Use something server-side that the user cannot edit to store this ID (like PHP sessions - NOT url arguments). You can trust that the ID returned by linkedin is correct, but after that point you must also be able to trust that ID stored on your site is still the same thing you got from linkedin. One other point of emphasis regarding how you're handling things AFTER the API request. You can even associate it with a user already in your database and give the user the option to EITHER login with the username/password combo stored in your database (salted/hashed, hopefully) OR via one of the oauth options. Even if a user knows another user's ID, they still need their linkedin username/password for the API to return that ID to you.ĭo feel free to store the ID returned though to track user preferences/actions. Join over 1 million experienced professionals, graduates and students who have used Resume Wordeds toolkit to get ahead. Join today to explore career options, find jobs and internships for students, and connect with employers. You cannot login as another user simply by knowing their linkedin ID - for linkedin's API to return that ID, the user on your site must have logged into linkedin with a username and password.Īs long as you can be sure that the API you're accessing really is linkedin's and the response hasn't been intercepted/changed/faked, you can trust that the ID returned by the API is the correct ID of a user on their site and that they have logged in and authenticated as that user.īasically, you're safe if you're always using linkedin's API to authenticate linkedin users and don't have a form on your site with a prompt to 'enter your linkedin ID to authenticate'. Handshake is the 1 way college students find jobs. LinkedIn - Open for Business Become a service provider Make sure your services can be found on the world’s largest professional network. This really isn't a secret, it's simply linkedin telling you that the user on your site has logged in as user with that unique identifier. When a user logs in via linkedin, their API will return to you their user ID. with people you already know on LinkedIn 2 Chapter Signing Up and Creating Your Account W hen you joined LinkedIn only first if someone launched.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |