UNPKG

passport-linkedin-oauth2

Version:

Passport for LinkedIn OAuth2 API v2

github.com/auth0/passport-linkedin-oauth2

auth0/passport-linkedin-oauth2

100 lines (76 loc) 3.38 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
A simple [Passport](http://passportjs.org/) strategy for LinkedIn OAuth2 that works with lite profile. ## Install npm install passport-linkedin-oauth2 ## Usage Register the strategy ~~~javascript var LinkedInStrategy = require('passport-linkedin-oauth2').Strategy; passport.use(new LinkedInStrategy({ clientID: LINKEDIN_KEY, clientSecret: LINKEDIN_SECRET, callbackURL: "http://127.0.0.1:3000/auth/linkedin/callback", scope: ['r_emailaddress', 'r_liteprofile'], }, function(accessToken, refreshToken, profile, done) { // asynchronous verification, for effect... process.nextTick(function () { // To keep the example simple, the user's LinkedIn profile is returned to // represent the logged-in user. In a typical application, you would want // to associate the LinkedIn account with a user record in your database, // and return that user instead. return done(null, profile); }); })); ~~~ and then authenticate as: ~~~javascript app.get('/auth/linkedin', passport.authenticate('linkedin', { state: 'SOME STATE' }), function(req, res){ // The request will be redirected to LinkedIn for authentication, so this // function will not be called. }); ~~~ the login callback: ~~~javascript app.get('/auth/linkedin/callback', passport.authenticate('linkedin', { successRedirect: '/', failureRedirect: '/login' })); ~~~ See [this](https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin?context=linkedin/consumer/context?trk=eml_mktg_gco_dev_api_comms) for details on LinkedIn API. ## Auto-handle `state` param The `state` param is used to prevent CSRF attacks, and is [required by the LinkedIn API](https://developer.linkedin.com/documents/authentication). You can ask Passport to handle the sending and validating of the `state` parameter by passing `state: true` as an option to the strategy: ~~~javascript var LinkedInStrategy = require('passport-linkedin-oauth2').Strategy; passport.use(new LinkedInStrategy({ clientID: LINKEDIN_KEY, clientSecret: LINKEDIN_SECRET, callbackURL: "http://127.0.0.1:3000/auth/linkedin/callback", scope: ['r_emailaddress', 'r_liteprofile'], state: true }, function(accessToken, refreshToken, profile, done) { // asynchronous verification, for effect... process.nextTick(function () { // To keep the example simple, the user's LinkedIn profile is returned to // represent the logged-in user. In a typical application, you would want // to associate the LinkedIn account with a user record in your database, // and return that user instead. return done(null, profile); }); })); ~~~ and then authenticate as: ~~~javascript app.get('/auth/linkedin', passport.authenticate('linkedin'), function(req, res){ // The request will be redirected to LinkedIn for authentication, so this // function will not be called. }); ~~~ ## Issue Reporting If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The [Responsible Disclosure Program](https://auth0.com/whitehat) details the procedure for disclosing security issues. ## Author [Auth0](auth0.com) ## License This project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.