I'm integrating Linkedin and Amazon login in my Android app. I studied OAuth2 from their docs, and got an idea about the process. But I have some confusion regarding the whole process:
What I thought should happen (taking LinkedIn case):
- My app hits a URL for authorization (https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=123456789&redirect_uri=https%3A%2F%2Fwww.example.com%2Fauth%2Flinkedin&state=987654321&scope=r_basicprofile)
- I receive a callback in the redirect url.
Firstly, my question is, that after getting to the redirect url, the backend would make another API call for the access token? Or the backend would somehow bring me to my app (if yes, how?), and my app would then make a call for access token.
Another doubt that I have is that even without using OAuth2, I'm able to fetch LinkedIn user data using this code:
LISessionManager.getInstance(getApplicationContext())
.init(this, buildScope(), new AuthListener() {
@Override
public void onAuthSuccess() {
mLinkedinAccessToken = LISessionManager
.getInstance(getApplicationContext())
.getSession().getAccessToken().toString();
Toast.makeText(getApplicationContext(), "success" + mLinkedinAccessToken, Toast.LENGTH_LONG).show();
APIHelper apiHelper = APIHelper.getInstance(getApplicationContext());
apiHelper.getRequest(FaceBookLoginActivity.this, topCardUrl, new ApiListener() {
@Override
public void onApiSuccess(ApiResponse s) {
Gson gson = new Gson();
mLinkedInUserInfo = gson.fromJson(s.getResponseDataAsString(), LinkedInUserInfo.class);
Here, I didn't specify any redirect URL and didn't even hit the URL they've mentioned in the doc, but I can easily access the data. Doesn't that defeat the whole purpose of secure authentication? Surely, I'm missing something, and a bit confused about the whole process. I'd appreciate some help over here.