How make a secure login via LinkedIn sign in button

724 views Asked by At

I wanted to implement a LinkedIn sign in button and came across with below URL with a simple guide how to implement it.

https://developer.linkedin.com/documents/sign-linkedin

<script type="text/javascript">
function onLinkedInAuth() {
  IN.API.Profile("me")
    .result( function(me) {
      var id = me.values[0].id;
      // AJAX call to pass back id to your server
    });
}
</script>

From the guideline given, it mentioned that after user has successfully signed in to their linked in account a JS callback function can be executed and profile details of the user can be retrieved.

It did mentioned as well that basically you can pass the linkedin id of the user to the server and it can be used to identify the user and eventually authenticate.

For this method, i find it less secure since anyone can probably get someone else linked in ID. How do you guys enhance the login flow to make it secure?

I really appreciate any input.

Thanks!

1

There are 1 answers

1
Samer Bechara On

Even if someone was able to retrieve the ID, it would be useless to them.

User IDs via the API are different from the IDs you see on the linkedin website, as they differ from application to another. So even if the user had access to the ID, they will still need to have access to your application's keys (Consumer key and Consumer secret)

I hope this helps.