SlideShare a Scribd company logo

OAuth2 and LinkedIn

Kamyar Mohager, profile picture
Kamyar Mohager

OAuth 2.0 provides an easier way to authorize users compared to OAuth 1.0 by relying on SSL instead of complex signatures. The process involves registering an app, redirecting the user to LinkedIn for authorization, and upgrading the authorization code for an access token. Open source libraries are available to help implement OAuth 2.0 in various programming languages.

Technology
1 of 21
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Using Oauth2 with LinkedIn Kamyar Mohager LinkedIn Platform Team Developer Relations
Why bother authorizing? Developer Relations
Not secure Developer Relations
We need a way to connect our LinkedIn identity securely to an application… Developer Relations
OAuth 1.0a Developer Relations
Secure, but… •  Relies on a calculated signature to ensure security between server and consumer •  Secure for end user but pain for developer to implement •  Difficult to debug 401 unauthorized when signature is bad (nonce, timestamp, etc) •  Not all OAuth libraries are created equal Developer Relations
OAuth 1.0a Signature Signature Base String POST&https%3A%2F%2Fapi.linkedin.com%2Fv1%2Fpeople%2F~ %2Fshares&oauth_consumer_key%3Dmy1sh8ponem4%26oauth_nonce%3D511F013D- C950-46EF-B8FF-DE48AA6708D8%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1355356360%26oauth_token%3D935e5a8b-4787-4792- a377-4b0e8bae5029%26oauth_version%3D1.0 Signature wUGmSixTSUTTKA92Ytxj6rMeAAM= HTTP Authentication Header OAuth oauth_nonce="511F013D-C950-46EF-B8FF-DE48AA6708D8" oauth_timestamp="1355356360" oauth_version="1.0" oauth_signature_method="HMAC-SHA1" oauth_consumer_key=”XXXXXXXXX" oauth_token="935e5a8b-4787-4792-a377-4b0e8bae5029" oauth_signature="wUGmSixTSUTTKA92Ytxj6rMeAAM%3D" URL https://api.linkedin.com/v1/people/~/shares Developer Relations
OAuth 2.0 •  Easier to code •  Relies on SSL instead of complicated signatures •  Still provides secure authorization for end user •  Supports scopes for granular member permissions Developer Relations
LinkedIn + OAuth 2.0 How easy is it to authorize a LinkedIn user to my app?? Developer Relations
Step 1 REGISTER YOUR APP Developer Relations
Go to https://www.linkedin.com/secure/developer to register your app Developer Relations
Step 2 GET AN AUTHORIZATION CODE Developer Relations
Redirect user to login dialog Developer Relations
User grants access Developer Relations
The redirected URL Developer Relations
Step 3 UPGRADE AUTH CODE FOR AN ACCESS TOKEN Developer Relations
It’s all about SSL Developer Relations
You’re auth’d Response Developer Relations
So what’s the gist of all this? https://gist.github.com/4028833 Developer Relations
Open Source Libraries •  https://github.com/intridea/oauth2 (ruby) •  https://github.com/litl/rauth (python) •  https://github.com/adoy/PHP-OAuth2 (php) •  http://www.springsource.org/spring- social (java) Developer Relations
Questions?" Thanks! Developer Relations

More Related Content

PPT
Linkedin & OAuth
Umang Goyal
 
PPTX
A simple PHP LinkedIn OAuth 2.0 example
Mattia Reggiani
 
KEY
LinkedIn OAuth: Zero To Hero
Taylor Singletary
 
PPTX
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Aaron Parecki
 
PPTX
OAuth in the new .NET world (OWIN)
Emad Alashi
 
PPTX
Oauth 2.0
Manish Kumar Singh
 
PDF
Intro to API Security with Oauth 2.0
Functional Imperative
 
PPTX
OAuth 2 Presentation
Mohamed Ahmed Abdullah
 
Linkedin & OAuth
Umang Goyal
 
A simple PHP LinkedIn OAuth 2.0 example
Mattia Reggiani
 
LinkedIn OAuth: Zero To Hero
Taylor Singletary
 
Using ArcGIS with OAuth 2.0 - Esri DevSummit Dubai 2013
Aaron Parecki
 
OAuth in the new .NET world (OWIN)
Emad Alashi
 
Oauth 2.0
Manish Kumar Singh
 
Intro to API Security with Oauth 2.0
Functional Imperative
 
OAuth 2 Presentation
Mohamed Ahmed Abdullah
 

What's hot (15)

ODP
Mohanraj - Securing Your Web Api With OAuth
fossmy
 
PPTX
Securing your APIs with OAuth, OpenID, and OpenID Connect
Manish Pandit
 
PDF
The Many Flavors of OAuth - Understand Everything About OAuth2
Khor SoonHin
 
PPTX
UC2013 Speed Geeking: Intro to OAuth2
Aaron Parecki
 
PPTX
O auth2 with angular js
Bixlabs
 
PPTX
Securing RESTful Payment APIs Using OAuth 2
Jonathan LeBlanc
 
PPTX
Microservice with OAuth2
◄ vaquar khan ► ★✔
 
PPTX
OAuth2 & OpenID Connect
Marcin Wolnik
 
KEY
OAuth Introduction
h_marvin
 
PPTX
Creating a Sign On with Open id connect
Derek Binkley
 
PDF
Introduction to OAuth 2.0 - Part 2
Nabeel Yoosuf
 
PDF
User Management with LastUser
Kiran Jonnalagadda
 
PPT
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
PDF
Building an API Security Ecosystem
Prabath Siriwardena
 
PDF
Introduction to SAML 2.0
Mika Koivisto
 
Mohanraj - Securing Your Web Api With OAuth
fossmy
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Manish Pandit
 
The Many Flavors of OAuth - Understand Everything About OAuth2
Khor SoonHin
 
UC2013 Speed Geeking: Intro to OAuth2
Aaron Parecki
 
O auth2 with angular js
Bixlabs
 
Securing RESTful Payment APIs Using OAuth 2
Jonathan LeBlanc
 
Microservice with OAuth2
◄ vaquar khan ► ★✔
 
OAuth2 & OpenID Connect
Marcin Wolnik
 
OAuth Introduction
h_marvin
 
Creating a Sign On with Open id connect
Derek Binkley
 
Introduction to OAuth 2.0 - Part 2
Nabeel Yoosuf
 
User Management with LastUser
Kiran Jonnalagadda
 
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
Building an API Security Ecosystem
Prabath Siriwardena
 
Introduction to SAML 2.0
Mika Koivisto
 
Ad

Similar to OAuth2 and LinkedIn (20)

PPTX
Maintest3
Mohan Kumar Tadikimalla
 
PDF
Linkedin OAuth for curious people
Rory Cawley
 
PPTX
SSO with Social Login Integration & FastAPI Simplified
techprane
 
PPTX
API Management and Mobile App Enablement
CA API Management
 
KEY
OAuth 2.0
Alex Bilbie
 
PPTX
OAuth - Don’t Throw the Baby Out with the Bathwater
Apigee | Google Cloud
 
PDF
OAuth and OEmbed
leahculver
 
PPTX
OAuth
Adi Challa
 
PDF
oauth-for-credentials-security-in-rest-api-access
idsecconf
 
PPTX
Enterprise Access Control Patterns for Rest and Web APIs
CA API Management
 
PPT
Oauth2.0
Yasmine Gaber
 
PDF
A How-to Guide to OAuth & API Security
CA API Management
 
PDF
Secure Webservices
Matthias Käppler
 
PPTX
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
Brian Campbell
 
PPTX
Demystifying REST
Kirsten Hunter
 
PDF
OAuth Tokens
n|u - The Open Security Community
 
PPT
Oauth
Aakanksha Bhardwaj
 
PDF
Implementing open authentication_in_your_app
Nuhil Mehdy
 
PDF
OpenID and OAuth
Andrea Chiodoni
 
PDF
Distributed Identities with OpenID
Bastian Hofmann
 
Maintest3
Mohan Kumar Tadikimalla
 
Linkedin OAuth for curious people
Rory Cawley
 
SSO with Social Login Integration & FastAPI Simplified
techprane
 
API Management and Mobile App Enablement
CA API Management
 
OAuth 2.0
Alex Bilbie
 
OAuth - Don’t Throw the Baby Out with the Bathwater
Apigee | Google Cloud
 
OAuth and OEmbed
leahculver
 
OAuth
Adi Challa
 
oauth-for-credentials-security-in-rest-api-access
idsecconf
 
Enterprise Access Control Patterns for Rest and Web APIs
CA API Management
 
Oauth2.0
Yasmine Gaber
 
A How-to Guide to OAuth & API Security
CA API Management
 
Secure Webservices
Matthias Käppler
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
Brian Campbell
 
Demystifying REST
Kirsten Hunter
 
OAuth Tokens
n|u - The Open Security Community
 
Oauth
Aakanksha Bhardwaj
 
Implementing open authentication_in_your_app
Nuhil Mehdy
 
OpenID and OAuth
Andrea Chiodoni
 
Distributed Identities with OpenID
Bastian Hofmann
 
Ad

Recently uploaded (20)

PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
A Presentation on Artificial Intelligence
memembruh336
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Approach and Philosophy of On baking technology
30anthuong17
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Cloud computing and distributed systems.
kkkkkhan
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 

OAuth2 and LinkedIn

  • 1. Using Oauth2 with LinkedIn Kamyar Mohager LinkedIn Platform Team Developer Relations
  • 2. Why bother authorizing? Developer Relations
  • 3. Not secure Developer Relations
  • 4. We need a way to connect our LinkedIn identity securely to an application… Developer Relations
  • 5. OAuth 1.0a Developer Relations
  • 6. Secure, but… •  Relies on a calculated signature to ensure security between server and consumer •  Secure for end user but pain for developer to implement •  Difficult to debug 401 unauthorized when signature is bad (nonce, timestamp, etc) •  Not all OAuth libraries are created equal Developer Relations
  • 7. OAuth 1.0a Signature Signature Base String POST&https%3A%2F%2Fapi.linkedin.com%2Fv1%2Fpeople%2F~ %2Fshares&oauth_consumer_key%3Dmy1sh8ponem4%26oauth_nonce%3D511F013D- C950-46EF-B8FF-DE48AA6708D8%26oauth_signature_method%3DHMAC- SHA1%26oauth_timestamp%3D1355356360%26oauth_token%3D935e5a8b-4787-4792- a377-4b0e8bae5029%26oauth_version%3D1.0 Signature wUGmSixTSUTTKA92Ytxj6rMeAAM= HTTP Authentication Header OAuth oauth_nonce="511F013D-C950-46EF-B8FF-DE48AA6708D8" oauth_timestamp="1355356360" oauth_version="1.0" oauth_signature_method="HMAC-SHA1" oauth_consumer_key=”XXXXXXXXX" oauth_token="935e5a8b-4787-4792-a377-4b0e8bae5029" oauth_signature="wUGmSixTSUTTKA92Ytxj6rMeAAM%3D" URL https://api.linkedin.com/v1/people/~/shares Developer Relations
  • 8. OAuth 2.0 •  Easier to code •  Relies on SSL instead of complicated signatures •  Still provides secure authorization for end user •  Supports scopes for granular member permissions Developer Relations
  • 9. LinkedIn + OAuth 2.0 How easy is it to authorize a LinkedIn user to my app?? Developer Relations
  • 10. Step 1 REGISTER YOUR APP Developer Relations
  • 11. Go to https://www.linkedin.com/secure/developer to register your app Developer Relations
  • 12. Step 2 GET AN AUTHORIZATION CODE Developer Relations
  • 13. Redirect user to login dialog Developer Relations
  • 14. User grants access Developer Relations
  • 15. The redirected URL Developer Relations
  • 16. Step 3 UPGRADE AUTH CODE FOR AN ACCESS TOKEN Developer Relations
  • 17. It’s all about SSL Developer Relations
  • 18. You’re auth’d Response Developer Relations
  • 19. So what’s the gist of all this? https://gist.github.com/4028833 Developer Relations
  • 20. Open Source Libraries •  https://github.com/intridea/oauth2 (ruby) •  https://github.com/litl/rauth (python) •  https://github.com/adoy/PHP-OAuth2 (php) •  http://www.springsource.org/spring- social (java) Developer Relations
  • 21. Questions?" Thanks! Developer Relations