I have an andorid app and i am trying to implement linkedIn login in it. LinkedIn SDK has been successfully integrated and i am getting user information as well along with the email address. Here is how my application works for google login : 1) get access token on mobile 2) send email address with access token to server 3) fetch details of users with access token i received via webapi of google. 4) if the response email matches with the email received from mobile device then check for account exists or not of that email address . If not create account and login other wise login. <hr> Problem with linkedIn : The access token i have received belongs to mobile sdk and i cannot use the same token to make REST API request. (as per documentation) <blockquote> Mobile vs. server-side access tokens It is important to note that access tokens that are acquired via the Mobile SDK are only useable with the Mobile SDK, and cannot be used to make server-side REST API calls. Similarly, access tokens that you already have stored from your users that authenticated using a server-side REST API call will not work with the Mobile SDK. </blockquote> So how to verify details in step 3) i mentioned above on my webserver ? <hr> Is It a disaster ? I am sure there has to be a way to do what i am trying to do, as there are many applications which let their users login through linkedin on their mobile apps. Because if its not possible then anyone can easily change the email address the mobile app is sending to webserver after receiving from linkedin and i can login with any email address i want by doing that.

Like you said, you can't do it. Instead you have to use a different approach, get the required info on the device, returned by LinkedIn and send it to your server. Use HTTPs connections to avoid MITM attacks. If you app is downloaded from official information shouldn't be modified on device. ANOTHER SECURITY MECHANISMS: If you want more security, you could for example encrypt data on server, send HASH to mobile, use your LinkedIn token to consult information and with another algorithm compare that data received is the same. But I think that this a too expensive mechanism that should be resolved only using HTTPS connections and not downloading the APK from non official stores.

How to properly implement linkedIn login ?

I have an andorid app and i am trying to implement linkedIn login in it. LinkedIn SDK has been successfully integrated and i am getting user information as well along with the email address.

Here is how my application works for google login :

1) get access token on mobile

2) send email address with access token to server

3) fetch details of users with access token i received via webapi of google.

4) if the response email matches with the email received from mobile device then check for account exists or not of that email address . If not create account and login other wise login.

Problem with linkedIn :

The access token i have received belongs to mobile sdk and i cannot use the same token to make REST API request. (as per documentation)

Mobile vs. server-side access tokens

It is important to note that access tokens that are acquired via the Mobile SDK are only useable with the Mobile SDK, and cannot be used to make server-side REST API calls.

Similarly, access tokens that you already have stored from your users that authenticated using a server-side REST API call will not work with the Mobile SDK.

So how to verify details in step 3) i mentioned above on my webserver ?

Is It a disaster ? I am sure there has to be a way to do what i am trying to do, as there are many applications which let their users login through linkedin on their mobile apps.

Because if its not possible then anyone can easily change the email address the mobile app is sending to webserver after receiving from linkedin and i can login with any email address i want by doing that.

How do I integrate with LinkedIn?

Click on the LinkedIn icon. Your Profile Card will show you possible profile matches. Choose one and click Connect. Continue your LinkedIn.com integration by clicking Continue to LinkedIn.

How do I create a redirect URL on LinkedIn?

Click the Me icon at the top of your LinkedIn homepage. Click View Profile. Click Edit public profile & URL on the right side. You'll be redirected to the Public profile settings page.

Like you said, you can't do it.

Instead you have to use a different approach, get the required info on the device, returned by LinkedIn and send it to your server. Use HTTPs connections to avoid MITM attacks.

If you app is downloaded from official information shouldn't be modified on device.

ANOTHER SECURITY MECHANISMS: If you want more security, you could for example encrypt data on server, send HASH to mobile, use your LinkedIn token to consult information and with another algorithm compare that data received is the same.

But I think that this a too expensive mechanism that should be resolved only using HTTPS connections and not downloading the APK from non official stores.

How to properly implement linkedIn login ?

Tags:

android

oauth

oauth-2.0

linkedin

linkedin-api

Varun Verma

People also ask

1 Answers

Gustavo Morales

Recent Activity

Donate For Us

How to properly implement linkedIn login ?

Tags:

android

oauth

oauth-2.0

linkedin

linkedin-api

Varun Verma

People also ask

1 Answers

Gustavo Morales

Related questions

Recent Activity

Donate For Us