LinkedIn verify user auth token server side

Q

3

9

after 1 day of research, I've ended with the following issue. I'm building an web app with ember.js and currently I'm implementing LinkedIn login, using linkedin javascript sdk. The problem that I have is that after I recieve user information (token, email, first name and etc) I need to verify this token on server side in order to grand session. Unfortunately, the documentation is not very clear for me. I can access token ( or kind of a token ) using IN.ENV.auth, but when I try to validate one from both of them, I recieve "invalid request". On the server side I'm using node and a sample code look like that:

var request = require('request');
var options = {
    url: 'https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=TOKEN_RECIEVED_THROUGH_IN.ENV.auth&redirect_uri=my-domain&client_id=API_CLIENT_ID&client_secret=API_SECRET_KEY'
};
request(options,function(err,res,body){
    console.log(body);
});

The response from the sdk is like that:

anonymous_expires_in: 1800
anonymous_token: "4u948tas123asfK9DJx9HFYJgcsBFlhIFu93gG"
api_key: "API_KEY"
is_set_client_auth_cookie: false
member_id: "4a13sdasFeD"
oauth_expires_in: 1800
oauth_token: "66Dy9V123lL7H823ddl-5L-KVmg184k0dhAaS"

Thanks in advance.

Quinquennium answered 11/3, 2015 at 13:0 Comment(0)

G

2

LinkedIn auth tokens granted from the JS SDK and server-side OAuth are not the same.

There is a process documented on LinkedIn's developer website that explains how to exchange a JS token for a REST API/server-side token: https://developer-programs.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens

Ganger answered 12/3, 2015 at 16:9 Comment(6)

URL not found , need to add some details answer also . this answer is not useful now – Wilhite 4/5, 2016 at 6:9

@SameerKazi, hi, have you managed to find solution? I've been working with same approach, yet I am not able to find that document as well. I've read that this will be removed in future, as OAuth2 will be only option to have access token that can be used for REST API calls. – Birdsall 25/5, 2016 at 8:34

There are presently no available endpoints to perform token validation via the LinkedIn APIs. You can only request (and a special sub-case: refresh) OAuth 2 tokens. – Ganger 25/5, 2016 at 16:29

@Birdsall No, solution not found. If you get any help plz post here. – Wilhite 26/5, 2016 at 4:11

@SameerKazi, as I understood in my research, it is not possible. JS SDK does not provide with code needed in authorization step. Most of these documents people are referring to are not accessible any longer. Therefor, I've focused on LinkedIn suggestions and created OAuth2 log in. I suggest same approach. One note, please be careful setting redirect_url. Needed or not, it requires slash (/) at the end of url, e.g. localhost/home.html?something=true. – Birdsall 26/5, 2016 at 9:50

This url is a restrict resorce, can you post an example here? – Luciusluck 7/10, 2017 at 16:25

T

8

It seems that if you just add header oauth_token to GET request, it works:

GET /v1/people/~:(id,firstName,lastName,siteStandardProfileRequest,picture-url,email-address)?format=json HTTP/1.1
Host: api.linkedin.com
oauth_token: your-token-here

P.S. But I'm not sure it will work continuously because the documentation I have not read

Tracheid answered 13/9, 2016 at 4:0 Comment(0)

G

2

LinkedIn auth tokens granted from the JS SDK and server-side OAuth are not the same.

There is a process documented on LinkedIn's developer website that explains how to exchange a JS token for a REST API/server-side token: https://developer-programs.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens

Ganger answered 12/3, 2015 at 16:9 Comment(6)

URL not found , need to add some details answer also . this answer is not useful now – Wilhite 4/5, 2016 at 6:9

@SameerKazi, hi, have you managed to find solution? I've been working with same approach, yet I am not able to find that document as well. I've read that this will be removed in future, as OAuth2 will be only option to have access token that can be used for REST API calls. – Birdsall 25/5, 2016 at 8:34

There are presently no available endpoints to perform token validation via the LinkedIn APIs. You can only request (and a special sub-case: refresh) OAuth 2 tokens. – Ganger 25/5, 2016 at 16:29

@Birdsall No, solution not found. If you get any help plz post here. – Wilhite 26/5, 2016 at 4:11

@SameerKazi, as I understood in my research, it is not possible. JS SDK does not provide with code needed in authorization step. Most of these documents people are referring to are not accessible any longer. Therefor, I've focused on LinkedIn suggestions and created OAuth2 log in. I suggest same approach. One note, please be careful setting redirect_url. Needed or not, it requires slash (/) at the end of url, e.g. localhost/home.html?something=true. – Birdsall 26/5, 2016 at 9:50

This url is a restrict resorce, can you post an example here? – Luciusluck 7/10, 2017 at 16:25

C

1

For someone that needs to check validity of token via Postman or etc...

You can achieve this by making request to have next parameters...

Example:

Method GET:
https://api.linkedin.com/v1/people/~?format=json

Headers: 
Authorization Bearer "here you add your access token"
Content-Type application/json
x-li-src msdk

Convent answered 3/11, 2016 at 9:52 Comment(0)

Recommended topics

Hot tags