a simple php linkedin oauth 2.0 example

Progetto di SICUREZZA DELLE ARCHITETTUE ORIENTATE AI SERVIZI

A simple PHP Linkedin OAuth 2.0 example

Studente: Docente:M. Reggiani 826163 E. Damiani

Anno Accademico 2013/2014

Entities OAuth 2.0

Authorization Server

Resource Server

ApplicationUser Agent(web browser)

Token Request

Access Request

Authorization

Request

Register App (1)

Register App (2)

Register App (3)

Sequence Diagram

App’s frontpage (1)

App’s frontpage (2)

User Grants Access (1)

User Grants Access (2)

HTTP/1.1 302 FoundLocation: http://localhost/profile.php?state=dks3FdGb4&code=AQQHlgbnkBq64NrVpWLrisElxVn5m2F1pE74Zp0aMK0T9ZunrV198

Access Token request

POST /uas/oauth2/accessToken?grant_type=authorization_code&client_id=77q2gxr3kb8cxh&client_secret=zrkIf3DMynUNjg9u&code=AQQHlgbnkBq64NrVpWLrisElxVn5m2F1pE74Zp0aMK0T9ZunrV198&redirect_uri=http%3A%2F%2Flocalhost%2FSOASec%2Fprofile.phpHTTP/1.1Host: www.linkedin.com

Access Token response

HTTP /1.1 200 OK Content-Type: application/json;charset=UTF-8 { "access_token" : "2YotnFZFEjr1zCsidfrrs32scMWpAA", "expires_in":3600, }

Resources request using Token

GET /v1/people/~:(first-name,last-name,headline,positions,picture-url,skills,languages,educations,certifications)? format=json&oauth2_access_token= 2YotnFZFEjr1zCsidfrrs32scMWpAA HTTP/1.1Host: api.linkedin.com

Resources response

Resources response (PI.php)

ConclusionEasy to code, to implement, to useFlexibleProvides secure authorization for end userSupports scopes for granular member permissionsNo password from API calls3rd party don't have access to passwordToken:

can be revokedcan be time limitedcan be refreshshort live