0

I'd like to be able to use spring-social-linkedin with an application token much like I can do with spring-social-facebook with workarounds (Use app access token with spring-social facebook to query public pages).

My application only needs to query public pages, so should not need to be authenticated against a specific user: for example I'd query a public company page http://www.linkedin.com/company/google

I've been reading lots of documentation, but I'm a bit confused about where things are currently at. I don't think you can even instantiate a LinkedInTemplate any more with OAuth1 credentials via the constructor and the doco seems outdated (http://docs.spring.io/spring-social-linkedin/docs/1.0.x/reference/htmlsingle/#apis).

Does anyone know if LinkedIn has the capability of sever integration without the redirect_uri dance (obviously with only access to a subset of APIs that correlate to public info)?

Community
  • 1
  • 1
Matt Byrne
  • 4,908
  • 3
  • 35
  • 52

2 Answers2

0

Look at source of this test https://github.com/spring-projects/spring-social-linkedin/blob/master/spring-social-linkedin/src/test/java/org/springframework/social/linkedin/api/impl/CompanyTemplateTest.java :

    mockServer.expect(requestTo(CompanyTemplate.COMPANY_URL.replaceFirst("\\{id\\}", "/1337").replaceFirst("\\{filter\\}", "") + "&oauth2_access_token=ACCESS_TOKEN")).andExpect(method(GET))
        .andRespond(withSuccess(new ClassPathResource("company.json", getClass()), MediaType.APPLICATION_JSON));
    Company company = linkedIn.companyOperations().getCompany(1337);

    assertEquals(1337, company.getId());
    assertEquals("http://feeds.feedburner.com/LinkedInBlog", company.getBlogRssUrl());

Is this what you're looking for?

Alex Chernyshev
  • 1,719
  • 9
  • 11
  • Thanks Alex, but Craig's answer confirmed my concerns about the intention of the LinkedIn API and how spring-social interacts. It seems LinkedIn only intends use of its API with an authenticated end-user, unlike Facebook, Twitter, Google+ etc which allow server-side tokens to query certain APIs. Quite limiting :-( – Matt Byrne Jul 28 '14 at 22:29
  • I think it's not, at least I don't see any end user authentication here https://github.com/spring-projects/spring-social-linkedin/blob/master/spring-social-linkedin/src/test/java/org/springframework/social/linkedin/api/impl/AbstractLinkedInApiTest.java This is where test starts. – Alex Chernyshev Jul 29 '14 at 05:44
  • Yea but as Craig Walls says in his answer (Craig wrote that code), the LinkedInTemplate just needs a user token in order to make its calls and the test is just asserting the calls that are being made. LinkedIn servers still require a valid access token (this is different from your API key) which requires an OAuth 2 handshake to obtain. There are other classes in spring-social-linkedin that help you through this process, or you can do it yourself and pass the client token directly to LinkedInTemplate. – Matt Byrne Jul 29 '14 at 05:55
0

Apparently the new documentation wasn't properly published when SSLI 1.0.0.RELEASE was pushed. Thanks for the heads up...I'll try to get that fixed.

In the meantime...per LinkedIn's API documentation at https://developer.linkedin.com/documents/company-lookup-api-and-fields, all requests for company data must use an access token to make an authenticated call on behalf of a user. Therefore, you must get user authorization before you can make such calls. I believe that was true whether you are using OAuth 1.0a or OAuth 2.

Spring Social LinkedIn assumes that you'll be using OAuth 2 authorization, which is also what LinkedIn expects most apps will do (see https://developer.linkedin.com/documents/authentication). Therefore, all you need to give to LinkedInTemplate when instantiating it is a valid access token. How you obtain that access token, however, is another matter.

Spring Social's ConnectController can help you with the OAuth dance. But it sounds like you're wanting to know how to get an access token for the application, without involving user authorization. As far as I can tell (although I'll be happy to be corrected on this), LinkedIn does not support OAuth 2 client authorization. They do give you an access token on your application's registration page, but as best as I can tell, that's an OAuth 1.0a token and will not work with Spring Social. Even so, that token is still a user token...it's just a token authorized for you.

So, if company requests require an access token authorized to act on behalf of a user (per the docs), then I do not think you have any choice but to obtain an access token via user authorization. I suppose that you could authorize yourself and use that token for your application, but that's probably a misuse of the token...proceed at your own risk.

Craig Walls
  • 2,080
  • 1
  • 12
  • 13
  • Thanks Craig - you've confirmed my concerns. I've seen another application's code (in another language) using the application page's tokens directly in OAuth1 code and the app in question has been running for more than 60 days. I've read around the place that tokens now expire after 60 days (not sure if those OAuth1 tokens on the app page are special in that they don't expire) so the misuse workaround may not even work either in OAuth2 :-(. Have not confirmed this, but just a note for others. – Matt Byrne Jul 28 '14 at 22:43
  • Just an update on this since I was documenting it internally in our organisation. We need to authenticate as a user and get a user token and, yes, they expire every 60 days so you need to repeat this process. I mentioned that I saw user token credentials hardcoded in an older application and that they didn't seem to expire. This is because accounts created before around August 2013 (can't remember where I read this) could create user tokens that did not expire. Newer accounts generate the user tokens with expiry. – Matt Byrne Nov 27 '14 at 21:02