Linkedin & OAuth
Download as PPT, PDF6 likes5,105 views
The document discusses integrating LinkedIn functionality into a website using OAuth authentication. It provides an overview of the LinkedIn API and OAuth process, including getting an API key, redirecting the user to LinkedIn for authorization, and requesting an access token. It also covers LinkedIn platform guidelines, API rate limiting, and making calls to the LinkedIn People and Profile APIs.
Linkedin & OAuth
- 2. Why Should We Integrate LinkedIn? • Users can bring their LinkedIn profile and network in your site • Access to a network of over 80 million users • Authentication to your site using LinkedIn APIs • Search for profiles, connections • Update LinkedIn status from your site And many more….
- 3. LinkedIn Platform Guidelines • No LinkedIn data can be stored – Exceptions: Storing the Member ID for subsequent API calls & User’s profile data when given explicit user permission by the owner of the profile • Don't share your API keys and secrets with anyone • Data gathered from one user's LinkedIn account/network may not be exposed to another user • You must show the agreement screen in its own window – URL is visible – Same browser window/tab or pop-up but NOT an Iframe into the current page • You cannot provide API access to your customers • http://developer.linkedin.com/docs/DOC-1091
- 4. LinkedIn OAuth's Authentication Model • You get an API key from LinkedIn. (Consumer Key in OAuth terminology) • You build a feature into your site that leverages the user's LinkedIn network • Your user clicks on your UI to request to use that feature. • You make a call to LinkedIn to ask to use our authentication. This is called getting a Request Token. • LinkedIn replies with an OAuth Token indicating that you can use the authentication system. • You send your user to a LinkedIn URL. That URL includes the OAuth Token you got and a few other parameters such as a URL for LinkedIn to return the user to after granting access. • The user grants access to your application by signing into that page. • Upon successful signon, LinkedIn will return the user to your site. • You will then make a call to LinkedIn to get an Access Token. • LinkedIn replies with an Access Token for the user. You use that Access Token for any API calls to LinkedIn to identify the user on whose behalf you are making the call.
- 6. Anatomy of an OAuth Request 1. Establish a requestToken – HTTP Method (POST) – Request URI (https://api.linkedin.com/uas/oauth/requestToken) – oauth_callback – oauth_consumer_key – oauth_nonce – oauth_signature_method – oauth_timestamp – oauth_version Sample response: oauth_token=94ab03c4-ae2c-45e4-8732- 0e6c4899db63&oauth_token_secret=be6ccb24-bf0a-4ea8-a4b1- 0a70508e452b&oauth_callback_confirmed=true&oauth_expire s_in=599
- 7. Anatomy of an OAuth Request 2. Redirect the User to our Authorization Server • Forward the user to LinkedIn’s authorization server where they'll authorize your application • User decides whether to authorize your application or deny the request using our standard authenication screen • One Click Login - Automatically (and immediately) redirect to the callback URL, if a. The current user is logged into LinkedIn. b. The current user has already granted an access token to your application. c. The access token has not expired. http://localhost/oauth_callback?oauth_token=94ab03c4-ae2c-45e4-8732-0e6c4899db63& oauth_verifier=98295 • Cancel Button - either the "Integration URL" you defined for your application, or, if that value is blank, the OAuth callback URL
- 8. Anatomy of an OAuth Request 3. Request the Access Token • Last step - Obtain an access token that actually gives you the agency to make requests on behalf of the LinkedIn member. – HTTP Method (POST) – Request URI (https://api.linkedin.com/uas/oauth/accessToken) – oauth_consumer_key – oauth_nonce – oauth_signature_method – oauth_timestamp – oauth_token – oauth_verifier – oauth_version • As a response to your request for an accessToken, your accessToken will be in the "oauth_token" field and an oauth_token_secret. oauth_token=f862f658-ad89-4fcb-995b-7a4c50554ff6&oauth_token_secret=a252d40e-f7f0- 4f31-a362-3451e168d5a5 4. Signing out
- 9. LinkedIn API • People – Profile API • http://api.linkedin.com/v1/people/~ • http://api.linkedin.com/v1/people/id=abcdefg • http://api.linkedin.com/v1/people/url=<public-profile-url> – Connections API • http://api.linkedin.com/v1/people/~/connections – People Search API • Network Updates / Status – Get Network Updates API – Post Network Updates – Commenting on & Reading Comments in Network Updates – Share API • Communications – Messaging Between Connections – Invitation API
- 10. Throttle Limits • Designed to ensure maximum performance for all developers and to protect the user experience of all users on LinkedIn. • Three types of throttles applied to all API keys: – Application throttles: Limit the number of each API call your application can make using its API key. – User throttles: Limit the number of calls for any individual user of your application. – Developer throttles: For people listed as developers on their API keys. Approximately four times higher than the user throttles for most calls. • Throttled Responses – 403 HTTP status code with a response body containing an XML document. <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <error> <status>403</status> <timestamp>1264619093714</timestamp> <error-code>0000</error-code> <message>Throttle limit for calls to this resource is reached.</message> </error>