CODEWITHSUNDEEP
javascriptnode.jslinkedin-api
Anton Dimitrov
Anton Dimitrov

Reputation: 95

LinkedIn verify user auth token server side

after 1 day of research, I've ended with the following issue. I'm building an web app with ember.js and currently I'm implementing LinkedIn login, using linkedin javascript sdk. The problem that I have is that after I recieve user information (token, email, first name and etc) I need to verify this token on server side in order to grand session. Unfortunately, the documentation is not very clear for me. I can access token ( or kind of a token ) using IN.ENV.auth, but when I try to validate one from both of them, I recieve "invalid request". On the server side I'm using node and a sample code look like that:

var request = require('request');
var options = {
    url: 'https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=TOKEN_RECIEVED_THROUGH_IN.ENV.auth&redirect_uri=my-domain&client_id=API_CLIENT_ID&client_secret=API_SECRET_KEY'
};
request(options,function(err,res,body){
    console.log(body);
});

The response from the sdk is like that: 

anonymous_expires_in: 1800
anonymous_token: "4u948tas123asfK9DJx9HFYJgcsBFlhIFu93gG"
api_key: "API_KEY"
is_set_client_auth_cookie: false
member_id: "4a13sdasFeD"
oauth_expires_in: 1800
oauth_token: "66Dy9V123lL7H823ddl-5L-KVmg184k0dhAaS"

Thanks in advance.

Upvotes: 9

Views: 4369

Answers (3)

Nikola Zivkovic
Nikola Zivkovic

Reputation: 829

For someone that needs to check validity of token via Postman or etc...

You can achieve this by making request to have next parameters...

Example:

Method GET:
https://api.linkedin.com/v1/people/~?format=json

Headers: 
Authorization Bearer "here you add your access token"
Content-Type application/json
x-li-src msdk

Upvotes: 1

ktretyak
ktretyak

Reputation: 31641

It seems that if you just add header oauth_token to GET request, it works:

GET /v1/people/~:(id,firstName,lastName,siteStandardProfileRequest,picture-url,email-address)?format=json HTTP/1.1
Host: api.linkedin.com
oauth_token: your-token-here

P.S. But I'm not sure it will work continuously because the documentation I have not read

Upvotes: 8

Justin Kominar
Justin Kominar

Reputation: 3374

LinkedIn auth tokens granted from the JS SDK and server-side OAuth are not the same.

There is a process documented on LinkedIn's developer website that explains how to exchange a JS token for a REST API/server-side token: https://developer-programs.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens

Upvotes: 2

Related Questions