LinkedIn login integration

LinkedIn login integration allows your users to sign in using their professional LinkedIn account. It leverages OAuth 2.0, a secure authorization protocol, to obtain limited access to a user’s LinkedIn profile without requiring them to expose their credentials to your application.

This is useful for:

• Job portals
• Portfolio websites
• Professional communities
• Learning management systems
• Event registration forms

---

Overview of the Steps

1. Create a LinkedIn Developer Application
2. Get OAuth 2.0 credentials
3. Generate the login button
4. Redirect to LinkedIn authorization page
5. Receive the authorization code
6. Exchange the code for an access token
7. Fetch the user’s profile information
8. Handle the login logic in your app

---

Step 1: Create a LinkedIn Developer Application

1. Go to the LinkedIn Developer Portal
2. Click Create App
3. Fill in:
   • App Name
   • LinkedIn Page (optional)
   • App Logo
   • Business email
4. Agree to terms and create the app
5. Go to the Auth tab of the app and take note of:
   • Client ID
   • Client Secret
6. Add your Redirect URI (e.g., https://yourdomain.com/linkedin/callback)

---

Step 2: Get OAuth 2.0 Authorization Credentials

Once your app is created, configure the OAuth 2.0 settings:

• Client ID: Unique identifier for your application
• Client Secret: Keep this safe and never expose it on the front-end
• Redirect URI: The URL where users are sent after login

Make sure your app is in Development Mode unless you’ve submitted it for LinkedIn review.

---

Step 3: Generate the LinkedIn Login URL

You can use this login URL to redirect users:

https://www.linkedin.com/oauth/v2/authorization?response_type=code
&client_id=YOUR_CLIENT_ID
&redirect_uri=YOUR_REDIRECT_URI
&scope=r_liteprofile%20r_emailaddress

Explanation:

• response_type=code: Requests an authorization code
• client_id: Your LinkedIn app’s Client ID
• redirect_uri: Must match what you added in the LinkedIn app
• scope: Permissions requested

Common scopes:

• r_liteprofile — Basic profile (ID, first/last name, profile picture)
• r_emailaddress — Email address

---

Step 4: Redirect to LinkedIn Authorization Page

On your login page, include a button or link:

<a href="https://www.linkedin.com/oauth/v2/authorization?response_type=code
&client_id=YOUR_CLIENT_ID
&redirect_uri=https://yourdomain.com/linkedin/callback
&scope=r_liteprofile%20r_emailaddress">
  Login with LinkedIn
</a>

When users click, they’re taken to LinkedIn to grant permissions.

---

Step 5: Handle the Callback and Get the Authorization Code

LinkedIn redirects back to your site like this:

https://yourdomain.com/linkedin/callback?code=AUTHORIZATION_CODE

You must now use this code to obtain an access token.

---

Step 6: Exchange the Authorization Code for an Access Token

Use a server-side POST request (recommended) to:

POST https://www.linkedin.com/oauth/v2/accessToken

Headers: Content-Type: application/x-www-form-urlencoded

Body:

grant_type=authorization_code
&code=AUTHORIZATION_CODE
&redirect_uri=YOUR_REDIRECT_URI
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET

Sample in Node.js (using Axios):

const axios = require('axios');

async function getAccessToken(code) {
  const res = await axios.post('https://www.linkedin.com/oauth/v2/accessToken', new URLSearchParams({
    grant_type: 'authorization_code',
    code: code,
    redirect_uri: 'https://yourdomain.com/linkedin/callback',
    client_id: 'YOUR_CLIENT_ID',
    client_secret: 'YOUR_CLIENT_SECRET'
  }));
  return res.data.access_token;
}

---

Step 7: Fetch the User’s LinkedIn Profile

Use the access token to fetch user profile and email:

Basic profile:

GET https://api.linkedin.com/v2/me

Email:

GET https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))

With Authorization Header:

Authorization: Bearer ACCESS_TOKEN

Sample in Node.js:

async function getLinkedInProfile(token) {
  const profileRes = await axios.get('https://api.linkedin.com/v2/me', {
    headers: { Authorization: `Bearer ${token}` }
  });

  const emailRes = await axios.get('https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))', {
    headers: { Authorization: `Bearer ${token}` }
  });

  return {
    firstName: profileRes.data.localizedFirstName,
    lastName: profileRes.data.localizedLastName,
    email: emailRes.data.elements[0]['handle~'].emailAddress
  };
}

---

Step 8: Use the Data in Your App

Once you have the user’s profile data, you can:

• Create a user account
• Start a session or token
• Store the profile info in your database
• Redirect to the dashboard or user area

---

Security Tips

• Always validate the authorization code and token server-side
• Never expose your Client Secret in the browser
• Use HTTPS for all redirect URIs
• Monitor LinkedIn’s rate limits (1000 API calls per day for most dev apps)
• Clean up expired tokens if you store them

---

Error Handling

LinkedIn may send error codes such as:

• access_denied: User did not approve the app
• invalid_scope: Requesting a permission your app is not approved for
• invalid_redirect_uri: Mismatch between URI and app settings

Always validate and catch exceptions during token and profile requests.