I've just migrated from LinkedIn's JavaScript SDK to their OAuth2.0 authorization flow in my application due to their announcement of deprecating their SDKs in March.
The auth flow is working as expected. The issue is that I can't find any documentation on how to force re-authentication or invalidate the current user's access token. The previous JavaScript SDK had an IN.User.logout()
method that I used to allow for re-authentication which is not available using the OAuth2.0 flow. This will cause problems for users who are logging in on a shared computer/browser.
Below are some ways I've figured out where re-authentication is initiated, but none my application can do itself:
- Clear out web browser / LinkedIn cookies
- Logout of LinkedIn site directly
- Update/change requested permissions (not ideal)
Does anyone have a recommendation on how I can force re-authentication within the application? Or is this impossible unless LinkedIn implements an endpoint to invalidate the token?
Hoping someone from LinkedIn may be able to chime in on this and how they expect developers to handle this scenario as they point to Stack Overflow for support.
References
Update [2/12/19]: I've contacted LinkedIn directly regarding this issue and they continued to direct me here and insist that I repost the question. Hoping someone from LinkedIn will see this still but assuming it won't get answered anytime soon. Will have to assume invalidation does not exist in v2 APIs.