6. At this point the redirect to Yahoo and redirect back to the server should work, but the success.php will fail because of the missing database.
7. Set up a database – feed sso.sql to your db
8. Enter the database info in success.php where it says “Edit your info here:”
   
9. Now it should run like a Prius in the carpool lane.

Let’s start with the index.php page. Index has only two lines of actual code, everything else is markup:
< ?php
//pulls in the bbauth functionality / appid / secret
include "bbauth.inc";
//sign the redirect url and request userhash (send_userhash=1)
$app_login_url = yahoo_sign_url ( $wslogin_server_long . "?appid=" . $appid . "&send_userhash=1", $secret );
?>

bbauth.inc contain the yahoo_sign_url and others functions that are needed to deal with that Yahoo! login servers. The three functions listed below make the authentication flow pretty clear.

yahoo_sign_url( $url, $secret )
Signs the the URL that sends the user to the Yahoo! login server with your secret. That lets Yahoo ensure that the request comes from someone who has the secret. The user logs in and get redirected to your app.

function yahoo_sig_validate( $secret)
This function validates the signature that that is attached to the URL where the login server sends the user after he or she signs in successfully. This protects your app from someone forging a request. The request will also contain a token that can be used to request a cookie.