LinkedIn API OAuth refresh token

Asked 15/7, 2017 at 15:14 Answered 3/7, 2024 at 14:57

I am using LinkedIn API to pull updates from there and display on the website. While using OAuth, I am storing the token in a file and then pull it from there again to prevent the login popup. However, I am not clear once my token expires how will it get refreshed. Following is how I am reading the token from the file -

        $config = json_decode(file_get_contents(".service.dat"));
        if( isset($config->key) && isset($config->secret) ) {
            $this->access_token = new OAuthConsumer($config->key, $config->secret);
        }

For authentication I have following to get request token -

function getRequestToken()
{
    $consumer = $this->consumer;
    $request = OAuthRequest::from_consumer_and_token($consumer, NULL, "GET", $this->request_token_path);
    $request->set_parameter("oauth_callback", $this->oauth_callback);
    $request->sign_request($this->signature_method, $consumer, NULL);
    $headers = Array();
    $url = $request->to_url();
    $response = $this->httpRequest($url, $headers, "GET");
    parse_str($response, $response_params);
    $this->request_token = new OAuthConsumer($response_params['oauth_token'], $response_params['oauth_token_secret'], 1);
}

After generating token, I am generting authorize url:

function generateAuthorizeUrl()
{
    $consumer = $this->consumer;
    $request_token = $this->request_token;
    return $this->authorize_path . "?oauth_token=" . $request_token->key;
}

LinkedIn documentation states following about refresh token:

Refreshing an access token is very simple and can happen without an authorization dialog appearing for the user. In other words, it's a seamless process that doesn't affect your application's user experience. Simply have your application go through the authorization flow in order to fetch a new access token with an additional 60 day life span.

I am not clear what that means. If I have to redo all the way from obtaining request token again then wouldn't that require me to make http request again and having to popup the login screen? How do I avoid it? Will appreciate suggestion.

Thanks.

Radcliffe answered 15/7, 2017 at 15:14 Comment(0)

Found out. Authorization URL:

https://www.linkedin.com/oauth/v2/authorization

followed by the access token url:

https://www.linkedin.com/oauth/v2/accessToken

was all that I really had to do (passing with the right parameters).

Radcliffe answered 21/7, 2017 at 1:41 Comment(0)

If You go through the documentation

Linkedin does not provide refresh token you need to again go through the workflow.

Here is the Short Explanation:

To refresh an Access Token, simply go through the authorization process outlined in this document again to fetch a new token. During the refresh workflow, provided the following conditions are met, the authorization dialog portion of the flow is automatically skipped and the user is redirected back to your callback URL, making acquiring a refreshed access token a seamless behind-the-scenes user experience

Refresh your Access Tokens

Hydrophobic answered 29/3, 2018 at 12:20 Comment(1)

While it is OK for an answer to contain links for reference the answer itself should at least contain a basic explanation. – Pushcart 29/3, 2018 at 12:50

There is also a endpoint to refresh the token once it expire, here is the documentation of the way to do it: https://learn.microsoft.com/en-us/linkedin/shared/authentication/programmatic-refresh-tokens

Sycamine answered 18/10, 2018 at 16:27 Comment(0)

There is a simple example how you can refresh your token:

public async Task<LinkedInTokenResponse> RefreshToken(string yourRefreshToken, CancellationToken cancellationToken)
 {
     var client = new HttpClient();
     var request = new HttpRequestMessage(HttpMethod.Post, "https://www.linkedin.com/oauth/v2/accessToken");

     var parameters = new Dictionary<string, string>
     {
         { "grant_type", "refresh_token" },
         { "refresh_token", yourRefreshToken },
         { "client_id", _linkedInApplicationSettings.ClientId },
         { "client_secret", _linkedInApplicationSettings.PrimaryClientSecret }
     };

     request.Content = new FormUrlEncodedContent(parameters);

     var response = await client.SendAsync(request, cancellationToken);
     var responseContent = await response.Content.ReadAsStringAsync(cancellationToken);
     response.EnsureSuccessStatusCode();

     var tokenResponse = JsonConvert.DeserializeObject<LinkedInTokenResponse>(responseContent);

     return tokenResponse;
 }

public class LinkedInTokenResponse
{
    [JsonProperty("access_token")]
    public string AccessToken { get; set; }

    [JsonProperty("expires_in")]
    public int AccessTokenExpiresIn { get; set; }

    [JsonProperty("refresh_token")]
    public string RefreshToken { get; set; }

    [JsonProperty("refresh_token_expires_in")]
    public int RefreshTokenExpiresIn { get; set; }
}

Winchell answered 3/7, 2024 at 14:57 Comment(0)

Recommended topics

Hot tags