Obtaining Access Token

We have briefly touched this topic before. Let's dive into the details.
Integrating social login in the application requires configuration on the developer portal of the social site. Two types of the authorization flow are supported.

  • Three legged auth
  • Two legged auth

In both cases, client_id and secret will be issued and will become a part of the service configuration for the login. For LinkedIn, the authorization code flow has the following steps:

  • Create a new service and specify the client id and client secret.
  • Provision application frontend to redirect the browser to LinkedIn's OAuth 2.0 authorization page where the member authenticates. After authentication, LinkedIn's authorization server passes an authorization code to the application.
  • The backend sends this code to LinkedIn using the service config and LinkedIn returns an access token. Access token is cached till it is expired and refreshed.
  • Application uses this token to call APIs on behalf of the member.
{
  "name" : "linkedin",
  "props" : {
    "grant_type" : "authorization_code",
    "oauthUrl" : "https://www.linkedin.com/oauth/v2/authorization",
    "tokenUrl" : "https://www.linkedin.com/oauth/v2/accessToken",
    "client_id" : "xxxxxxxxx",
    "client_secret" : "yyyyyyyyyyyyyy",
    "scope" : "r_liteprofile%20r_emailaddress",
    "userProfileApiSpecs" : [
      {
        "url" : "https://api.linkedin.com/v2/me?projection=(id,firstName,lastName,profilePicture(displayImage~:playableStreams))",
        "transformationFunction" : "userProfileMapper"
      },
      {
        "url" : "https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))",
        "transformationFunction" : "userEmailMapper"
      }
    ]
  },
  "type" : "externalService",
  "useOAuth" : true,
  "authBodyTemplate" : "response_type=code&client_id={client_id}",
  "useHttps" : true
}