Difference between revisions of "OAuth 2 LinkedIn service"

Jump to: navigation, search
(OAuth2 template)
 
(5 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
{{OAuth2}}
 
{{OAuth2}}
=== Setup App in LinkedIn ===
 
  
To setup  an OAuth 2 client with LinkedIn, first we need to login to the [[https://developer.linkedin.com/ LinkedIn Developers page]] and create a new app.
+
From 1 May 2019, LinkedIn no longer support their v1 API, which could previously be configured as an OAuth 2 authentication method in Moodle. According to LinkedIn's v2 API [https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/migration-faq?context=linkedin/consumer/context migration documentation], the new API replaces the old basic user information endpoint with a 'lite' endpoint, which does not include a user's email address (which must be retrieved from a separate endpoint).
  
[[File:linkedin-1-new-app.png|none|frame|New App]]
+
Since email address is a required field in Moodle, and our OAuth 2 implementation currently requires all user information to be retrieved from a single endpoint, the LinkedIn v2 API currently appears to be incompatible with Moodle's "Custom OAuth 2 Service" feature.
  
Enable the r_basicprofile and r_emailaddress permissions and enter the OAuth 2 authorized redirect URL. This is your site url followed by /admin/oauth2callback.php (e.g. for a Moodle site of https://teach.me/moodle/ the callback url should be https://teach.me/moodle/admin/oauth2callback.php)
+
We are continuing to investigate a workaround for the new API, and will update this documentation further when a solution can be found. In the meantime, if you have any information that may assist with this, please contribute to Tracker issue MDL-65637.
 
+
[[es:Servicio OAuth 2 Linkedln]]
[[File:linkedin-2-configure-app.png|none|frame|Configure App]]
+
[[de:OAuth2 LinkedIn Service]]
 
 
Make sure you save your changes and record your client id and client secret.
 
 
 
Now you have configured your LinkedIn App - you can add the required information to Moodle.
 
 
 
LinkedIn does not have a "template" in Moodle so we will need to configure it as a "Custom OAuth 2 Service". From the "Site administration > Server > OAuth 2 services" page click on "Create new custom service".
 
 
 
Use "LinkedIn" as the name (This is displayed on the login page).
 
 
 
Enter your client id and secret for the LinkedIn App that you created earlier.
 
 
 
For the "Scopes included in a login request" and "Scopes included in a login request for offline access" use "r_basicprofile r_emailaddress" which means fetch basic profile information as well as the users email address.
 
 
 
Enter a url to a logo image.
 
 
 
Check the box for "Show on login page".
 
 
 
Save the details and you should be returned to the list of OAuth 2 Services.
 
 
 
We still need to provide information on the mappings between linked in user fields and moodle fields as well as the URL's to access the LinkedIn APIs.
 
 
 
First we will setup the API URL's.
 
 
 
Click on the "Configure Endpoints" icon for the LinkedIn service.
 
 
 
Add 3 endpoints as listed below.
 
 
 
<code>
 
userinfo_endpoint https://api.linkedin.com/v1/people/~:(id,email-address,first-name,last-name,picture-url)?format=json
 
 
 
authorization_endpoint https://www.linkedin.com/oauth/v2/authorization
 
 
 
token_endpoint https://www.linkedin.com/oauth/v2/accessToken
 
</code>
 
 
 
Now we need to add the mapping from LinkedIn user fields to Moodle user fields. From the list of OAuth services click on the "Configure user field mappings" icon.
 
 
 
Add the following user field mappings:
 
 
 
<code>
 
firstName firstname
 
lastName lastname
 
emailAddress username
 
emailAddress email
 
pictureUrl picture
 
</code>
 
 
 
The final step is to make sure the OAuth 2 authentication plugin is enabled and you should now be able to login with LinkedIn.
 

Latest revision as of 05:27, 29 May 2019


From 1 May 2019, LinkedIn no longer support their v1 API, which could previously be configured as an OAuth 2 authentication method in Moodle. According to LinkedIn's v2 API migration documentation, the new API replaces the old basic user information endpoint with a 'lite' endpoint, which does not include a user's email address (which must be retrieved from a separate endpoint).

Since email address is a required field in Moodle, and our OAuth 2 implementation currently requires all user information to be retrieved from a single endpoint, the LinkedIn v2 API currently appears to be incompatible with Moodle's "Custom OAuth 2 Service" feature.

We are continuing to investigate a workaround for the new API, and will update this documentation further when a solution can be found. In the meantime, if you have any information that may assist with this, please contribute to Tracker issue MDL-65637.