ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

OAuth2 and LinkedIn

?
?
Kamyar Mohager
Kamyar Mohager

OAuth 2.0 provides an easier way to authorize users compared to OAuth 1.0 by relying on SSL instead of complex signatures. The process involves registering an app, redirecting the user to LinkedIn for authorization, and upgrading the authorization code for an access token. Open source libraries are available to help implement OAuth 2.0 in various programming languages.

1 of 21
Using Oauth2 with LinkedIn Kamyar Mohager LinkedIn Platform Team Developer Relations
Why bother authorizing? Developer Relations
Not secure Developer Relations
We need a way to connect our LinkedIn identity securely to an application¡­ Developer Relations
OAuth 1.0a Developer Relations
Secure, but¡­ ?? Relies on a calculated signature to ensure security between server and consumer ?? Secure for end user but pain for developer to implement ?? Dif?cult to debug 401 unauthorized when signature is bad (nonce, timestamp, etc) ?? Not all OAuth libraries are created equal Developer Relations
OAuth 1.0a Signature Signature Base String POST&https%3A%2F%2Fapi.linkedin.com%2Fv1%2Fpeople%2F~ %2Fshares&oauth_consumer_key%3Dmy1sh8ponem4%26oauth_nonce%3D511F013D- C950-46EF-B8FF-DE48AA6708D8%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1355356360%26oauth_token%3D935e5a8b-4787-4792- a377-4b0e8bae5029%26oauth_version%3D1.0 Signature wUGmSixTSUTTKA92Ytxj6rMeAAM= HTTP Authentication Header OAuth oauth_nonce="511F013D-C950-46EF-B8FF-DE48AA6708D8" oauth_timestamp="1355356360" oauth_version="1.0" oauth_signature_method="HMAC-SHA1" oauth_consumer_key=¡±XXXXXXXXX" oauth_token="935e5a8b-4787-4792-a377-4b0e8bae5029" oauth_signature="wUGmSixTSUTTKA92Ytxj6rMeAAM%3D" URL https://api.linkedin.com/v1/people/~/shares Developer Relations
OAuth 2.0 ?? Easier to code ?? Relies on SSL instead of complicated signatures ?? Still provides secure authorization for end user ?? Supports scopes for granular member permissions Developer Relations
LinkedIn + OAuth 2.0 How easy is it to authorize a LinkedIn user to my app?? Developer Relations
Step 1 REGISTER YOUR APP Developer Relations
Go to https://www.linkedin.com/secure/developer to register your app Developer Relations
Step 2 GET AN AUTHORIZATION CODE Developer Relations
Redirect user to login dialog Developer Relations
User grants access Developer Relations
The redirected URL Developer Relations
Step 3 UPGRADE AUTH CODE FOR AN ACCESS TOKEN Developer Relations
It¡¯s all about SSL Developer Relations
You¡¯re auth¡¯d Response Developer Relations
So what¡¯s the gist of all this? https://gist.github.com/4028833 Developer Relations
Open Source Libraries ?? https://github.com/intridea/oauth2 (ruby) ?? https://github.com/litl/rauth (python) ?? https://github.com/adoy/PHP-OAuth2 (php) ?? http://www.springsource.org/spring- social (java) Developer Relations
Questions?" Thanks! Developer Relations

More Related Content

OAuth2 and LinkedIn

  • 1. Using Oauth2 with LinkedIn Kamyar Mohager LinkedIn Platform Team Developer Relations
  • 2. Why bother authorizing? Developer Relations
  • 3. Not secure Developer Relations
  • 4. We need a way to connect our LinkedIn identity securely to an application¡­ Developer Relations
  • 5. OAuth 1.0a Developer Relations
  • 6. Secure, but¡­ ?? Relies on a calculated signature to ensure security between server and consumer ?? Secure for end user but pain for developer to implement ?? Dif?cult to debug 401 unauthorized when signature is bad (nonce, timestamp, etc) ?? Not all OAuth libraries are created equal Developer Relations
  • 7. OAuth 1.0a Signature Signature Base String POST&https%3A%2F%2Fapi.linkedin.com%2Fv1%2Fpeople%2F~ %2Fshares&oauth_consumer_key%3Dmy1sh8ponem4%26oauth_nonce%3D511F013D- C950-46EF-B8FF-DE48AA6708D8%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1355356360%26oauth_token%3D935e5a8b-4787-4792- a377-4b0e8bae5029%26oauth_version%3D1.0 Signature wUGmSixTSUTTKA92Ytxj6rMeAAM= HTTP Authentication Header OAuth oauth_nonce="511F013D-C950-46EF-B8FF-DE48AA6708D8" oauth_timestamp="1355356360" oauth_version="1.0" oauth_signature_method="HMAC-SHA1" oauth_consumer_key=¡±XXXXXXXXX" oauth_token="935e5a8b-4787-4792-a377-4b0e8bae5029" oauth_signature="wUGmSixTSUTTKA92Ytxj6rMeAAM%3D" URL https://api.linkedin.com/v1/people/~/shares Developer Relations
  • 8. OAuth 2.0 ?? Easier to code ?? Relies on SSL instead of complicated signatures ?? Still provides secure authorization for end user ?? Supports scopes for granular member permissions Developer Relations
  • 9. LinkedIn + OAuth 2.0 How easy is it to authorize a LinkedIn user to my app?? Developer Relations
  • 10. Step 1 REGISTER YOUR APP Developer Relations
  • 11. Go to https://www.linkedin.com/secure/developer to register your app Developer Relations
  • 12. Step 2 GET AN AUTHORIZATION CODE Developer Relations
  • 13. Redirect user to login dialog Developer Relations
  • 14. User grants access Developer Relations
  • 15. The redirected URL Developer Relations
  • 16. Step 3 UPGRADE AUTH CODE FOR AN ACCESS TOKEN Developer Relations
  • 17. It¡¯s all about SSL Developer Relations
  • 18. You¡¯re auth¡¯d Response Developer Relations
  • 19. So what¡¯s the gist of all this? https://gist.github.com/4028833 Developer Relations
  • 20. Open Source Libraries ?? https://github.com/intridea/oauth2 (ruby) ?? https://github.com/litl/rauth (python) ?? https://github.com/adoy/PHP-OAuth2 (php) ?? http://www.springsource.org/spring- social (java) Developer Relations
  • 21. Questions?" Thanks! Developer Relations