LinkedIn's OAuth Details

Fri, 01/14/2011 - 13:50 — LIDeveloperAdmin

OAuth Settings for LinkedIn

Here's the information you need to get started using OAuth with LinkedIn.

  • LinkedIn API key and secret: Get these from our API Key page
  • The site: https://api.linkedin.com.
  • Request token path: /uas/oauth/requestToken
  • Access token path: /uas/oauth/accessToken
  • SSL is required for all authentication steps.

Configuring the LinkedIn Experience

There are several ways to customize the interaction between LinkedIn and your application.

Authorization Path

These are the URLs where you redirect the member to sign in and authorize your application

Standard Authorization Path

For sites that integrate LinkedIn as feature: https://www.linkedin.com/uas/oauth/authorize

Login with LinkedIn

For sites that primarily use LinkedIn for authentication (e.g. by showing users a "Login with LinkedIn" button): https://www.linkedin.com/uas/oauth/authenticate

This "authenticate" URL behaves identically to the authorization endpoint except for one scenario. If the following are all true:

The current member is logged into LinkedIn.

The current member has already granted an access token to your application.

The access token has not expired.

Then we will automatically (and immediately) redirect to the callback URL you specify, without interruption. This provides a great user experience - just a one click login! If any of the above conditions are not true, the member will see the normal authorization flow.

Login Buttons

To provide a consistent user experience across sites which leverage LinkedIn for authentication, we created a standard button. Please use it so our members will benefit from a familiar LinkedIn experience across the web.

Application Settings

Control the LinkedIn API authentication experience by setting fields in your Application Details. This page can be reached from the Developer Portal by selecting My Stuff->API Keys and then selecting the application.

OAuth Callback URL

If the "OAuth Callback URL" is defined, this is used as the callback for your request if the oauth_callback parameter is missing.  If neither is set, the "out-of-band" (aka oob) experience will happen for the user, and they will be given a PIN to input into your application to complete the authorization process.

Integration URL

If the "Integration URL" is defined, the "Cancel" button in the authorization flow will send the member to that URL.  If it is not defined, LinkedIn will redirect the member to the OAuth callback URL.  No token or secret is sent in this case. Instead, the callback is called with the url parameter "oauth_problem" set to "user_refused."

App Logo Secure URL

This field shows up when the user is authorizing your application on the login page.  Their image is on the left hand side, and if this field is set your logo will show up on the right hand side of the screen.  This provides a better user experience, and ties the flow more closely to your application.

Token Invalidation

Invalidate an OAuth token for your application by sending an OAuth signed GET request to:

https://api.linkedin.com/uas/oauth/invalidateToken

A 200 response indicates that the token was successfully invalidated.

OAuth Documentation