Getting an OAuth Token
There are several ways to create OAuth requests. We strongly suggest that you use one of the existing OAuth libraries rather than trying to "roll your own".
Specific language examples:
When using one of the OAuth libraries, you don't really need to know the specifics of the authentication process beyond the basic flow. However, if you're interested in knowing more about the process, it is detailed here.
Request a requestToken
This request is made with a POST request to https://api.linkedin.com/uas/oauth/requestToken
For the requestToken step, the following components should be present in your string to sign:
Redirect the Member to our Authorization Server
Use the requestToken to forward the member to our authorization server where they'll authorize your application. Because LinkedIn runs on OAuth 1.0a, you must not add an oauth_callback parameter to this step. You need only forward the member to one of our authorization URL with your requestToken specified as a query parameter called "oauth_token".
Which URL you should use depends on whether you are using LinkedIn for authentication in your application or if you have your own user authentication system. Read the OAuth Overview and LinkedIn Details section on Authorization Paths to determine which path you should use for authorization.
The callback for this request will do the following:
- Redirect to the oauth_callback parameter given in the request with the oauth_token and oauth_verifier information
- If oauth_callback is not set, send the same information back to the "OAuth Callback URL" set for your application (see the OAuth Overview and LinkedIn Details section on Application Settings for more information)
- If neither is set, or if the oauth_callback is set to 'oob', the user will get an "out-of-band" experience (generally used for applications running outside of a web browser), where they will get the oauth_verifier as a PIN which they need to input into your application to complete the authorization process.
You'll want to temporarily store the oauth_verifier so that you can use it as part of your accessToken request in the next step. The oauth_token is the same requestToken you received in the first step.
In the examples used so far, the callback specified in the requestToken step would receive a request like this: http://localhost/oauth_callback?oauth_token=94ab03c4-ae2c-45e4-8732-0e6c4899db63&oauth_verifier=98295
If the member chooses to deny access to your application (by pressing the Cancel button in the authorization flow), we redirect them back to your server. We send them to either the "Integration URL" you defined for your application, or, if that value is blank, the OAuth callback URL you passed in your request. However we do not send a token or secret. Instead your callback will include the url parameter oauth_problem with the value user_refused.
Request the Access Token
We're almost done with the authorization dance. This is the last step where you obtain an access token that actually gives you the agency to make requests on behalf of the LinkedIn member.
This request is made with a POST request to https://api.linkedin.com/uas/oauth/accessToken
For the accessToken step, the following components should be present in your string to sign:
As a response to your request for an accessToken, your accessToken will be in the "oauth_token" field and an oauth_token_secret.
- Code Samples
- Handling Errors & Invalid Tokens
- Member Permissions Migration Guide
- OAuth 1.0a
- Core Concepts
- Job Posting
- Share and Social Stream
- Libraries and Tools
- LinkedIn Policies
- Integrating your OS X Mavericks Application with LinkedIn