I'm trying to fetch the different standardized data to make a custom post targeting form.
So I'm accessing the different endpoints mentioned at https://developer.linkedin.com/docs/ref/v2/standardized-data
When using a client_credentials token (app token) I get "Not enough permissions to access ****".
When using an user token I can access without a problem.
The question is why do I need an user token to get this data that is global and, according to its definition, used to standardize data across the LinkedIn platform
"Not enough permissions to access" when it looks like your permissions SHOULD work, usually means you need to be a LinkedIn "Partner":
https://developer.linkedin.com/partner-programs
Related
I am attempting to use the LinkedIn V2 Profile API to aid in signups for my website.
I have properly implemented the "Sign in with LinkedIn" button on my website, set up the OAuth 2.0 callback, and my server properly swaps the OAuth 2.0 Access Code for the user's Access Token.
To do this, I am using the Python linkedin_v2 library linked here.
I am then attempting to grab the user's profile, and obtain their first name, last name, and email, to store in my database as a method of signup. I have confirmed that my application requests r_emailaddress, r_liteprofile, and r_member_social accesses.
To obtain their profile, I have attempted the following methods:
Using the Python Library linked above to create an application with the users access token and request the profile as follows:
application = linkedin.LinkedInApplication(token=accessToken)
profile = application.get_profile()
Unfortunately, this method only returns the user's first name, last name, and id, even when I include selectors=['email-address'] as a parameter to the get_profile() function, as specified by the library documentation.
Sending a GET request using the Python requests library https://api.linkedin.com/v2/people/(id:{person ID}) with headers that include Authentication: Bearer {user access token}.
Unfortunately, this method results in a 403 (forbidden) error.
I am curious of the following things:
Why do I obtain a 403 when querying the Profile API using the request library, when the same access token works to query the API through the Python linkedin_v2 library?
Does anyone know of how to use the python_linkedin_v2 library to obtain an email address with the profile?
Does anyone know of a better library to use in order to accomplish my goal of obtaining profile information regarding users whom are logging into my product using linkedin?
Do I need any additional permissions in order to access my users' emails from LinkedIn?
Thank you so much for your help, and I look forward to discussing potential solutions with all of you.
-Rob
For your information I tried to search for the different links but I didn't find the right answer. The below link looks like the same problem but there is no proper answer for this
Artifactory: SAML SSO group matching not working
I am facing a problem with respect to artifactory group association with SAML. Tried to follow the process mentioned in the below link but it doesn't work. Any kind of help is much appreciated.
https://jfrog.com/knowledge-base/how-do-i-configure-artifactory-saml-sso-with-adfs/
Our goal is to create the same group in artifactory which is present in ADFS. So that we can give permissions to that repective group in artifactory. But the problem is people are able to login using their domain credentials where as if we provide the permissions to the group it doesn't work as expected.
If you need more clarity I am happy to explain more on this issue.
The ADFS side is handled by other team even they are not sure why it is not working. Is there any bug in artifactory? I have configured SAML with jenkins it works super fine.
I will try to elaborate about the process.
After a login request, the user and it's groups are available for Artifactory in the assertion response that is sent back to Artifactory by the SAML Identity Provider. The data should be available in the assertion XML response, as long as the Identity Provider configured to include it. For example, the Identify Provider can exclude the groups information and include user data (i.e. username, mail) only.
In order to ensure that Artifactory can assign the user to the SAML a group, you will need to do the following:
Configure the ADFS to include the user groups attributes on login response. You have mentioned that this is handled by other team, but you can see how this can be done in the link that you have attached in your post.
Create the relevant groups in Artifactory, or import them to Artifactory from another authentication provider (such as Artifactory LDAP integration group screen). It is mandatory that there relevant groups will be existed in Artifactory.
Open the Artifactory Web-UI SAML configuration screen, mark the Auto Associate groups checkbox
Edit the Group Attribute textfield, and put the SAML attribute name of the group declaration. The group attribute name that required is the one that is returned in the SAML assertion response.
In the assertion it should look like this:
<saml:AttributeStatement>
<saml:Attribute Name="memberof">
<saml:AttributeValue>group1</saml:AttributeValue>
<saml:AttributeValue>group2</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
In your case, you can either get the group association attribute name from the other team that managed your ADFS as you have mentioned, or just view the assertion in any kind of SAML tracer browser plugin (as long as the ADFS was configured to send the groups attributes)
Once you have the above configured, when a SAML user will log in into Artifactory, the user will automatically be associated to the group that returned by the SAML assertion response (as long as the group exists in Artifactory)
Note: the SAML groups association is not persisted and valid for the current login session only, therefore, if you will edit the user/group screen in the UI, will not that the user/group association, however, if you grant a permission for a specific resource to the group that you expect the user to be assigned to, you can see that the user who logged in is capable of using the granted permission.
I want to fetch the Linkedin connections of a user via Auth 2 API. But As per different blogs and information on the internet, I found that I need to get partnered with Linkedin to get the details of Profile.
I need following data for a username, photo, headline, contact information, experience, education, summary, location and connections.
When I try to fetch the data from following APIs
https://api.linkedin.com/v2/me?projection=(id,firstName,lastName,maidenName,phoneticFirstName,phoneticLastName,headline,location,industryName,summary,specialties,positions,profilePicture(displayImage~:playableStreams),vanityName,lastModified,organizations)
Result
API error (403) Not enough permissions to access:
Please help me with the process to fetch the data from Linked API.
Regards
LinkedIn API v2 by default will request the r_liteprofile when performing the authorize URL. this means that the user will only have to allow you to get a limited subset of information with the granted token.
You need to make sure than upon the authorization request ("https://www.linkedin.com/oauth/v2/authorization") you pass a scope parameter that contains the r_basicprofile in order to get the extra data
see https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/migration-faq
also https://developer.linkedin.com/docs/ref/v2/profile/basic-profile for the supported fields
If a user logs into my Firebase store with Google authentication, the client gets access to all sorts of useful user-specific information, like the user's name and email. I might want to put this information in the store, and the client can certainly send it along in a write request. But as far as I know, there's no way to validate (on the server side) that this information is correct. There is nothing stopping someone from using a second client to send fictitious metadata.
(For instance, take a look at the skeletal auth variable which is accessible from security rules. It doesn't contain the information I need for validation.)
How do people deal with this kind of situation?
Only limited information about the user is available in the auth variable in security rules.
To access more information, you'll have to store that information in the database when the user is created or signs in. Most developers add a /users node to their database for this reason.
You can then look the extra information up in your security rules with something like root.child('users').child(auth.uid)...
The process is covered in the Firebase documentation section on Storing User Data.
There are some question on the StackOverflow about facebook & email, but after reading them I still have a problem with retrieving users emails.
Our app implemented on Flex and uses REST API. And previously it used notifications.sendEmail.
App has publish_stream and email permissions (checked with users.hasAppPermission).
I tried users.getInfo for get proxied_email address.
But this function does not return email address of the friend..
Then I performed the following test using Graph API and web browser:
Opened the following link for authorization with extended permissions:
https://graph.facebook.com/oauth/authorize?client_id=[app_id]&scope=publish_stream,offline_access,email&redirect_uri=http://www.facebook.com/connect/login_success.html
It returned code for retrieving access_token
Oppened the following link for retrieving access_token
graph.facebook.com/oauth/access_token?client_id=[app_id]&client_secret=[secret]&code=[code]&redirect_uri=http://www.facebook.com/connect/login_success.html
It returned access_token. And now I can use GraphAPI.
Tested with my account
graph.facebook.com/me?access_token=[token]
Ok. It returned my emal.
Tested with my friend
graph.facebook.com/[friend_id]?access_token=[token]
And here is no email field!
So my questions are
Where did I go wrong?
Is it possible to get friend's email via Facebook API (GraphAPI or REST API)?
Thanks.
Email permission gives access to your email only.
If you look at the extended permissions page it says:
Likewise, to protect the privacy of users who have not explicitly authorized your application, your application will only be able to access the basic profile information about a user's friends, like their names and profile pictures. If your application needs to access other data about a user's friends to enable social functionality, you will need to request some of the special friends permissions listed below.
And if you look at the table below, it says "not available" for email permission for friends.
there ought to be some way else how does JanRain does it?
http://www.janrain.com/products/engage/invite-friends
I think that getting friends' email ids is not permitted by Facebook; at least, that's what my research tells me.
#helloworld: Who told you that janrain gets users' friends' email ids?
Only with the extended permission you can specify via the scope attribute, when obtaining the access token
Example:
https://graph.facebook.com/oauth/authorize?
client_id=...&
redirect_uri=http://www.example.com/callback&
scope=email