├── .github └── workflows │ └── ruby.yml ├── .gitignore ├── .rspec ├── Gemfile ├── LICENSE.txt ├── README.md ├── Rakefile ├── bin ├── console └── setup ├── lib ├── omniauth-linkedin-openid.rb ├── omniauth-linkedin-openid │ └── version.rb └── omniauth │ └── strategies │ └── linkedin.rb ├── omniauth-linkedin-openid.gemspec └── spec ├── omniauth └── strategies │ └── linkedin_spec.rb └── spec_helper.rb /.github/workflows/ruby.yml: -------------------------------------------------------------------------------- 1 | name: Ruby 2 | 3 | on: 4 | push: 5 | branches: [ master ] 6 | pull_request: 7 | branches: [ master ] 8 | 9 | jobs: 10 | test: 11 | runs-on: ubuntu-latest 12 | strategy: 13 | matrix: 14 | ruby-version: ['2.4', '2.5', '2.6', '2.7', '3.0', '3.1', '3.2', 'truffleruby-head'] 15 | 16 | steps: 17 | - uses: actions/checkout@v3 18 | - name: Set up Ruby ${{ matrix.ruby-version }} 19 | uses: ruby/setup-ruby@v1 20 | with: 21 | ruby-version: ${{ matrix.ruby-version }} 22 | bundler-cache: true 23 | - name: Build and test with Rake 24 | run: bundle exec rake 25 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.gem 2 | *.rbc 3 | .bundle 4 | .config 5 | .yardoc 6 | Gemfile.lock 7 | InstalledFiles 8 | _yardoc 9 | coverage 10 | doc/ 11 | lib/bundler/man 12 | /pkg 13 | rdoc 14 | spec/reports 15 | test/tmp 16 | test/version_tmp 17 | tmp 18 | -------------------------------------------------------------------------------- /.rspec: -------------------------------------------------------------------------------- 1 | --color 2 | --format progress 3 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | # Specify your gem's dependencies in omniauth-github.gemspec 4 | gemspec 5 | 6 | group :development, :test do 7 | gem 'rake' 8 | end 9 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2023 Jarrett Lusso 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # OmniAuth LinkedIn 2 | 3 | ![Ruby](https://github.com/jclusso/omniauth-linkedin-openid/workflows/Ruby/badge.svg?branch=master) 4 | [![Gem](https://img.shields.io/gem/v/omniauth-linkedin-openid)](https://rubygems.org/gems/omniauth-linkedin-openid) 5 | 6 | This is the a OmniAuth strategy for authenticating to LinkedIn using OpenID. To 7 | use it, you'll need to register an application on the 8 | [LinkedIn Apps Page](https://www.linkedin.com/developers/apps) to get your 9 | Client ID and Client Secret. Additionally, you'll need to request access to the 10 | "Sign In with LinkedIn using OpenID Connect" product. 11 | 12 | For more details, read the [Sign In with LinkedIn using OpenID Connect](https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin-v2) documentation. 13 | 14 | ## Installation 15 | 16 | ```ruby 17 | gem 'omniauth-linkedin-openid' 18 | ``` 19 | 20 | ## Usage 21 | 22 | ```ruby 23 | use OmniAuth::Builder do 24 | provider :linkedin, 25 | client_id: ENV['LINKEDIN_CLIENT_ID'], 26 | client_secret: ENV['LINKEDIN_CLIENT_SECRET'] 27 | end 28 | ``` 29 | 30 | ## Authenticating Members 31 | 32 | With the LinkedIn API, you have the ability to specify which permissions you want users to grant your application. For more details, read the LinkedIn [Authenticating Members](https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin-v2#authenticating-members) documentation. 33 | 34 | The following scopes are requested by default: 35 | 36 | 'openid profile email' 37 | 38 | Here is an example of how you can configure the `scope` option: 39 | 40 | ```ruby 41 | provider :linkedin, 42 | client_id: ENV['LINKEDIN_CLIENT_ID'], 43 | client_secret: ENV['LINKEDIN_CLIENT_SECRET'], 44 | scope: 'openid profile email' 45 | ``` 46 | 47 | ## Profile Fields 48 | 49 | When specifying which permissions you want users to grant to your application, you can also specify the array of fields that you want returned in the OmniAuth hash. The following fields are requested by default: 50 | 51 | ```ruby 52 | %w(id full-name first-name last-name picture-url email-address) 53 | ``` 54 | 55 | Here is an example of how you can configure the `fields` option: 56 | 57 | ```ruby 58 | provider :linkedin, 59 | client_id: ENV['LINKEDIN_CLIENT_ID'], 60 | client_secret: ENV['LINKEDIN_CLIENT_SECRET'], 61 | fields: %w(id full-name email-address) 62 | ``` 63 | 64 | To see a complete list of available fields, read the LinkedIn [Profile Fields](https://learn.microsoft.com/en-us/linkedin/shared/references/fields) documentation. 65 | 66 | ## Development 67 | 68 | After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment. 69 | 70 | ## Contributing 71 | 72 | Bug reports and pull requests are welcome on GitHub at https://github.com/jclusso/omniauth-linkedin-openid. 73 | 74 | ## License 75 | 76 | The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT). 77 | 78 | ## Credits 79 | 80 | Thanks to [@decioferreira](https://github.com/decioferreira) for making [omniauth-linkedin-oauth2](https://github.com/decioferreira/omniauth-linkedin-oauth2) which this was based on. 81 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | require 'bundler/gem_tasks' 2 | require 'rspec/core/rake_task' 3 | 4 | RSpec::Core::RakeTask.new 5 | 6 | desc 'Run specs' 7 | task :default => :spec 8 | -------------------------------------------------------------------------------- /bin/console: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # frozen_string_literal: true 3 | 4 | require "bundler/setup" 5 | require "omniauth-linkedin-openid" 6 | 7 | # You can add fixtures and/or initialization code here to make experimenting 8 | # with your gem easier. You can also use a different console, if you like. 9 | 10 | # (If you use this, don't forget to add pry to your Gemfile!) 11 | # require "pry" 12 | # Pry.start 13 | 14 | require "irb" 15 | IRB.start(__FILE__) 16 | -------------------------------------------------------------------------------- /bin/setup: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | set -vx 5 | 6 | bundle install 7 | 8 | # Do any other automated setup that you need to do here 9 | -------------------------------------------------------------------------------- /lib/omniauth-linkedin-openid.rb: -------------------------------------------------------------------------------- 1 | require "omniauth-linkedin-openid/version" 2 | require 'omniauth/strategies/linkedin' 3 | -------------------------------------------------------------------------------- /lib/omniauth-linkedin-openid/version.rb: -------------------------------------------------------------------------------- 1 | module OmniAuth 2 | module LinkedInOpenID 3 | VERSION = "1.0.2" 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /lib/omniauth/strategies/linkedin.rb: -------------------------------------------------------------------------------- 1 | require 'omniauth-oauth2' 2 | 3 | module OmniAuth 4 | module Strategies 5 | class LinkedIn < OmniAuth::Strategies::OAuth2 6 | option :name, 'linkedin' 7 | 8 | option :client_options, { 9 | :site => 'https://api.linkedin.com', 10 | :authorize_url => 'https://www.linkedin.com/oauth/v2/authorization?response_type=code', 11 | :token_url => 'https://www.linkedin.com/oauth/v2/accessToken', 12 | :token_method => :post_with_query_string 13 | } 14 | 15 | option :scope, 'openid profile email' 16 | option :fields, %w( 17 | id full-name first-name last-name picture-url email-address 18 | ) 19 | option :redirect_url 20 | 21 | uid do 22 | raw_info['sub'] 23 | end 24 | 25 | info do 26 | { 27 | email: raw_info['email'], 28 | first_name: raw_info['given_name'], 29 | last_name: raw_info['family_name'], 30 | picture_url: raw_info['picture'] 31 | } 32 | end 33 | 34 | extra do 35 | { 'raw_info' => raw_info } 36 | end 37 | 38 | def callback_url 39 | return options.redirect_url if options.redirect_url 40 | 41 | full_host + script_name + callback_path 42 | end 43 | 44 | alias :oauth2_access_token :access_token 45 | 46 | def access_token 47 | ::OAuth2::AccessToken.new(client, oauth2_access_token.token, { 48 | expires_in: oauth2_access_token.expires_in, 49 | expires_at: oauth2_access_token.expires_at, 50 | refresh_token: oauth2_access_token.refresh_token 51 | }) 52 | end 53 | 54 | def raw_info 55 | @raw_info ||= access_token.get(profile_endpoint).parsed 56 | end 57 | 58 | private 59 | 60 | def fields_mapping 61 | # https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin-v2?context=linkedin%2Fconsumer%2Fcontext#api-request-to-retreive-member-details 62 | { 63 | 'id' => 'sub', 64 | 'full-name' => 'name', 65 | 'first-name' => 'given_name', 66 | 'last-name' => 'family_name', 67 | 'picture-url' => 'picture' 68 | } 69 | end 70 | 71 | def fields 72 | options.fields.each.with_object([]) do |field, result| 73 | result << fields_mapping[field] if fields_mapping.has_key? field 74 | end 75 | end 76 | 77 | def profile_endpoint 78 | '/v2/userinfo' 79 | end 80 | 81 | def token_params 82 | super.tap do |params| 83 | params.client_secret = options.client_secret 84 | end 85 | end 86 | end 87 | end 88 | end 89 | 90 | OmniAuth.config.add_camelization 'linkedin', 'LinkedIn' 91 | -------------------------------------------------------------------------------- /omniauth-linkedin-openid.gemspec: -------------------------------------------------------------------------------- 1 | # -*- encoding: utf-8 -*- 2 | require File.expand_path('../lib/omniauth-linkedin-openid/version', __FILE__) 3 | 4 | Gem::Specification.new do |gem| 5 | gem.authors = 'Jarrett Lusso' 6 | gem.email = 'jclusso@gmail.com' 7 | gem.description = 'OmniAuth strategy for LinkedIn using OpenID.' 8 | gem.summary = 'OmniAuth strategy for LinkedIn using OpenID.' 9 | gem.homepage = 'https://github.com/jclusso/omniauth-linkedin-openid' 10 | gem.license = 'MIT' 11 | 12 | gem.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) } 13 | gem.files = `git ls-files`.split("\n") 14 | gem.test_files = `git ls-files -- {test,spec,features}/*`.split("\n") 15 | gem.name = 'omniauth-linkedin-openid' 16 | gem.require_paths = ['lib'] 17 | gem.version = OmniAuth::LinkedInOpenID::VERSION 18 | 19 | gem.metadata = { 20 | "bug_tracker_uri" => "https://github.com/jclusso/omniauth-linkedin-openid/issues", 21 | "documentation_uri" => "https://github.com/jclusso/omniauth-linkedin-openid/README.md", 22 | "source_code_uri" => "https://github.com/jclusso/omniauth-linkedin-openid" 23 | } 24 | 25 | gem.add_dependency 'oauth2', '~> 2.0' 26 | gem.add_dependency 'omniauth', '~> 2.0' 27 | gem.add_dependency 'omniauth-oauth2', '~> 1.8' 28 | gem.add_development_dependency 'rspec', '~> 3.5' 29 | gem.add_development_dependency 'rack-test' 30 | gem.add_development_dependency 'webmock' 31 | end 32 | -------------------------------------------------------------------------------- /spec/omniauth/strategies/linkedin_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | require 'omniauth-linkedin-openid' 3 | 4 | describe OmniAuth::Strategies::LinkedIn do 5 | subject { OmniAuth::Strategies::LinkedIn.new(nil) } 6 | 7 | it 'adds camelization for itself' do 8 | expect(OmniAuth::Utils.camelize('linkedin')).to eq('LinkedIn') 9 | end 10 | 11 | describe '#client' do 12 | it 'has correct LinkedIn site' do 13 | expect(subject.client.site).to eq('https://api.linkedin.com') 14 | end 15 | 16 | it 'has correct `authorize_url`' do 17 | expect(subject.client.options[:authorize_url]).to eq('https://www.linkedin.com/oauth/v2/authorization?response_type=code') 18 | end 19 | 20 | it 'has correct `token_url`' do 21 | expect(subject.client.options[:token_url]).to eq('https://www.linkedin.com/oauth/v2/accessToken') 22 | end 23 | 24 | it 'has a correct `token_method`' do 25 | expect(subject.client.options[:token_method]).to eq(:post_with_query_string) 26 | end 27 | end 28 | 29 | describe '#callback_path' do 30 | it 'has the correct callback path' do 31 | expect(subject.callback_path).to eq('/auth/linkedin/callback') 32 | end 33 | end 34 | 35 | describe '#uid' do 36 | before :each do 37 | allow(subject).to receive(:raw_info) { Hash['sub' => 'uid'] } 38 | end 39 | 40 | it 'returns the id from raw_info' do 41 | expect(subject.uid).to eq('uid') 42 | end 43 | end 44 | 45 | describe '#info / #raw_info' do 46 | let(:access_token) { instance_double OAuth2::AccessToken } 47 | 48 | let(:parsed_response) { Hash[:foo => 'bar'] } 49 | 50 | let(:profile_endpoint) { '/v2/userinfo' } 51 | let(:profile_response) { instance_double OAuth2::Response, parsed: parsed_response } 52 | 53 | before :each do 54 | allow(subject).to receive(:access_token).and_return access_token 55 | 56 | allow(access_token).to receive(:get) 57 | .with(profile_endpoint) 58 | .and_return(profile_response) 59 | end 60 | 61 | it 'returns parsed responses using access token' do 62 | expect(subject.info).to have_key :email 63 | expect(subject.info).to have_key :first_name 64 | expect(subject.info).to have_key :last_name 65 | expect(subject.info).to have_key :picture_url 66 | 67 | expect(subject.raw_info).to eq({ :foo => 'bar' }) 68 | end 69 | end 70 | 71 | describe '#extra' do 72 | let(:raw_info) { Hash[:foo => 'bar'] } 73 | 74 | before :each do 75 | allow(subject).to receive(:raw_info).and_return raw_info 76 | end 77 | 78 | specify { expect(subject.extra['raw_info']).to eq raw_info } 79 | end 80 | 81 | describe '#access_token' do 82 | let(:expires_in) { 3600 } 83 | let(:expires_at) { 946688400 } 84 | let(:token) { 'token' } 85 | let(:refresh_token) { 'refresh_token' } 86 | let(:access_token) do 87 | instance_double OAuth2::AccessToken, :expires_in => expires_in, 88 | :expires_at => expires_at, :token => token, :refresh_token => refresh_token 89 | end 90 | 91 | before :each do 92 | allow(subject).to receive(:oauth2_access_token).and_return access_token 93 | end 94 | 95 | specify { expect(subject.access_token.expires_in).to eq expires_in } 96 | specify { expect(subject.access_token.expires_at).to eq expires_at } 97 | end 98 | 99 | describe '#authorize_params' do 100 | describe 'scope' do 101 | before :each do 102 | allow(subject).to receive(:session).and_return({}) 103 | end 104 | 105 | it 'sets default scope' do 106 | expect(subject.authorize_params['scope']).to eq('openid profile email') 107 | end 108 | end 109 | end 110 | 111 | end 112 | -------------------------------------------------------------------------------- /spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | $:.unshift File.expand_path('..', __FILE__) 2 | $:.unshift File.expand_path('../../lib', __FILE__) 3 | require 'rspec' 4 | require 'rack/test' 5 | require 'webmock/rspec' 6 | require 'omniauth' 7 | require 'omniauth-linkedin-openid' 8 | 9 | RSpec.configure do |config| 10 | config.include WebMock::API 11 | config.include Rack::Test::Methods 12 | config.extend OmniAuth::Test::StrategyMacros, :type => :strategy 13 | end 14 | --------------------------------------------------------------------------------