4

I integrated my website with the Linkedin OAuth api to retrieve the basic profile settings, and it is the only way to log in to my website (so logging in should go through Linkedin each time). The user has to grant permissions upon login. But this now happens on every login; I cannot manage to make Linkedin remember that the user has already granted access (so what I want is that the second time for it to just redirect back to my site automatically)

I receive an access token at every successful login, I save it in the database but can't find a way to use this in a subsequent request (I'm not even sure if this is how I'm supposed to do it?)

The endpoint I am using to login is:

"https://api.linkedin.com/uas/oauth/authorize?oauth_token=" . $token

Where $token is an oauth token

Please tell me how to make the subsequent requests without Linkedin asking permissions

thanks

Improve this question

2 Answers 2

Reset to default
3
+25

You can try using php cookie or SESSION and setup expired date to next few years, so every user visit your site your system will check into database with token which saved on cookie or SESSION, only this method can use if you don't want redirect user to linkedin page every they visit your site.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks, this is actually what I did although to me doesn't seem like the perfect solution in case people clear their browser cache. But I now understand that what I want isn't possible.
yes right, it's only one solution, except you can create browser extension where save session forever :)
2

The oauth_token is only good for so long. You should be getting a new token each time you use the API not storing it in your database. Here is a link to the linkedin oath

https://developer-programs.linkedin.com/documents/getting-oauth-token-php

Improve this answer

3 Comments

Do you think it is possible to achieve what I want; to not present the user with another permission screen from linkedin in any subsequent request after the first request? So, to somehow detect that the currently logged-in user from linkedin is an existing user in the database, and therefore just log this user in, instead of redirecting them to linkedin
I am not totally familiar with the linked in API but I found this comment by one of their employees which states "this refresh will only work if the user is still logged into LinkedIn (authenticated) and the current access token isn't expired. Otherwise, the user will be presented with the login dialog again."
So you will need to be logged in to linked in for it to go to your site or it will make you log in to linkedin every time that you are not logged in. The code that you posted above is to receive an access token. You use the access token to grab data from their api. You do not use the access token to get another access token. You would want to run the same code you got the access token in the first place. Also the access tokens only last for 60 days. Hope this helps.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.