LS-Auth integration with Linkedin as IDP (OAuth)
Below are instructions to set up Linkedin as an IDP for LSAuth using OAuth.
Creating OAuth application on linkedin
-
Login to https://www.linkedin.com/developers/apps (TIP: Use a non-personal account to present your organization)
-
Select Create App on the top right corner
- Provide the information as highlighted below and click on create app.
- Once the App is created, navigate to the Auth tab on the top Nav and update the callback URL. Eg:
https://a.labshare.org/_api/v2/auth/authenticate/callback
Note down the Client ID and Client Secret. These will be used in setting up provider on UNA
Creating OAuth provider on LSAuth
-
Create a new Provider of type oauth2
-
Enter the clinet ID and Client Secret noted from Linkedin site above.
-
Authorization URL: https://www.linkedin.com/oauth/v2/authorization
-
Scope: r_liteprofile r_emailaddress
Config:
const request = require('request');
module.exports = async function(ctx, callback) {
const accessToken = ctx.secrets.accessToken;
const liteProfileUrl =
'https://api.linkedin.com/v2/me';
const emailUrl =
'https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))';
request.get(
liteProfileUrl,
{
auth: {
bearer: accessToken
},
json: true
},
(error, profileData) => {
if (error) {
callback(error, null);
return;
}
request.get(
emailUrl,
{
auth: {
bearer: accessToken
},
json: true
},
(error, emailData) => {
if (error) {
callback(error, null);
return;
}
callback(error, {
// Map all the profile attributes here
email: emailData.body.elements[0]['handle~'].emailAddress,
given_name: profileData.body.localizedFirstName,
family_name: profileData.body.localizedLastName,
username: profileData.body.id
});
}
);
}
);
}
NOTE: When you are logging in for the first time, Linkedin will ask for user confirmation on access request .