First off I tried looking at the solution in LinkedIn verify user auth token server side but I found it very confusing and unclear why the client uses OAuth2 and the server uses OAuth1.0a...

I'm trying to create the following LinkedIn authentication pattern which follows other networking sites like Facebook or Google+:

1. Client (Android or iOS) logs in
2. Sends access token to server
3. Server verifies the access token is for my app
4. Server grabs a bit of profile info ... finishes user creation
   • Long term access from the server is NOT required. *

For #1 is seems the LinkedIn docs say you cannot use an iOS access token key (for example) through the rest API? What's the best way to do this? I'm not sure if that is still true but lets say it is and we use "traditional REST auth" from the native client.

For #3 I cannot find any reference to a REST call that provides such info. Facebook has /debug_token and Google has /tokeninfo to aid these efforts. Is there a similar call for LinkedIn? In the stackoverflow issue I linked above it talked about sending secure cookies. But in my cause I'm neither using a browser nor a server that can accept cookies.

If this is not the right design pattern for LinkedIn please suggest a better one that works with this flow.

Thanks,

Any help would be appreciated.

Here's the solution

GET https://api.linkedin.com/v1/people/~:(id,email-address,first-name,last-name)?format=json

Header {"Authorization":"Bearer <USER_ACCESS_TOKEN>","x-li-src":"msdk"}