There had been some problems during my investigating Yahoo Oauth2 development.

1.Confidential client or public client:
Yahoo explains that one should choose confidential client for traditional web application and choose public client for mobile apps, native apps, or single-page apps.
If confidential client is selected, there will be client secret genrated; and if public client is selected, there will be no client secret generated. Plus, if I choose public client, which I did for DONATION, when I request OAuth2 token, I can choose to not include client secret as one of the parameters and it looks like that that is not causing any problem.

2.API Permission:
I took it as scope. But the strange thing is that it does not include anything like Google. Google states "Send email on behalft of customer", but similar choice in Yahoo is like OpenID Connect Permissions-Email, which has a brief introduction as "Access to email address and verified status".
There is another possible choice for OpenID Connect Permissions, as well. It's called Profile, having a brief introduction as "Access to common profile information (eg. first/last name, gender, etc.)".
Another strange thing about permission is that when I started to request OAuth2 token by opening a generated requst url, after logging into my yahoo account, the permission stated the permisstion as "Read Profile", which does not meet our expectation, as I took it. Plus, it does not have anything like sending email on behalf of customer.

3.Redirect URI:
In Yahoo developer center, for the "DONATION" application I created, I set it to https://localhost:55555, the same as I set for Google OAuth2.
In chillkat code example for PB, the code uses the secret, the stuff that only exists for confidential clients, or traditional web application, and stated that I need to develop a redirect web page in our website, which redirects to https://localhost:55555.
This is also a required parameter when generating the OAuth2 token request url. If I state localhost as the redirect uri inside the requesting url, yahoo page says "Oh, no. There had been some problems, please try again. Developer: Please send a valid request."
If I set the redirect uri to "oob", which means "out of boundary", as stated in Yahoo OAuth2 Guide, the generated url will succeed, but the same page shows up again after I login to my Yahoo account and grand the permission requested. Well the permission is wired, as well. It's "Read Profile", nothing about email sending.

I have searched on the Internet for possible answers to these problems but it seems that I had no luck on that.