Saturday, June 4, 2016

Java Web Application for Retrieving User Profile Information from LinkedIn using OAuth 2.0 Authorization Code Grant Type

In my previous article “ Retrieving User Profile Information from LinkedIn using OAuth 2.0 Authorization Code Grant Type” [1], I discussed how to improve the usability of websites for Identity Management. When there is a lengthy form for the visitors to fill in and get registered in a website, you can provide the option for them to login to an existing Identity Provider website (i.e facebook, linkedin, twitter etc.) so your website can retrieve the personal details of the user from that Identity Provider (i.e linkedin). With the user profile details received, you can auto fill your web form for the user and let them register in your website easily.

In this blog post, I am demonstrating how to write a java web application to retrieve user profile data from LinkedIn. This is a maven project and the built war file is hosted in tomcat running in port 8080.

Once the website is opened in the browser, it shows the registration page. Here, instead of filling out all the fields in the form, you can simple click on ‘Login with LinkedIn’ button.

Then the user will be redirected to the LinkedIn website where it will show that there is a third party application requesting your permission to access your profile information. We call this as the User Consent in OAuth terminology. You can provide your LinkedIn credentials and Allow access. (Here you enter your LinkedIn credentials to LinkedIn itself, therefore you do not need to worry about your credentials being leaked)

Upon allowing access, the web application will be able to retrieve your LinkedIn profile information and auto fill the form.


The source code of the java sample application can be found at [2].

The maven project structure is as following.


The registration page is in index.jsp and profile.jsp is the registration page that is auto filled with LinkedIn user profile information.

In the project resources, I have a java keystore with name truststore.jks. In this keystore, I have imported the public certificates of LinkedIn because from the code we are making a back channel call using HTTP client for retrieving user profile information from LinkedIn API. This call is an https call and therefore for creating the SSLContext, we need to have a truststore where the public certificate/s of the LinkedIn API added. (password of truststore.jks is wso2carbon). OAuthTLSUtil class in the sample handles this https call.


The two LinkedIn API certificates are as following. (What I have done is simply visiting the www.linkedin.com and tablet.linkedin.com websites from the browser and downloaded the certificate from browser. These downloaded certificates are then imported to the java keystore which I created)



When you try out the sample, you should have registered your own OAuth application in LinkedIn developer account and the clientId and clientSecret values should be obtained from that. The clientId value you have should be added in [3] and [4]. The clientSecret value should be added in [5] in the sample.

Once we have retrieved the access token, using it we can call LinkedIn API for retrieving user profile information. We need to request each user attribute in a comma separate list as below.

The complete list of user profile fields in available in [6].

Then we receive the user profile information as a JSON object as following. In the code we have to parse the JSON object and retrieve each field.

{
  "emailAddress": "XXXXXXXXXX",
  "firstName": "Tharindu",
  "industry": "Information Technology and Services",
  "lastName": "Edirisinghe",
  "pictureUrl": "https://media.licdn.com/mpr/mprx/0_tahxOFyLNhWT7h7xcoNtrzJL9bkh7ru1t4nxR1RXzXhT7hgxOa4lPzJLPvuToAr-toNxrks5MGP32qRORgL_91cWpGP82qJ1YgLyj-GkciQ26GG7-2P-gQ2vyBWK5qmGcOTPs2BTxn3",
  "publicProfileUrl": "https://www.linkedin.com/in/ediri",
  "summary": "XXXXXXXXXXXXXXXXX"}
Similarly you can provide login with Facebook, Twitter etc. capability to your websites to improve the usability of the website.

References




Tharindu Edirisinghe
Platform Security Team
WSO2

5 comments:

  1. accessToken = jsonobj.get("access_token").toString();
    getting null pointer Exception in Outh main class please help here

    ReplyDelete
  2. Hi Jinesh,

    The reason is when the sample app tries to call linkedin API via HTTPS, it gives an SSL exception. The reason is, in the truststore.jks file, the linkedin certificates are expired. Please remove the existing certificates and add new certificates, so you can avoid this problem.

    ReplyDelete
  3. Your style is really unique in comparison to other folks I have read stuff from.
    Many thanks for posting when you have the opportunity, Guess I'll just bookmark this page.

    ReplyDelete
  4. Exccellent post. I wіll be experiencing ѕome of
    theѕe issues as ᴡell..

    ReplyDelete