Security News
New Proposed CISA Mandate Would Require Critical Infrastructure to Report Ransom Payments Within 24 Hours
CISA has proposed a set of new rules that would require critical infrastructure to report cyber incidents and ransom payments.
node-linkedin-distributed
Advanced tools
LinkedIn 2.0 compatible wrapper in node.js
Weekly downloads
Readme
Another Linkedin wrapper in Node.js
FORKED FROM node-linkedin
!!THIS FORK IS IDENTICAL EXCEPT FOR A CHANGE TO BYPASS THE CSRF CHECK FOR DISTRIBUTED SYSTEMS. IT IS NOT CONSIDERED FULLY SECURE IF YOU ARE USING THIS LIBRARY TO AUTHORIZE A USER TO ACCESS PRIVATE INFO AS A 3RD PARTY COULD SPOOF A CALLBACK!!
Good question! Because when I started to use LinkedIn API, I found couple of wrappers but they were not compatible with OAuth2.0, their contributors hadn't made any recent commits for several months and I had to utilize the whole wrapper with nice helper functions as well.
So, I decided to write another wrapper. We need it! So we can also maintain it! However, pull requests are always major and we'd love to see that!
Just like others, it's simple and quick as per standard:
this will install the module and add the entry in package.json
. Let's start using it!
var Linkedin = require('node-linkedin')('app-id', 'secret', 'callback');
You may omit the callback URL. However, you must set it later before requesting an authorization code. (This is useful if the callback URL depends on the request (e.g. from multiple domains.)
var Linkedin = require('node-linkedin')('app-id', 'secret');
// ...
Linkedin.auth.setCallback('callback-url');
Before invoking any endpoint, please get the instance ready with your access token.
var linkedin = Linkedin.init('my_access_token');
// Now, you're ready to use any endpoint
Additionally, you can specify options. Currently, the only supported option is timeout
, allowing you to specific a timeout (in ms) for the HTTP request. The default is 60 seconds (a value of 60000).
var linkedin = Linkedin.init('my_access_token', {
timeout: 10000 /* 10 seconds */
});
Since LinkedIn supports OAuth 2.0 (and we regret to use 1.0 for authentication), let's start using it.
The example below uses a routing library like Express
. It is not required
to use this module, but it's good enough to give a quick walkthrough.
// Using a library like `expressjs` the module will
// redirect for you simply by passing `res`.
app.get('/oauth/linkedin', function(req, res) {
// This will ask for permisssions etc and redirect to callback url.
Linkedin.auth.authorize(res, scope);
});
Alternatively, you can leave res
out, and the module will respond with the redirect url
which you can use to send the HTTP redirect
on your own.
var auth_url = Linkedin.auth.authorize(scope);
You may specify a custom state parameter:
Linkedin.auth.authorize(res, scope, 'state');
If you have multiple domains pointing to the same application, you will need to set the callback URL based on the domain that is making the request.
app.get('/oauth/linkedin', function(req, res) {
// set the callback url
Linkedin.setCallback(req.protocol + '://' + req.headers.host + '/oauth/linkedin/callback');
Linkedin.auth.authorize(res, scope);
}
The scope
previously mentioned refers to the data from LinkedIn to which your
application is requesting access.
This depends on your application's permissions registered with LinkedIn.
var scope = ['r_basicprofile', 'r_fullprofile', 'r_emailaddress', 'r_network', 'r_contactinfo', 'rw_nus', 'rw_groups', 'w_messages'];
Note: The scope need not be static.
After the user is redirected to LinkedIn to authenticate, they are redirected to your application's callback URL (whether they accept or decline authorization). See the end of Step 2 on the LinkedIn OAuth 2.0 Documentation.
If they accept, be sure to pass the state
parameter to verify no CSRF
intrusion. This is compared against the state parameter used in authentication.
// Setting linkedinCallback as your callback string will bypass CSRF check, setting it false will use it normally
// Again, `res` is optional, you could pass `code` as the first parameter
app.get('/oauth/linkedin/callback', function(req, res) {
Linkedin.auth.getAccessToken(res, req.query.code, req.query.state, (linkedinCallback || false), function(err, results) {
if ( err )
return console.error(err);
/**
* Results have something like:
* {"expires_in":5184000,"access_token":". . . ."}
*/
console.log(results);
return res.redirect('/');
});
});
Supports all the calls as per the documentation available at LinkedIn Companies Search API
linkedin.companies_search.name('facebook', 1, function(err, company) {
name = company.companies.values[0].name;
desc = company.companies.values[0].description;
industry = company.companies.values[0].industries.values[0].name;
city = company.companies.values[0].locations.values[0].address.city;
websiteUrl = company.companies.values[0].websiteUrl;
});
Supports all the calls as per the documentation available at: LinkedIn Companies API.
linkedin.companies.company('162479', function(err, company) {
// Here you go
});
linkedin.companies.name('logica', function(err, company) {
// Here you go
});
linkedin.companies.email_domain('apple.com', function(err, company) {
// Here you go
});
linkedin.companies.multiple('162479,universal-name=linkedin', function(err, companies) {
// Here you go
});
linkedin.companies.asAdmin(function(err, companies) {
// Here you go
});
linkedin.companies.updates('162479', function(err, company) {
// Gets all the updates(Posts) along with their details of a company
});
linkedin.companies.getUpdate('162479','UPDATE-c1337-998877665544332211',function(err, companies) {
// Gets the detail of a single update(Post) of a company
});
Searches for the profiles as per the criteria.
linkedin.people.me(function(err, $in) {
// Loads the profile of access token owner.
});
OR
linkedin.people.me(['id', 'first-name', 'last-name'], function(err, $in) {
// Loads the profile of access token owner.
});
linkedin.people.url('long_public_url_here', function(err, $in) {
// Returns dob, education
});
OR
linkedin.people.url('long_public_url_here', ['id', 'first-name', 'last-name'], function(err, $in) {
// Returns dob, education
});
linkedin.people.id('linkedin_id', function(err, $in) {
// Loads the profile by id.
});
OR
linkedin.people.id('linkedin_id', ['id', 'first-name', 'last-name'], function(err, $in) {
// Loads the profile by id.
});
Invokes LinkedIn's Connections API.
linkedin.connections.retrieve(function(err, connections) {
// Here you go! Got your connections!
});
Implements wrapper for LinkedIn Group API
and provides interface to invoke API endpoints.
PS: For now, we just have feeds available.
linkedin.group.feeds(3769732, function(err, data) {
// data: variable is ready to use.
});
OR If you want to have custom field selector, take a look at this;
linkedin.group.feeds(3769732, ['field', 'field2', 'field3'] , function(err, data) {
// data: variable is ready to use.
});
OR even if you want to have custom sorting parameters, you can just pass them as third argument:
linkedin.group.feeds(3769732, ['field', 'field2', 'field3'], {order: 'popularity'}, function(err, data) {
// data: variable is ready to use.
});
This wrapper has been written & currently under maintenance by Hamza Waqas. He's using twitter at: @HamzaWaqas
FAQs
LinkedIn 2.0 compatible wrapper in node.js
The npm package node-linkedin-distributed receives a total of 0 weekly downloads. As such, node-linkedin-distributed popularity was classified as not popular.
We found that node-linkedin-distributed demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA has proposed a set of new rules that would require critical infrastructure to report cyber incidents and ransom payments.
Security News
Redis is no longer OSS, breaking its explicit commitment to remain under the BSD 3-Clause License forever. This has angered contributors who are now working to fork the software.
Product
Socket AI now enables 'AI detected potential malware' alerts by default, ensuring users benefit from AI-powered state-of-the-art malware detection without needing to opt-in.