-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
connector: implement LinkedIn connector #1101
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome. Tried this out locally and it works great. Have a few nits but that's it.
connector/linkedin/linkedin.go
Outdated
client := c.oauth2Config.Client(ctx, token) | ||
profile, err := c.profile(ctx, client) | ||
if err != nil { | ||
return identity, fmt.Errorf("github: get profile: %v", err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: "github"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will fix.
connector/linkedin/linkedin.go
Outdated
|
||
identity = connector.Identity{ | ||
UserID: profile.ID, | ||
Username: profile.FirstName + " " + profile.LastName, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: we should be smarter about this value. e.g. ensure that the FirstName and LastName are actually set.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
connector/linkedin/linkedin.go
Outdated
identity = connector.Identity{ | ||
UserID: profile.ID, | ||
Username: profile.FirstName + " " + profile.LastName, | ||
Email: profile.Email, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please error if profile.Email isn't set.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's seems like an impossible condition. This is the main email that was used for registration and we always ask permission for r_emailaddress claim.
I'd add the check just to be sure anyway.
|
||
func (c *linkedInConnector) profile(ctx context.Context, client *http.Client) (p profile, err error) { | ||
// https://developer.linkedin.com/docs/fields/basic-profile | ||
req, err := http.NewRequest("GET", apiURL+"/people/~:(id,first-name,last-name,email-address)", nil) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is a really weird URL. ha
This conflicts with some additions in #1100 Mind rebasing? |
connector/linkedin implements authorization strategy via LinkedIn's OAuth2 endpoint + profile API. It doesn't implement RefreshConnector as LinkedIn doesn't provide any refresh token at all (https://developer.linkedin.com/docs/oauth2, Step 5 — Refresh your Access Tokens) and recommends ordinary AuthCode exchange flow when token refresh is required. Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
Do Refresh() by querying user's profile data. Since LinkedIn doesn't provide refresh tokens at all, and the access tokens have 60 days expiration, refresh tokens issued by Dex will fail to update after 60 days. Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Works like a charm. lgtm
connector: implement LinkedIn connector
connector/linkedin implements authorization strategy via LinkedIn's
OAuth2 endpoint + profile API.
It doesn't implement RefreshConnector as LinkedIn doesn't provide any
refresh token at all (https://developer.linkedin.com/docs/oauth2, Step 5
— Refresh your Access Tokens) and recommends ordinary AuthCode exchange
flow when token refresh is required.