Categories
application linkedin login oauth2 php ubuntu

Login With LinkedIn Implementation in php with oauth 2.0

Hi Everyone, today we are going to implement login with linkedin feature in php with oauth 2.0. Nowadays, third party login systems are used a lot to ease the user on boarding process. Linkedin is yet another huge network, and a lot of platforms use their apis to onboard their user.

In order to login with linkedin, their user must be authenticated. To make this process as easy as possible, LinkedIn relies on the industry standard OAuth 2.0 protocol for granting access.

Create a linkedin application using your developer account.

1- Go to https://www.linkedin.com/secure/developer

2- Create a new application/ choose from any existing one.

3- After you have an application, note down its authentication keys, i.e., client id, client secret.

4- Select default application permissions (choose r_basicprofile, r_emailaddress).

5- Give absolute path to your redirect urls. A redirect url is the address of your apis, which handles the process after linkedin authenticates and responses back. You can give your corresponding local, development, production api absolute urls here.

6- Click on update to update your settings.

Use the application to implement login with linkedin feature.

7- On click of your login with linkedin button, redirect your user to https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=CLIENT_ID&redirect_uri=’+REDIRECT_URL_ABSOLUTE_PATH+’&state=’+UNIQUE_STRING+’&scope=r_basicprofile r_emailaddress

Above is a get request, with parameters and their values as, response_type=code, client_id= client id noted in step 3, redirect_uri=API path given in step 5, state=A unique string value of your choice that is hard to guess,Used to prevent CSRF(give it BGEeFWf45A53sdfKef424), scope=[r_basicprofile r_emailaddress]user information you wish to fetch from application(step 4)

8- If everything goes fine, the user should see a linkedin auth page. If not, fix the error you see. Usually, the error points are Relative redirect urls instead of absolute urls, scope value mismatch in step 4 and step 7.

login with linkedin

9- Click on allow, then you will be redirected to your redirect url with get parameters, code and state. You can use state value to confirm if it matches the value you sent to avoid any mitm attack, code value can be used to fetch the access token which in turn will be used to fetch data from linkedin application.
If clicked on cancel or some other error, you are still redirected to your redirect url with get parameter error explaining what had happpened.

10- If everything goes fine, make a post request to fetch access token at https://www.linkedin.com/oauth/v2/accessToken.
Also send post parameters, grant_type=authorization_code, code=code value received in step 9, redirect_uri=redirect_uri value used in step 7, client_id=client_id value used in step 7, client_secret=client secret value obtained in step 3.

public function send_req($url, $data, $method) {
$options = array(
‘http’ => array(
‘header’ => “Content-type: application/x-www-form-urlencoded\r\n”,
‘method’ => $method,
‘content’ => http_build_query($data)
)
);
$context = stream_context_create($options);
$result = file_get_contents($url, false, $context);
if ($result === FALSE) { /* Handle error */ }
if (gettype($result) == ‘string’) {
$result = json_decode($result, true);
} else if (gettype($result) == ‘object’) {
$result = array($result);
}
return $result;
}
$url = ‘https://www.linkedin.com/oauth/v2/accessToken’;
$data_access_token = array(
‘grant_type’ => ‘authorization_code’,
‘code’ => $code,
‘redirect_uri’ => REDIRECT_URI,
‘client_id’ => CLIENT_ID,
‘client_secret’ => CLIENT_SECRET
);
$access_token = $this->send_req($url, $data_access_token, ‘POST’)[‘access_token’];

Now, when you have access token, you can fetch data from linkedin using that.

11- Make a get request to https://api.linkedin.com/v1/people/~:(id,first-name,last-name,picture-url,public-profile-url,email-address)?format=json, to fetch your data. Pass in your access token as Authorization header. You will receive respective data in json format as asked.

public function fetch_linkedin_data($access_token) {
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => “https://api.linkedin.com/v1/people/~:(id,first-name,last-name,picture-url,public-profile-url,email-address)?format=json”,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => “”,
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 10,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => “GET”,
CURLOPT_HTTPHEADER => array(
“authorization: Bearer “.$access_token,
“cache-control: no-cache”,
“connection: Keep-Alive”
),
));
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
return “failed”;
} else {
$response = json_decode($response, true);
return $response;
}
}

If everything goes fine, you will receive json data of requested information. If sent a bad token, you will receive 401 error.

Now, you should be able to use the login with linkedin feature and must be having some clear idea of the same.

Github URL
LinkedIn Create Application
LinkedIn Implementation Guide

Leave a Reply