Using Oauth2 with    LinkedIn     Kamyar Mohager    LinkedIn Platform Team                                           Devel...
Why botherauthorizing?                  Developer Relations
Not secure              Developer Relations
We need a way toconnect our LinkedIn identity securely to   an application…                      Developer Relations
OAuth 1.0a              Developer Relations
Secure, but…•  Relies on a calculated signature to ensure  security between server and consumer•  Secure for end user but ...
OAuth 1.0a SignatureSignature Base String	POST&https%3A%2F%2Fapi.linkedin.com%2Fv1%2Fpeople%2F~%2Fshares&oauth_consumer_ke...
OAuth 2.0•  Easier to code•  Relies on SSL instead of complicated  signatures•  Still provides secure authorization for  e...
LinkedIn + OAuth 2.0  How easy is it to authorize a   LinkedIn user to my app??                                    Develop...
Step 1REGISTER YOUR APP                     Developer Relations
Go to https://www.linkedin.com/secure/developer                to register your app                                       ...
Step 2GET AN AUTHORIZATION CODE                             Developer Relations
Redirect user to login       dialog                    Developer Relations
User grants access                                  Developer Relations
The redirected URL                  Developer Relations
Step 3UPGRADE AUTH CODE FOR AN ACCESSTOKEN                           Developer Relations
It’s all about SSL                      Developer Relations
You’re auth’dResponse                             Developer Relations
So what’s the gist of all         this?  https://gist.github.com/4028833                                Developer Relations
Open Source Libraries•  https://github.com/intridea/oauth2  (ruby)•  https://github.com/litl/rauth (python)•  https://gith...
Questions?" Thanks!              Developer Relations
Upcoming SlideShare
Loading in...5
×

OAuth2 and LinkedIn

5,425

Published on

A brief hackday presentation on using the LinkedIn Platform with OAuth2

Published in: Technology

Transcript of "OAuth2 and LinkedIn"

  1. 1. Using Oauth2 with LinkedIn Kamyar Mohager LinkedIn Platform Team Developer Relations
  2. 2. Why botherauthorizing? Developer Relations
  3. 3. Not secure Developer Relations
  4. 4. We need a way toconnect our LinkedIn identity securely to an application… Developer Relations
  5. 5. OAuth 1.0a Developer Relations
  6. 6. Secure, but…•  Relies on a calculated signature to ensure security between server and consumer•  Secure for end user but pain for developer to implement•  Difficult to debug 401 unauthorized when signature is bad (nonce, timestamp, etc)•  Not all OAuth libraries are created equal Developer Relations
  7. 7. OAuth 1.0a SignatureSignature Base String POST&https%3A%2F%2Fapi.linkedin.com%2Fv1%2Fpeople%2F~%2Fshares&oauth_consumer_key%3Dmy1sh8ponem4%26oauth_nonce%3D511F013D-C950-46EF-B8FF-DE48AA6708D8%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1355356360%26oauth_token%3D935e5a8b-4787-4792-a377-4b0e8bae5029%26oauth_version%3D1.0 Signature wUGmSixTSUTTKA92Ytxj6rMeAAM= HTTP Authentication Header OAuth oauth_nonce="511F013D-C950-46EF-B8FF-DE48AA6708D8"oauth_timestamp="1355356360" oauth_version="1.0"oauth_signature_method="HMAC-SHA1" oauth_consumer_key=”XXXXXXXXX"oauth_token="935e5a8b-4787-4792-a377-4b0e8bae5029"oauth_signature="wUGmSixTSUTTKA92Ytxj6rMeAAM%3D" URL https://api.linkedin.com/v1/people/~/shares Developer Relations
  8. 8. OAuth 2.0•  Easier to code•  Relies on SSL instead of complicated signatures•  Still provides secure authorization for end user•  Supports scopes for granular member permissions Developer Relations
  9. 9. LinkedIn + OAuth 2.0 How easy is it to authorize a LinkedIn user to my app?? Developer Relations
  10. 10. Step 1REGISTER YOUR APP Developer Relations
  11. 11. Go to https://www.linkedin.com/secure/developer to register your app Developer Relations
  12. 12. Step 2GET AN AUTHORIZATION CODE Developer Relations
  13. 13. Redirect user to login dialog Developer Relations
  14. 14. User grants access Developer Relations
  15. 15. The redirected URL Developer Relations
  16. 16. Step 3UPGRADE AUTH CODE FOR AN ACCESSTOKEN Developer Relations
  17. 17. It’s all about SSL Developer Relations
  18. 18. You’re auth’dResponse Developer Relations
  19. 19. So what’s the gist of all this? https://gist.github.com/4028833 Developer Relations
  20. 20. Open Source Libraries•  https://github.com/intridea/oauth2 (ruby)•  https://github.com/litl/rauth (python)•  https://github.com/adoy/PHP-OAuth2 (php)•  http://www.springsource.org/spring- social (java) Developer Relations
  21. 21. Questions?" Thanks! Developer Relations

×