Extend the LinkedIn provider to add configurable fields and more claims

Author: ericgreenmix

src/AspNet.Security.OAuth.LinkedIn/LinkedInAuthenticationDefaults.cs

@@ -44,7 +44,9 @@ public class LinkedInAuthenticationDefaults {
 
         /// <summary>
         /// Default value for <see cref="OAuthOptions.UserInformationEndpoint"/>.
+        /// Note: the endpoint must follow the LinkedIn convention and contain a '~' to append fields to, if they are specified.
+        /// See https://developer.linkedin.com/docs/signin-with-linkedin for more information.
         /// </summary>
-        public const string UserInformationEndpoint = "https://api.linkedin.com/v1/people/~:(id,first-name,last-name,formatted-name,email-address,public-profile-url,picture-url)";
+        public const string UserInformationEndpoint = "https://api.linkedin.com/v1/people/~";
     }
 }

src/AspNet.Security.OAuth.LinkedIn/LinkedInAuthenticationHandler.cs

@@ -24,7 +24,15 @@ public LinkedInAuthenticationHandler([NotNull] HttpClient client)
 
         protected override async Task<AuthenticationTicket> CreateTicketAsync([NotNull] ClaimsIdentity identity,
             [NotNull] AuthenticationProperties properties, [NotNull] OAuthTokenResponse tokens) {
-            var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
+            var address = Options.UserInformationEndpoint;
+
+            // If at least one field is specified,
+            // append the fields to the endpoint URL.
+            if (Options.Fields.Count != 0) {
+                address = address.Insert(address.LastIndexOf("~") + 1, $":({ string.Join(",", Options.Fields)})");
+            }
+
+            var request = new HttpRequestMessage(HttpMethod.Get, address);
             request.Headers.Add("x-li-format", "json");
             request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
 
@@ -44,8 +52,26 @@ protected override async Task<AuthenticationTicket> CreateTicketAsync([NotNull]
             identity.AddOptionalClaim(ClaimTypes.NameIdentifier, LinkedInAuthenticationHelper.GetIdentifier(payload), Options.ClaimsIssuer)
                     .AddOptionalClaim(ClaimTypes.Name, LinkedInAuthenticationHelper.GetName(payload), Options.ClaimsIssuer)
                     .AddOptionalClaim(ClaimTypes.Email, LinkedInAuthenticationHelper.GetEmail(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim(ClaimTypes.GivenName, LinkedInAuthenticationHelper.GetGivenName(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim(ClaimTypes.Surname, LinkedInAuthenticationHelper.GetFamilyName(payload), Options.ClaimsIssuer)
                     .AddOptionalClaim("urn:linkedin:profile", LinkedInAuthenticationHelper.GetPublicProfileUrl(payload), Options.ClaimsIssuer)
-                    .AddOptionalClaim("urn:linkedin:profilepicture", LinkedInAuthenticationHelper.GetProfilePictureUrl(payload), Options.ClaimsIssuer);
+                    .AddOptionalClaim("urn:linkedin:profilepicture", LinkedInAuthenticationHelper.GetProfilePictureUrl(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim("urn:linkedin:industry", LinkedInAuthenticationHelper.GetIndustry(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim("urn:linkedin:summary", LinkedInAuthenticationHelper.GetSummary(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim("urn:linkedin:headline", LinkedInAuthenticationHelper.GetHeadline(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim("urn:linkedin:positions", LinkedInAuthenticationHelper.GetPositions(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim("urn:linkedin:maidenname", LinkedInAuthenticationHelper.GetMaidenName(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim("urn:linkedin:phoneticfirstname", LinkedInAuthenticationHelper.GetPhoneticFirstName(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim("urn:linkedin:phoneticlastname", LinkedInAuthenticationHelper.GetPhoneticLastName(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim("urn:linkedin:phoneticname", LinkedInAuthenticationHelper.GetPhoneticName(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim("urn:linkedin:location", LinkedInAuthenticationHelper.GetLocation(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim("urn:linkedin:specialties", LinkedInAuthenticationHelper.GetSpecialties(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim("urn:linkedin:numconnections", LinkedInAuthenticationHelper.GetNumConnections(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim("urn:linkedin:numconnectionscapped", LinkedInAuthenticationHelper.GetNumConnectionsCapped(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim("urn:linkedin:currentshare", LinkedInAuthenticationHelper.GetCurrentShare(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim("urn:linkedin:sitestandardprofilerequest", LinkedInAuthenticationHelper.GetSiteStandardProfileRequest(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim("urn:linkedin:apistandardprofilerequest", LinkedInAuthenticationHelper.GetApiStandardProfileRequest(payload), Options.ClaimsIssuer)
+                    .AddOptionalClaim("urn:linkedin:pictureurls", LinkedInAuthenticationHelper.GetPictureUrls(payload), Options.ClaimsIssuer);
 
             var principal = new ClaimsPrincipal(identity);
             var ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);

src/AspNet.Security.OAuth.LinkedIn/LinkedInAuthenticationHelper.cs

@@ -28,14 +28,112 @@ public class LinkedInAuthenticationHelper {
         /// </summary>
         public static string GetName([NotNull] JObject user) => user.Value<string>("formattedName");
 
+        /// <summary>
+        /// Gets the first name corresponding to the authenticated user.
+        /// </summary>
+        public static string GetGivenName([NotNull] JObject user) => user.Value<string>("firstName");
+
+        /// <summary>
+        /// Gets the last name corresponding to the authenticated user.
+        /// </summary>
+        public static string GetFamilyName([NotNull] JObject user) => user.Value<string>("lastName");
+
+        /// <summary>
+        /// Gets the maiden name corresponding to the authenticated user.
+        /// </summary>
+        public static string GetMaidenName([NotNull] JObject user) => user.Value<string>("maidenName");
+
+        /// <summary>
+        /// Gets the phonetic first name corresponding to the authenticated user.
+        /// </summary>
+        public static string GetPhoneticFirstName([NotNull] JObject user) => user.Value<string>("phoneticFirstName");
+
+        /// <summary>
+        /// Gets the phonetic last name corresponding to the authenticated user.
+        /// </summary>
+        public static string GetPhoneticLastName([NotNull] JObject user) => user.Value<string>("phoneticLastName");
+
+        /// <summary>
+        /// Gets the phonetic name corresponding to the authenticated user.
+        /// </summary>
+        public static string GetPhoneticName([NotNull] JObject user) => user.Value<string>("formattedPhoneticName");
+
         /// <summary>
         /// Gets the profile picture URL corresponding to the authenticated user.
         /// </summary>
         public static string GetProfilePictureUrl([NotNull] JObject user) => user.Value<string>("pictureUrl");
 
+        /// <summary>
+        /// Gets the URL of the member's original unformatted profile picture.
+        /// This image is usually larger than the picture-url value above.
+        /// </summary>
+        public static string GetPictureUrls([NotNull] JObject user) => user["pictureUrls"]?.ToString();
+
         /// <summary>
         /// Gets the public profile URL corresponding to the authenticated user.
         /// </summary>
         public static string GetPublicProfileUrl([NotNull] JObject user) => user.Value<string>("publicProfileUrl");
+
+        /// <summary>
+        /// Gets the industry corresponding to the authenticated user.
+        /// See https://developer.linkedin.com/docs/reference/industry-codes for more information.
+        /// </summary>
+        public static string GetIndustry([NotNull] JObject user) => user.Value<string>("industry");
+
+        /// <summary>
+        /// Gets the summary corresponding to the authenticated user.
+        /// </summary>
+        public static string GetSummary([NotNull] JObject user) => user.Value<string>("summary");
+
+        /// <summary>
+        /// Gets the headline corresponding to the authenticated user.
+        /// </summary>
+        public static string GetHeadline([NotNull] JObject user) => user.Value<string>("headline");
+
+        /// <summary>
+        /// Gets the specialties corresponding to the authenticated user.
+        /// </summary>
+        public static string GetSpecialties([NotNull] JObject user) => user.Value<string>("specialties");
+
+        /// <summary>
+        /// Gets the location object corresponding to the authenticated user.
+        /// See https://developer.linkedin.com/docs/fields/location for more information.
+        /// </summary>
+        public static string GetLocation([NotNull] JObject user) => user["location"]?.ToString();
+
+        /// <summary>
+        /// Gets the most recent item the member has shared on LinkedIn. If the member has not shared anything, their 'status' is returned instead.
+        /// </summary>
+        public static string GetCurrentShare([NotNull] JObject user) => user.Value<string>("currentShare");
+
+        /// <summary>
+        /// Gets the positions object corresponding to the authenticated user.
+        /// See https://developer.linkedin.com/docs/fields/positions for more information.
+        /// </summary>
+        public static string GetPositions([NotNull] JObject user) => user["positions"]?.ToString();
+
+        /// <summary>
+        /// Gets the number of LinkedIn connections the member has, capped at 500.
+        /// See 'num-connections-capped' to determine if the value returned has been capped.
+        /// </summary>
+        public static string GetNumConnections([NotNull] JObject user) => user.Value<string>("numConnections");
+
+        /// <summary>
+        /// Gets a boolean indicating whether the member's 'num-connections' value
+        /// has been capped at 500 or represents the user's true value.
+        /// </summary>
+        public static string GetNumConnectionsCapped([NotNull] JObject user) => user.Value<string>("numConnectionsCapped");
+
+        /// <summary>
+        /// Gets the URL representing the resource one would request
+        /// for programmatic access to the member's profile.
+        /// </summary>
+        public static string GetApiStandardProfileRequest([NotNull] JObject user) => user.Value<string>("apiStandardProfileRequest");
+
+        /// <summary>
+        /// Gets the URL to the member's authenticated profile on LinkedIn.
+        /// Note: one must be logged into LinkedIn to view this URL.
+        /// </summary>
+        public static string GetSiteStandardProfileRequest([NotNull] JObject user) => user.Value<string>("siteStandardProfileRequest");
     }
 }

src/AspNet.Security.OAuth.LinkedIn/LinkedInAuthenticationMiddleware.cs

@@ -4,6 +4,7 @@
  * for more information concerning the license and the contributors participating to this project.
  */
 
+using System;
 using System.Text.Encodings.Web;
 using JetBrains.Annotations;
 using Microsoft.AspNetCore.Authentication;
@@ -23,6 +24,10 @@ public LinkedInAuthenticationMiddleware(
             [NotNull] UrlEncoder encoder,
             [NotNull] IOptions<SharedAuthenticationOptions> externalOptions)
             : base(next, dataProtectionProvider, loggerFactory, encoder, externalOptions, options) {
+            if (Options.Fields.Count != 0 && !Options.UserInformationEndpoint.Contains("~")) {
+                throw new ArgumentException("The user information endpoint is improperly formatted. " +
+                                            "The endpoint must contain a '~' to append the supplied fields.", nameof(options));
+            }
         }
 
         protected override AuthenticationHandler<LinkedInAuthenticationOptions> CreateHandler() {

src/AspNet.Security.OAuth.LinkedIn/LinkedInAuthenticationOptions.cs

@@ -4,6 +4,7 @@
  * for more information concerning the license and the contributors participating to this project.
  */
 
+using System.Collections.Generic;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Http;
 
@@ -23,5 +24,15 @@ public LinkedInAuthenticationOptions() {
             TokenEndpoint = LinkedInAuthenticationDefaults.TokenEndpoint;
             UserInformationEndpoint = LinkedInAuthenticationDefaults.UserInformationEndpoint;
         }
+
+        /// <summary>
+        /// Gets the list of fields to retrieve from the user information endpoint.
+        /// See https://developer.linkedin.com/docs/fields/basic-profile for more information.
+        /// </summary>
+        public ICollection<string> Fields { get; } = new HashSet<string> {
+            "id",
+            "formatted-name",
+            "email-address"
+        };
     }
 }