Difference between revisions of "OAuth 2 LinkedIn service"

Jump to: navigation, search
 
Line 1: Line 1:
 
{{OAuth2}}
 
{{OAuth2}}
=== Setup App in LinkedIn ===
 
  
To setup  an OAuth 2 client with LinkedIn, first we need to login to the [https://developer.linkedin.com/ LinkedIn Developers page] and create a new app.
+
From 1 May 2019, LinkedIn no longer support their v1 API, which could previously be configured as an OAuth 2 authentication method in Moodle. According to LinkedIn's v2 API [https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/migration-faq?context=linkedin/consumer/context migration documentation], the new API replaces the old basic user information endpoint with a 'lite' endpoint, which does not include a user's email address (which must be retrieved from a separate endpoint).
  
[[File:linkedin-1-new-app.png|none|frame|New App]]
+
Since email address is a required field in Moodle, and our OAuth 2 implementation currently requires all user information to be retrieved from a single endpoint, the LinkedIn v2 API currently appears to be incompatible with Moodle's "Custom OAuth 2 Service" feature.
 
 
Enable the r_basicprofile and r_emailaddress permissions and enter the OAuth 2 authorized redirect URL. This is your site url followed by /admin/oauth2callback.php (e.g. for a Moodle site of <nowiki>https://teach.me/moodle/</nowiki> the callback url should be <nowiki>https://teach.me/moodle/admin/oauth2callback.php</nowiki>).
 
 
 
[[File:linkedin-2-configure-app.png|none|frame|Configure App]]
 
 
 
Make sure you save your changes and record your client id and client secret.
 
 
 
Now you have configured your LinkedIn App - you can add the required information to Moodle.
 
 
 
=== Setup Moodle as a Client for LinkedIn ===
 
 
 
LinkedIn does not have a "template" in Moodle so we will need to configure it as a "Custom OAuth 2 Service". From the "Site administration > Server > OAuth 2 services" page click on "Create new custom service".
 
 
 
Use "LinkedIn" as the name (This is displayed on the login page).
 
 
 
Enter your client id and secret for the LinkedIn App that you created earlier. Ensure that the "Authenticate token requests via HTTP headers" checkbox is disabled.
 
 
 
For the "Scopes included in a login request" and "Scopes included in a login request for offline access" use "r_basicprofile r_emailaddress" which means fetch basic profile information as well as the users email address.
 
 
 
Enter a url to a logo image.
 
 
 
Check the box for "Show on login page".
 
 
 
Save the details and you should be returned to the list of OAuth 2 Services.
 
 
 
We still need to provide information on the mappings between linked in user fields and moodle fields as well as the URL's to access the LinkedIn APIs.
 
 
 
First we will setup the API URL's.
 
 
 
Click on the "Configure Endpoints" icon for the LinkedIn service.
 
 
 
Add 3 endpoints as listed below.
 
 
 
<code>
 
userinfo_endpoint https://api.linkedin.com/v1/people/~:(id,email-address,first-name,last-name,picture-url)?format=json
 
 
 
authorization_endpoint https://www.linkedin.com/oauth/v2/authorization
 
 
 
token_endpoint         https://www.linkedin.com/oauth/v2/accessToken
 
</code>
 
 
 
Now we need to add the mapping from LinkedIn user fields to Moodle user fields. From the list of OAuth services click on the "Configure user field mappings" icon.
 
 
 
Add the following user field mappings:
 
 
 
<code>
 
firstName        firstname
 
lastName          lastname
 
emailAddress      email
 
pictureUrl        picture
 
</code>
 
 
 
The final step is to make sure the OAuth 2 authentication plugin is enabled and you should now be able to login with LinkedIn.
 
  
 +
We are continuing to investigate a workaround for the new API, and will update this documentation further when a solution can be found. In the meantime, if you have any information that may assist with this, please contribute to Tracker issue MDL-65637.
 
[[es:Servicio OAuth 2 Linkedln]]
 
[[es:Servicio OAuth 2 Linkedln]]
 
[[de:OAuth2 LinkedIn Service]]
 
[[de:OAuth2 LinkedIn Service]]

Latest revision as of 05:27, 29 May 2019


From 1 May 2019, LinkedIn no longer support their v1 API, which could previously be configured as an OAuth 2 authentication method in Moodle. According to LinkedIn's v2 API migration documentation, the new API replaces the old basic user information endpoint with a 'lite' endpoint, which does not include a user's email address (which must be retrieved from a separate endpoint).

Since email address is a required field in Moodle, and our OAuth 2 implementation currently requires all user information to be retrieved from a single endpoint, the LinkedIn v2 API currently appears to be incompatible with Moodle's "Custom OAuth 2 Service" feature.

We are continuing to investigate a workaround for the new API, and will update this documentation further when a solution can be found. In the meantime, if you have any information that may assist with this, please contribute to Tracker issue MDL-65637.