We use the LinkedIn API to retrieve the profile URL for our users using OAuth2.
Once we get the response from LinkedIn we store the siteStandardProfileRequest URL field in our app so other users can check the profile.
However we've seen that some of the URLs get 404's. The culprit URLs tend to have a numeric ID, while the other URLs are alphanumeric.
Is there a way to convert the numeric URLs to their alphanumeric counterparts without having to get an authorization token from the original user? Or generate valid URLs from what we have?
Thanks!
Related
I am implementing some code that posts content to the user Linkedin , the request response will have the shared object ID like "6777623868333944834".
What is weird the response does not contain a url to this shared/public object. If I check the urls of this posts from the website I see urls like
https://www.linkedin.com/posts/activity-6777623868333944834-PUJ7
https://www.linkedin.com/posts/activity-6777985031844458497-h4BO
https://www.linkedin.com/posts/activity-6777947888103243776-Yy4A
so Linkedin used the ID in the url but adds this extra 4 characters at the end.
I am wondering if I can somehow get the correct url without a new request.
I am not using any special library or SDK, just doing the requests directly,
If is not possible I am not able to find the correct API and permissions I would need to get the url if I have the ID (or urn)
I have created a post on my websites when I shared on LinkedIn, it's not showing complete URL of sharing.
Currently, I am using https://www.linkedin.com/sharing/share-offsite/?url=www.example.com/share/?id=12654
But When I am sharing with LinkedIn using above its redirect to below URL :
www.example.com/share
Its removing parameter which passed using id. How I can get the full URL: www.example.com/share/?id=12654
Don't forget to do URL-encoding with parameters you are feeding to another URL. So, your link should be ...&url=https%3A%2F%2Fw..., and not ...&url=https://. Your URL also contains a question mark that should be escaped. Ultimately, your URL should look like this..
https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.example.com/share/%3Fid=12654
URL encoding is required any time you are sending a URL as an argument to the GET param of another URL.
In case you want to know more: Official LinkedIn Share Documentation
If you are interested in a regularly maintained GitHub project that keeps track of this so you don't have to, check it out! Social Share URLs
I am looking to fetch degree of my particular connection without API using LinkedIn federator. For e.g. I have a first degree connection named "Vivek Joshi" working in company "ABC". So, I query LinkedIn federator to find the degree which is first("1st") in this case.
Query URL -- https://www.linkedin.com/ta/federator?query=Vivek,Joshi,ABC&types=mynetwork
and I get a JSON response containing degree information. The above URL works only if user is logged in to LinkedIn.
I have asp.net application in which I have "Sign in with LinkedIn" option as available too. But when I authorize any user to LinkedIn through my application and see the response headers of the LinkedIn authorization call, there is a header named as "Set-Cookie" but it doesn't have cookie I'm looking for which is "li_at"(LinkedIn Session Cookie).
The problem is that query url mentioned above expects a request header named as "cookie" with the value of "li_at" cookie.
How can I make the above URL work?
It is not possible to retrieve this information without using the API. Access to connection data is currently available to select LinkedIn partner developers. You can learn more about LinkedIn's partner programs here: https://developer.linkedin.com/partner-programs
I develop an ASP.NET website. It will contain text articles and some of them will contain pictures from my facebook account above and beyond the text. Note that I'm going to use only the public albums from my account.
So I created a sql table and binded the articles, the albums and the photos (in fact the IDs of all of them). I already used facebook api sdk and it was a great library.
Obviously any visitor of my website (even he doesn't have a facebook account) mignt be able to see the articles and the pictures withount visiting facebook and without authentication via facebook oAuth to access them.
Well here are the questions:
1) How do I get the photos a public album contains by album id and user id without authentication? (I don't know, maybe I should use the other parameters than album id and user id)
2) How do I get the properties (name, id, etc) of a public album?
With out an access token there's very little you can get from the graph api.
Just try yourself by directing your browser to: http://graph.facebook.com/YOU_USER_ID.
You can also check the fields/connections tables in the User object documentation, where it says "No access_token required" in the Permissions column (3rd) you can get with out a token.
If you want to get other data of yourself and serve it publicly on your site you have two options:
Use the server-side authentication flow, get a long lived access token (60 days), save that and use it for the following 60 days to get your data from facebook.
Then, when it gets expired go through the authentication process again.
It will just be you who needs to go through it, not your users, and only once every 60 days.
Log in yourself, authenticate against your app, get all the data and persist it on your db, then just present that to your users.
You'll need to update things every once in a while.
Edit
The server side authentication flow guide has an example written in php.
It's a simple example which does not cover all scenarios but it's a good start.
I have implemented this in python and java but it's not something that can easily be shared since it spans across multiple requests and states, and so I'll just describe the flow I think that you should use:
Inside facebook you go to your canvas app
Facebook will make a POST into an iframe with your canvas url
In the post data you will get a signed request, decode it and check if it has an access token, if so check when it expires. If all is good save that token and the auth process is over, otherwise:
Redirect the user to the oAuth dialog along with your redirect url and permissions that you require.
After you allow your own app you will be redirected to your "recirect_uri" with the code parameter (in the querystring).
Exchange the code for an access token against the facebook servers and save the token.
You can then redirect yourself to the canvas app or just stop there.
That should do it for a long lived access token which you can then use for 60 days.
As for persisting your fb data on your own db, it's a pretty trivial operation to save data on a db, and it all depends on what data you want to save, how you need to encode/use it (json, xml, plain text).
For example, let's say you want the display your own photos, then after you get the token (as described above) just query from your server for your photos by issues an http request to: https://graph.facebook.com/me/photos?access_token=XXXXXX.
You should get a json encoded result, iterate over that and save each picture as a record on your db.
To retrieve list of user's albums you need to issue next GET request to Graph API:
https://graph.facebook.com/me/albums?access_token=...
And to retrieve list of photos:
https://graph.facebook.com/ALBUM_ID?access_token=...
But you cannot read user's albums (and photos) without authentication and requesting user_photos permission.
According to album documentation:
To read an Album you need
Any valid access token if it is public and belongs to a Page
The user_photos permission if it belongs to a User
The friend_photos permission if it belongs to a User's friend
So generally you have only two options to achieve the result you want:
Use Facebook Page to store all the Albums/Photos you want to display on site
Read 'em using Application access_token.
This will allow you to completely bypass authentication flow at all.
Use your personal account to store Albums/Photos
Authorize application (client-side/server-side) and grant user_photos permissions
Extend access_token for your user and store it
Use your personal access_token to access your Albums/Photos
For a web app I want to let users review and edit a record they made previously through a browser form. In their confirmation mail, they get an access link with a secret token, like http://myapp.com/edityourstuff/hdD8sF2m Clicking this link shows them a form in which they can edit the existing data they submitted earlier.
This is not as secure as a username/password combination, but much more convenient and suitable for my situation.
However, I want to make this as secure as possible.
GET URLs
If the link containing the secret access token is disclosed, unauthorised people can access the data. My concern here is about shared/public computers.
I was planning to tackle this problem with the following pattern:
Access to /edityourstuff/ds8sdfhe via link in email
Start a session, store the secret token in there
redirect to clean /edityourstuff without token
The app now has access to the token in the session and can display the form accordingly. And the URL bar does not show it.
My question now is: Do browsers store the initial URL, that immediately redirects to the clean URL in their history?
I know that the different HTTP redirect status codes (301, 302, 303) have different use cases in theory. Is there any information on how different browsers treat the different redirect codes in respect to (not) storing the initial URL in browser history?
I just did some quick testing myself, with Firefox 7.0.1
When using the above pattern, no matter if 301, 302 or 303 redirect, Firefox does not return to the initial URL when clicking the back button. However, it is shown in the full browsing history and is part of the URL completion list of the browser bar.
This is exactly the drawback I was hoping to avoid.