fix: use valid LinkedIn API endpoint and update version to 202506

csharpfritz · Copilot · csharpfritz · commit fcdbb390eeb6 · 2026-02-19T14:07:17.000-05:00
Replaced non-existent q=hashtag endpoint with q=author query that
fetches authenticated user's posts and filters client-side for
hashtag matches. Added ResolveMemberUrn() with caching. Updated
LinkedIn-Version header from 202401 to 202506 to fix 426 error.

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/.ai-team/agents/sombra/history.md b/.ai-team/agents/sombra/history.md
@@ -24,6 +24,8 @@
 - **LinkedIn OAuth flow:** Admin-initiated OAuth is implemented via minimal API endpoints (`/api/linkedin/authorize` and `/api/linkedin/callback`) in Service_LinkedInOAuth.cs, mapped in Program.cs via `app.MapLinkedInOAuthEndpoints()`. The flow uses LinkedIn's 3-legged OAuth 2.0 with scopes `openid`, `profile`, `w_member_social`, and `r_organization_social`. Access tokens expire in 60 days. Tokens are stored encrypted in LinkedInConfiguration via IConfigureTagzApp. State parameter is persisted in AuthenticationProperties for CSRF protection. The admin UI shows an "Authorize with LinkedIn" button that redirects to the authorize endpoint, which then redirects to LinkedIn, which redirects back to the callback endpoint where tokens are exchanged and stored.
 - **Blazor.Client WebAssembly constraints:** Microsoft.AspNetCore.WebUtilities.QueryHelpers is NOT available in Blazor WebAssembly projects. Use simple string parsing with `query.Contains()` and `Uri.UnescapeDataString()` for query string handling in client-side Blazor components.
 - **OAuth security patterns:** Callback URLs must use HTTPS and match exactly what's registered in the LinkedIn Developer App. The app uses X-Forwarded-Proto and X-Forwarded-Host headers to correctly construct callback URLs when behind proxies/containers. State parameter is generated as GUID and stored in AuthenticationProperties, then validated on callback to prevent CSRF attacks.
+- **LinkedIn API reality check:** `GET /rest/posts?q=hashtag&hashtag={tag}` does NOT exist. The `q=hashtag` finder is not a valid query parameter. With `w_member_social` scope, the realistic approach is `GET /rest/posts?q=author&author={memberUrn}` to fetch the authenticated member's own posts, then filter client-side for hashtag matches. The member URN is obtained from `GET /v2/userinfo` (`sub` field → `urn:li:person:{sub}`).
+- **LinkedIn member URN resolution:** Call `/v2/userinfo` once at StartAsync (and lazily on first use if that failed). Cache the URN in `_memberUrn` field. No version header needed on the `/v2/userinfo` endpoint — it's a standard OAuth2 endpoint.
 
 ## Team Updates
 - 📌 **2026-02-18**: LinkedIn provider plan decided by Mercy — architecture approved for implementation. 10 work items across 4 phases (scaffolding, core provider, integration, testing/docs). Estimated 2-3 days for implementation, 1 day for tests/docs.
diff --git a/src/TagzApp.Providers.LinkedIn/LinkedInProvider.cs b/src/TagzApp.Providers.LinkedIn/LinkedInProvider.cs
@@ -10,7 +10,7 @@ namespace TagzApp.Providers.LinkedIn;
 
 public class LinkedInProvider : ISocialMediaProvider, IDisposable
 {
-	private const string LinkedInApiVersion = "202401";
+	private const string LinkedInApiVersion = "202506";
 	private const string LinkedInApiBase = "https://api.linkedin.com";
 
 	private readonly HttpClient _httpClient;
@@ -23,6 +23,7 @@ public class LinkedInProvider : ISocialMediaProvider, IDisposable
 	private string _statusMessage = "Not started";
 	private int _dailyCallCount;
 	private DateTimeOffset _dailyResetTime = DateTimeOffset.UtcNow.Date.AddDays(1);
+	private string? _memberUrn;
 
 	public LinkedInProvider(
 		IHttpClientFactory httpClientFactory,
@@ -79,9 +80,20 @@ public async Task<IEnumerable<Content>> GetContentForHashtag(Hashtag tag, DateTi
 			return [];
 		}
 
+		if (string.IsNullOrEmpty(_memberUrn))
+		{
+			_memberUrn = await ResolveMemberUrn();
+			if (string.IsNullOrEmpty(_memberUrn))
+			{
+				_status = SocialMediaStatus.Unhealthy;
+				_statusMessage = "Unable to resolve authenticated member URN";
+				return [];
+			}
+		}
+
 		var hashtag = Hashtag.ClearFormatting(tag.Text);
-		var encodedHashtag = HttpUtility.UrlEncode(hashtag);
-		var requestUri = $"{LinkedInApiBase}/rest/posts?q=hashtag&hashtag={encodedHashtag}";
+		var encodedAuthor = HttpUtility.UrlEncode(_memberUrn);
+		var requestUri = $"{LinkedInApiBase}/rest/posts?q=author&author={encodedAuthor}&count=50";
 
 		try
 		{
@@ -117,6 +129,9 @@ public async Task<IEnumerable<Content>> GetContentForHashtag(Hashtag tag, DateTi
 				var postTimestamp = DateTimeOffset.FromUnixTimeMilliseconds(post.CreatedAt);
 				if (postTimestamp <= since) continue;
 
+				// Client-side hashtag filter: only include posts mentioning the hashtag
+				if (!ContainsHashtag(post.Commentary, hashtag)) continue;
+
 				var author = await ResolveAuthor(post.Author);
 
 				var postUrn = post.Id ?? string.Empty;
@@ -203,18 +218,76 @@ public async Task<IEnumerable<Content>> GetContentForHashtag(Hashtag tag, DateTi
 		return Task.FromResult((SocialMediaStatus.Healthy, _status == SocialMediaStatus.Unhealthy && _statusMessage == "Not started" ? "OK" : _statusMessage));
 	}
 
-	public Task StartAsync()
+	public async Task StartAsync()
 	{
+		_memberUrn = await ResolveMemberUrn();
 		_status = SocialMediaStatus.Healthy;
 		_statusMessage = "OK";
-		return Task.CompletedTask;
 	}
 
 	public Task StopAsync()
 	{
 		return Task.CompletedTask;
 	}
 
+	private async Task<string?> ResolveMemberUrn()
+	{
+		if (string.IsNullOrWhiteSpace(_configuration.AccessToken))
+		{
+			return null;
+		}
+
+		try
+		{
+			ResetDailyBudgetIfNeeded();
+			if (_dailyCallCount >= _configuration.DailyCallBudget)
+			{
+				_logger.LogWarning("LinkedIn daily budget exhausted; cannot resolve member URN");
+				return null;
+			}
+
+			using var request = new HttpRequestMessage(HttpMethod.Get, $"{LinkedInApiBase}/v2/userinfo");
+			request.Headers.Add("Authorization", $"Bearer {_configuration.AccessToken}");
+
+			var response = await _httpClient.SendAsync(request);
+			Interlocked.Increment(ref _dailyCallCount);
+
+			if (!response.IsSuccessStatusCode)
+			{
+				_logger.LogError("LinkedIn userinfo call failed: {StatusCode} {Reason}", (int)response.StatusCode, response.ReasonPhrase);
+				return null;
+			}
+
+			var userInfo = await response.Content.ReadFromJsonAsync<JsonElement>();
+			if (userInfo.TryGetProperty("sub", out var sub))
+			{
+				var memberId = sub.GetString();
+				if (!string.IsNullOrEmpty(memberId))
+				{
+					var urn = $"urn:li:person:{memberId}";
+					_logger.LogInformation("Resolved LinkedIn member URN: {Urn}", urn);
+					return urn;
+				}
+			}
+
+			_logger.LogError("LinkedIn userinfo response missing 'sub' field");
+			return null;
+		}
+		catch (Exception ex)
+		{
+			_logger.LogError(ex, "Error resolving LinkedIn member URN");
+			return null;
+		}
+	}
+
+	private static bool ContainsHashtag(string? text, string hashtag)
+	{
+		if (string.IsNullOrEmpty(text)) return false;
+		// Match #hashtag or plain hashtag text (case-insensitive)
+		return text.Contains($"#{hashtag}", StringComparison.OrdinalIgnoreCase)
+			|| text.Contains(hashtag, StringComparison.OrdinalIgnoreCase);
+	}
+
 	private async Task<LinkedInAuthor> ResolveAuthor(string? authorUrn)
 	{
 		if (string.IsNullOrEmpty(authorUrn))
