LinkedIn验证用户身份验证令牌服务器端 [英] LinkedIn verify user auth token server side

问题描述

经过一天的研究，我结束了以下问题。我正在使用ember.js构建一个Web应用程序，目前我正在使用linkedin javascript sdk实现LinkedIn登录。我遇到的问题是，在收到用户信息（令牌，电子邮件，名字等）之后，我需要在服务器端验证此令牌以进行盛会。不幸的是，文档对我来说不是很清楚。我可以使用IN.ENV.auth访问令牌（或令牌的种类），但是当我尝试从它们中验证一个时，我收到无效请求。在服务器端，我正在使用节点，示例代码如下所示：

  var request = require（'request'） ; 
 var options = {
 url：'https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=TOKEN_RECIEVED_THROUGH_IN.ENV.auth&redirect_uri=my-domain&client_id = API_CLIENT_ID& client_secret = API_SECRET_KEY'
}; 
请求（选项，函数（错误，res，正文）{
 console.log（正文）; 
}）; 
  

来自sdk的回复是这样的：

  anonymous_expires_in：1800 
 anonymous_token：4u948tas123asfK9DJx9HFYJgcsBFlhIFu93gG
 api_key：API_KEY
 is_set_client_auth_cookie：false 
 member_id：4a13sdasFeD
 oauth_expires_in：1800 
 oauth_token：66Dy9V123lL7H823ddl-5L-KVmg184k0dhAaS
  

谢谢预付款。

解决方案

从JS SDK和服务器端OAuth授予的LinkedIn auth令牌不一样。

LinkedIn的开发者网站上记录了一个流程，解释了如何为REST API /服务器端令牌交换JS令牌： https://developer-programs.linkedin.com/documents/exchange-jsapi-tokens-rest-api- oauth-tokens

after 1 day of research, I've ended with the following issue. I'm building an web app with ember.js and currently I'm implementing LinkedIn login, using linkedin javascript sdk. The problem that I have is that after I recieve user information (token, email, first name and etc) I need to verify this token on server side in order to grand session. Unfortunately, the documentation is not very clear for me. I can access token ( or kind of a token ) using IN.ENV.auth, but when I try to validate one from both of them, I recieve "invalid request". On the server side I'm using node and a sample code look like that:

var request = require('request');
var options = {
    url: 'https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=TOKEN_RECIEVED_THROUGH_IN.ENV.auth&redirect_uri=my-domain&client_id=API_CLIENT_ID&client_secret=API_SECRET_KEY'
};
request(options,function(err,res,body){
    console.log(body);
});

The response from the sdk is like that:

anonymous_expires_in: 1800
anonymous_token: "4u948tas123asfK9DJx9HFYJgcsBFlhIFu93gG"
api_key: "API_KEY"
is_set_client_auth_cookie: false
member_id: "4a13sdasFeD"
oauth_expires_in: 1800
oauth_token: "66Dy9V123lL7H823ddl-5L-KVmg184k0dhAaS"

Thanks in advance.

解决方案

LinkedIn auth tokens granted from the JS SDK and server-side OAuth are not the same.

There is a process documented on LinkedIn's developer website that explains how to exchange a JS token for a REST API/server-side token: https://developer-programs.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens

这篇关于LinkedIn验证用户身份验证令牌服务器端的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！