Use version 2 of the LinkedIn API

[carlbennettnz]

LinkedIn just sent out an email to their registered developers to say that they're shutting down their support for OAuth 1.0a and their v1 API on 1 March. Obviously this package uses the OAuth 2 API, but it appears it still uses the v1 API to retrieve user profiles. This is going to break soon, and the v2 API only provides a limited subset of the currently available profile information.

From the email:

Sign In with LinkedIn: Sign In with LinkedIn enables members to choose a more convenient way to log-in to third party apps and allows those apps to learn more about their new user. This API will only recognize a new “Lite Profile” permission, which supports a reduced set of member profile fields. See the documentation for more details.

Full email

The LinkedIn Developers program helps app creators and website owners provide personalized experiences to our members, gives members the ability to use their professional identity with other services, and makes it easier to share content from other sites on LinkedIn. Today, we’re announcing several updates that will migrate all of our developers to the latest set of technologies used for our third-party integrations. We are also streamlining our programs, so we can provide better support to the entire LinkedIn developer community. Providing members with clarity and control over the use of their data is a fundamental priority for LinkedIn, and these changes also serve to advance this priority.In addition to the changes listed below, all developers need to migrate to Version 2.0 of our APIs and OAuth 2.0 by March 1.

Changes to the program include:

• APIs: Developers must migrate their apps to our new APIs.
  • Sign In with LinkedIn: Sign In with LinkedIn enables members to choose a more convenient way to log-in to third party apps and allows those apps to learn more about their new user. This API will only recognize a new “Lite Profile” permission, which supports a reduced set of member profile fields. See the documentation for more details.
  • Share on LinkedIn: Share on LinkedIn lets a member more easily share relevant information to their network and others on the LinkedIn platform. This API has the same functionality as before. See the documentation for the new format.
  • Manage Company Pages: These APIs are being merged into the LinkedIn Marketing Developer Program and access will be restricted to those participating developers, as part of our long-term effort to provide expanded support and a better experience for marketing partners.
• Authentication, SDKs, and Plugins: We are also deprecating several obsolete or seldomly-used products and technologies.
  • Authentication: We will sunset OAuth 1.0 and require all developers to use OAuth 2.0, which we have supported since 2013. OAuth 2.0 is the industry standard and widely-used by the majority of people building on our platform.
  • SDKs: Our JavaScript and Mobile Software Development Kits (SDKs) will stop working. Developers will need to migrate to using OAuth 2.0 directly from their apps.
  • Plugins: Several website plugins, which were used for generating drop-in code that could quickly add enhanced LinkedIn functionality to websites, will no longer be available for use. Specifically, the Member Profile, Company Profile, Company Insider, Jobs You Might be Interested In (JYMBII), and Alumni Tool plugins will all be deprecated.
• Redesigned LinkedIn Developers portal: Along with a front-end facelift, it now gives an improved ability to access and manage apps, read documentation, and find product information.

To reiterate: all developers need to migrate their apps to our newest APIs and OAuth 2.0 by March 1, 2019. To help navigate the migration process, please see the technical migration guideon the LinkedIn section of the Microsoft Docs website. Developers can expect follow-up communications via email about these changes and other future announcements about the LinkedIn Developers program.

Thank you, LinkedIn Developers Program Team

[CatalinaMoisuc]

@carlbennettnz to retrieve the "Lite Profile" you just need to specify the scope as r_liteprofile instead of r_basicprofile. Like this:

passport.use(
      new LinkedInStrategy.Strategy(
        {
          clientID: "",
          clientSecret: "",
          callbackURL: "",
          scope: ['r_liteprofile']
        },
        async (token, tokenSecret, profile, done) => { }
)

Note: FYI, if you try to also filter the "profileFields" like so:

profileFields: ['id', 'first-name', 'last-name', 'email-address']

it won't work!

[carlbennettnz]

Just to be clear, LinkedIn are making two distinct changes:

1. Reducing available scopes down to just email and lite profile
2. Turning off their v1 API in favour of v2

Using the example you gave, requesting just the lite profile scope shouldn't be an issue. It's the later that I think will be the problem. This library authenticates using the v1 API and should be updated to use v2.

[CatalinaMoisuc]

@carlbennettnz you are right actually!
There is a PR opened already that should solve this issue:
#63, but it is not merged yet.