Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
node-linkedin-distributed
Advanced tools
Readme
Another Linkedin wrapper in Node.js
FORKED FROM node-linkedin
!!THIS FORK IS IDENTICAL EXCEPT FOR A CHANGE TO BYPASS THE CSRF CHECK FOR DISTRIBUTED SYSTEMS. IT IS NOT CONSIDERED FULLY SECURE IF YOU ARE USING THIS LIBRARY TO AUTHORIZE A USER TO ACCESS PRIVATE INFO AS A 3RD PARTY COULD SPOOF A CALLBACK!!
Good question! Because when I started to use LinkedIn API, I found couple of wrappers but they were not compatible with OAuth2.0, their contributors hadn't made any recent commits for several months and I had to utilize the whole wrapper with nice helper functions as well.
So, I decided to write another wrapper. We need it! So we can also maintain it! However, pull requests are always major and we'd love to see that!
Just like others, it's simple and quick as per standard:
this will install the module and add the entry in package.json
. Let's start using it!
var Linkedin = require('node-linkedin')('app-id', 'secret', 'callback');
You may omit the callback URL. However, you must set it later before requesting an authorization code. (This is useful if the callback URL depends on the request (e.g. from multiple domains.)
var Linkedin = require('node-linkedin')('app-id', 'secret');
// ...
Linkedin.auth.setCallback('callback-url');
Before invoking any endpoint, please get the instance ready with your access token.
var linkedin = Linkedin.init('my_access_token');
// Now, you're ready to use any endpoint
Additionally, you can specify options. Currently, the only supported option is timeout
, allowing you to specific a timeout (in ms) for the HTTP request. The default is 60 seconds (a value of 60000).
var linkedin = Linkedin.init('my_access_token', {
timeout: 10000 /* 10 seconds */
});
Since LinkedIn supports OAuth 2.0 (and we regret to use 1.0 for authentication), let's start using it.
The example below uses a routing library like Express
. It is not required
to use this module, but it's good enough to give a quick walkthrough.
// Using a library like `expressjs` the module will
// redirect for you simply by passing `res`.
app.get('/oauth/linkedin', function(req, res) {
// This will ask for permisssions etc and redirect to callback url.
Linkedin.auth.authorize(res, scope);
});
Alternatively, you can leave res
out, and the module will respond with the redirect url
which you can use to send the HTTP redirect
on your own.
var auth_url = Linkedin.auth.authorize(scope);
You may specify a custom state parameter:
Linkedin.auth.authorize(res, scope, 'state');
If you have multiple domains pointing to the same application, you will need to set the callback URL based on the domain that is making the request.
app.get('/oauth/linkedin', function(req, res) {
// set the callback url
Linkedin.setCallback(req.protocol + '://' + req.headers.host + '/oauth/linkedin/callback');
Linkedin.auth.authorize(res, scope);
}
The scope
previously mentioned refers to the data from LinkedIn to which your
application is requesting access.
This depends on your application's permissions registered with LinkedIn.
var scope = ['r_basicprofile', 'r_fullprofile', 'r_emailaddress', 'r_network', 'r_contactinfo', 'rw_nus', 'rw_groups', 'w_messages'];
Note: The scope need not be static.
After the user is redirected to LinkedIn to authenticate, they are redirected to your application's callback URL (whether they accept or decline authorization). See the end of Step 2 on the LinkedIn OAuth 2.0 Documentation.
If they accept, be sure to pass the state
parameter to verify no CSRF
intrusion. This is compared against the state parameter used in authentication.
// Setting linkedinCallback as your callback string will bypass CSRF check, setting it false will use it normally
// Again, `res` is optional, you could pass `code` as the first parameter
app.get('/oauth/linkedin/callback', function(req, res) {
Linkedin.auth.getAccessToken(res, req.query.code, req.query.state, (linkedinCallback || false), function(err, results) {
if ( err )
return console.error(err);
/**
* Results have something like:
* {"expires_in":5184000,"access_token":". . . ."}
*/
console.log(results);
return res.redirect('/');
});
});
Supports all the calls as per the documentation available at LinkedIn Companies Search API
linkedin.companies_search.name('facebook', 1, function(err, company) {
name = company.companies.values[0].name;
desc = company.companies.values[0].description;
industry = company.companies.values[0].industries.values[0].name;
city = company.companies.values[0].locations.values[0].address.city;
websiteUrl = company.companies.values[0].websiteUrl;
});
Supports all the calls as per the documentation available at: LinkedIn Companies API.
linkedin.companies.company('162479', function(err, company) {
// Here you go
});
linkedin.companies.name('logica', function(err, company) {
// Here you go
});
linkedin.companies.email_domain('apple.com', function(err, company) {
// Here you go
});
linkedin.companies.multiple('162479,universal-name=linkedin', function(err, companies) {
// Here you go
});
linkedin.companies.asAdmin(function(err, companies) {
// Here you go
});
linkedin.companies.updates('162479', function(err, company) {
// Gets all the updates(Posts) along with their details of a company
});
linkedin.companies.getUpdate('162479','UPDATE-c1337-998877665544332211',function(err, companies) {
// Gets the detail of a single update(Post) of a company
});
Searches for the profiles as per the criteria.
linkedin.people.me(function(err, $in) {
// Loads the profile of access token owner.
});
OR
linkedin.people.me(['id', 'first-name', 'last-name'], function(err, $in) {
// Loads the profile of access token owner.
});
linkedin.people.url('long_public_url_here', function(err, $in) {
// Returns dob, education
});
OR
linkedin.people.url('long_public_url_here', ['id', 'first-name', 'last-name'], function(err, $in) {
// Returns dob, education
});
linkedin.people.id('linkedin_id', function(err, $in) {
// Loads the profile by id.
});
OR
linkedin.people.id('linkedin_id', ['id', 'first-name', 'last-name'], function(err, $in) {
// Loads the profile by id.
});
Invokes LinkedIn's Connections API.
linkedin.connections.retrieve(function(err, connections) {
// Here you go! Got your connections!
});
Implements wrapper for LinkedIn Group API
and provides interface to invoke API endpoints.
PS: For now, we just have feeds available.
linkedin.group.feeds(3769732, function(err, data) {
// data: variable is ready to use.
});
OR If you want to have custom field selector, take a look at this;
linkedin.group.feeds(3769732, ['field', 'field2', 'field3'] , function(err, data) {
// data: variable is ready to use.
});
OR even if you want to have custom sorting parameters, you can just pass them as third argument:
linkedin.group.feeds(3769732, ['field', 'field2', 'field3'], {order: 'popularity'}, function(err, data) {
// data: variable is ready to use.
});
This wrapper has been written & currently under maintenance by Hamza Waqas. He's using twitter at: @HamzaWaqas
FAQs
LinkedIn 2.0 compatible wrapper in node.js
The npm package node-linkedin-distributed receives a total of 3 weekly downloads. As such, node-linkedin-distributed popularity was classified as not popular.
We found that node-linkedin-distributed demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.