Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
This is very much a work in progress. Currently only the shares/social stream, organization, and media upload related endpoints have been verified to work. Having said that, those endpoints are using this gem in a production application, so they're reliable enough. :)
Many endpoints still need to be written, and as I don't have the requisite partner status w/ LinkedIn, I can't develop against the jobs API. Many of the specs still fail. Caveat emptor
Ruby wrapper for v2 if the LinkedIn API. This gem is entirely based on emorikawa's excellent linkedin-oauth2 gem.
If you are using OAuth 1.0, see hexgnu/linkedin If you are using OAuth 2.0 and the v1 LinkedIn API, see emorikawa/linkedin-oauth2, on which this gem is based.
In Bundler:
gem "linkedin-v2", "~> 0.1.0"
Otherwise:
[sudo|rvm] gem install linkedin-v2
Step 1: Register your application with LinkedIn. They will give you a Client ID (aka API Key) and a Client Secret (aka Secret Key)
Step 2: Use your Client ID and Client Secret to obtain an Access Token from some user.
Step 3: Use an Access Token to query the API.
api = LinkedIn::API.new(access_token)
me = api.profile
You first need to create and register an application with LinkedIn here.
You will not be able to use any part of the API without registering first.
Once you have registered you will need to take note of a few key items on your Application Details page.
client_id
client_secret
scope
option with the
auth_code_url
method.redirect_uri
you use in this gem.You do NOT need OAuth User Token nor OAuth User Secret. That is for OAuth 1.0. This gem is for OAuth 2.0.
All LinkedIn API requests must be made in the context of an access token. The access token encodes what LinkedIn information your AwesomeApp® can gather on behalf of "John Doe".
There are a few different ways to get an access token from a user.
You can use LinkedIn's Javascript API to authenticate on the front-end and then pass the access token to the backend via this procedure.
If you use OmniAuth, I would recommend looking at decioferreira/omniauth-linkedin-oauth2 to help automate authentication.
You can do it manually using this linkedin-oauth2 gem and the steps below.
Here is how to get an access token using this linkedin-oauth2 gem:
You will need to configure the following items:
LinkedIn.configure
block. If your redirect uris change
depending on business logic, you can pass it into the auth_code_url
method.# It's best practice to keep secret credentials out of source code.
# You can, of course, hardcode dev keys or directly pass them in as the
# first two arguments of LinkedIn::OAuth2.new
LinkedIn.configure do |config|
config.client_id = ENV["LINKEDIN_CLIENT_ID"]
config.client_secret = ENV["LINKEDIN_CLIENT_SECRET"]
# This must exactly match the redirect URI you set on your application's
# settings page. If your redirect_uri is dynamic, pass it into
# `auth_code_url` instead.
config.redirect_uri = "https://getawesomeapp.io/linkedin/oauth2"
end
oauth = LinkedIn::OAuth2.new
url = oauth.auth_code_url
You must now load url from Step 2B in a browser. It will pull up the
LinkedIn sign in box. Once LinkedIn user credentials are entered, the box
will close and redirect to your redirect url, passing along with it the
OAuth code as the code
GET param.
Be sure to read the extended documentation around the LinkedIn::OAuth2 module for more options you can set.
Note: The OAuth code only lasts for ~20 seconds!
code = "THE_OAUTH_CODE_LINKEDIN_GAVE_ME"
access_token = oauth.get_access_token(code)
Now that you have an access token, you can use it to query the API.
The LinkedIn::OAuth2
inherits from intreda/oauth2's OAuth2::Client
class. See that gem's documentation for more usage examples.
Once you have an access token, you can query LinkedIn's API.
Your access token encodes the permissions you're allowed to have. See Step 2 and this LinkedIn document for how to change the permissions. See each section's documentation on LinkedIn for more information on what permissions get you access to.
Detailed overviews of Organizations
See https://developer.linkedin.com/docs/guide/v2/organizations
# Organization info
api.organization(name: "google")
api.organization(id: 12345)
api.organization(urn: 'urn:li:organization:12345')
### Share and Social Stream
View and update content on social streams
See https://developer.linkedin.com/docs/guide/v2/shares
```ruby
# Your news feed
api.shares
api.share(content: "hi")
# For a particular feed item
api.comments(urn: "urn:li:article:12345")
api.likes(urn: "urn:li:article:12345")
api.like(urn: "urn:li:activity:12345")
api.unlike(urn: "urn:li:activity:12345")
On RubyDoc here
Read the source for LinkedIn::API and LinkedIn::OAuth2
Please see CONTRIBUTING.md for details.
Huge, huge props to Evan Morikawa for writing the v1 version of this gem. This gem is pretty much all of that work, but gutted and replaced with v2 endpoints.
Copyright :copyright: 2018-present Mike Desjardins 2014-2018 Evan Morikawa 2013-2014 Matt Kirk 2009-11 Wynn Netherland and contributors. It is free software, and may be redistributed under the terms specified in the MIT-LICENSE file. See LICENSE for details.
FAQs
Unknown package
We found that linkedin-v2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.