Class: OmniAuth::Strategies::LinkedIn

Inherits:

Object

• Object
• OmniAuth::Strategies::LinkedIn

Includes:

OmniAuth::Strategy

Defined in:

lib/omniauth/strategies/linkedin.rb

Overview

Authentication strategy for connecting by [exchanging LinkedIn JSAPI for REST API OAuth Tokens](developer.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens).

Defined Under Namespace

Classes: InvalidSecureCookieError, NoSecureCookieError

Instance Attribute Summary

• #access_token ⇒ Object

  Returns the value of attribute access_token.

Instance Method Summary

• #callback_phase ⇒ Object
• #client ⇒ Object
• #parse_secure_cookie(cookie) ⇒ Object
• #raw_info ⇒ Object
• #raw_secure_cookie ⇒ Object
• #request_contains_secure_cookie? ⇒ Boolean
• #request_phase ⇒ Object
• #secure_cookie ⇒ Object
• #user_name ⇒ Object
• #validate_signature(payload) ⇒ Object

Instance Attribute Details

#access_token ⇒ Object

Returns the value of attribute access_token.

# File 'lib/omniauth/strategies/linkedin.rb', line 59

def access_token
  @access_token
end

Instance Method Details

#callback_phase ⇒ Object

# File 'lib/omniauth/strategies/linkedin.rb', line 69

def callback_phase 
  if request_contains_secure_cookie?
    # We should already have an oauth2 token from secure cookie. 
    # Need to exchange it for an oauth token for REST API
    self.access_token = client.get_access_token(nil, {}, {:xoauth_oauth2_access_token => secure_cookie['access_token']})
    super
  else
    raise NoSecureCookieError, 'must pass a `linkedin_oauth_XXX` cookie'
  end
end

#client ⇒ Object

# File 'lib/omniauth/strategies/linkedin.rb', line 80

def client
  @client ||= OAuth::Consumer.new(options.api_key, options.secret_key, options.client_options)
end

#parse_secure_cookie(cookie) ⇒ Object

# File 'lib/omniauth/strategies/linkedin.rb', line 96

def parse_secure_cookie(cookie)
  payload = MultiJson.decode cookie
  if validate_signature(payload)
    payload
  else
    raise InvalidSecureCookieError, 'secure cookie signature validation fails'
  end
end

#raw_info ⇒ Object

# File 'lib/omniauth/strategies/linkedin.rb', line 55

def raw_info
  @raw_info ||= MultiJson.decode(access_token.get("/v1/people/~:(#{options.fields.join(',')})?format=json").body)
end

#raw_secure_cookie ⇒ Object

# File 'lib/omniauth/strategies/linkedin.rb', line 92

def raw_secure_cookie
  request.cookies["linkedin_oauth_#{options.api_key}"]
end

#request_contains_secure_cookie? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/omniauth/strategies/linkedin.rb', line 84

def request_contains_secure_cookie?
  secure_cookie && secure_cookie['access_token']
end

#request_phase ⇒ Object

# File 'lib/omniauth/strategies/linkedin.rb', line 61

def request_phase
  url = callback_url
  url << "?" unless url.match(/\?/)
  url << "&" unless url.match(/[\&\?]$/)
  url << Rack::Utils.build_query(request.params)
  redirect url
end

#secure_cookie ⇒ Object

# File 'lib/omniauth/strategies/linkedin.rb', line 88

def secure_cookie
  @secure_cookie ||= raw_secure_cookie && parse_secure_cookie(raw_secure_cookie)
end

#user_name ⇒ Object

# File 'lib/omniauth/strategies/linkedin.rb', line 121

def user_name
  name = "#{raw_info['firstName']} #{raw_info['lastName']}".strip
  name.empty? ? nil : name
end

#validate_signature(payload) ⇒ Object

# File 'lib/omniauth/strategies/linkedin.rb', line 105

def validate_signature(payload)
  valid = false
  if payload['signature_version'] == '1' or payload['signature_version'] == 1
    if !payload['signature_order'].nil? and payload['signature_order'].is_a?(Array)
      plain_msg = payload['signature_order'].map {|key| payload[key]}.join('')
      if payload['signature_method'] == 'HMAC-SHA1'
        signature = Base64.encode64(OpenSSL::HMAC.digest('sha1', options.secret_key, plain_msg)).chomp
        if signature == payload['signature']
          valid = true
        end
      end
    end
  end
  valid
end