linkedin-apilinkedin-jsapi

Retrieve Access Token with LinkedIn JS SDK to use in Back-end


Currently I have both Facebook and LinkedIn Oauth2 flow working fine. Because in some cases I don't want the user to redirect to another page, I use the Facebook JS SDK that works fine, retrieving the access token and sending it to the server where I retrieve user data with REST calls.

Unfortunately, I'm not having success in doing the same with the LinkedIn JS SDK. The official documentation isn't helpful at all in that regard: https://developer.linkedin.com/docs/getting-started-js-sdk.

I retrieve user data in the server because it's easy to forge fake data in the client side and send it to the server, so a client side solution for that is not an option.

If I try to use the token that I get in js in the REST API I get Invalid access token. (401)

There are several opened questions that doesn't have any response (or a helpful response) here in SO:

2015-08-03 - No response: Javascript: Linkedin Access TOken

2016-05-29 - No response: can I get access token through LinknedIn JS SDK?

2016-08-31 - No helpful response (data is retrieved in the front-end): How to Get Access Token Using LinkedIn API JavaScript SDK

2017-06-30 - No helpful response: LinkedIn OAuth token with Javascript SDK


In the below question, there is a comment that says what I'm already guessing:

[...] Honestly I think the JS API is completely useless like this because if you can't verify/use the token server-side you basically cannot trust any of the information.

2015-07-22 - No helpful response (data is retrieved in the front-end): get linkedin Access Token with JavaScript SDK


There's some information about exchanging the Javascript API tokens with a REST API OAuth token, but in the references I've found the links are broken (and it would be impractical to do this, depending on the complexity, instead of using the token directly, like in the Facebook JS SDK):

http://developer.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens https://developer-programs.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens


So, I would like to know if there is some way to login with LinkedIn using the JS SDK and retrieve the user data in the back-end using REST calls (like I do in the Oauth2 flow), hopefully with official docs.


Solution

  • I've had the same problem and the only way I found to use the JS token was to add the header oauth_token instead of an Authorization Bearer header:

    POST https://api.linkedin.com/v1/people/~:(id,firstName,lastName,picture-url,email-address)?format=json
    Headers {
      'oauth_token': JS_TOKEN
    }
    

    The JS_TOKEN I'm reading on frontend from IN.ENV.auth.oauth_token.