diff --git a/README.md b/README.md index b9789a5..5342549 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ A LinkedIn OAuth2 strategy for OmniAuth. -For more details, read the LinkedIn documentation: https://developer.linkedin.com/documents/authentication +For more details, read the LinkedIn documentation: https://developer.linkedin.com/docs/oauth2 ## Installation @@ -22,6 +22,8 @@ Or install it yourself as: ## Upgrading +This version is a major upgrade to the LinkedIn API version 2. As such, it switches from the soon to be no longer available `r_basicprofile` to `r_liteprofile`. This results in a much limited set of data that we can get from LinkedIn. + Previous versions of this gem used the provider name `:linkedin_oauth2`. In order to provide a cleaner upgrade path for users who were previously using the OAuth 1.0 omniauth adapter for LinkedIn [https://github.com/skorks/omniauth-linkedin], this has been renamed to just `:linkedin`. Users who are upgrading from previous versions of this gem may need to update their Omniauth and/or Devise configurations to use the shorter provider name. @@ -43,16 +45,16 @@ You can now access the OmniAuth LinkedIn OAuth2 URL: `/auth/linkedin`. ## Granting Member Permissions to Your Application With the LinkedIn API, you have the ability to specify which permissions you want users to grant your application. -For more details, read the LinkedIn documentation: https://developer.linkedin.com/documents/authentication +For more details, read the LinkedIn documentation: https://developer.linkedin.com/docs/oauth2 By default, omniauth-linkedin-oauth2 requests the following permissions: - 'r_basicprofile r_emailaddress' + 'r_liteprofile r_emailaddress' You can configure the scope option: ```ruby -provider :linkedin, ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'], :scope => 'r_fullprofile r_emailaddress r_network' +provider :linkedin, ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'], :scope => 'r_literofile' ``` ## Profile Fields @@ -60,25 +62,21 @@ provider :linkedin, ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'], :scope => 'r_fu When specifying which permissions you want to users to grant to your application, you will probably want to specify the array of fields that you want returned in the omniauth hash. The list of default fields is as follows: ```ruby -['id', 'email-address', 'first-name', 'last-name', 'headline', 'location', 'industry', 'picture-url', 'public-profile-url'] +['id', 'first-name', 'last-name', 'picture-url', 'email-address'] ``` -Here's an example of a possible configuration where the fields returned from the API are: id, email-address, first-name and last-name. +Here's an example of a possible configuration where the fields returned from the API are: id, first-name and last-name. ```ruby -provider :linkedin, ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'], :fields => ['id', 'email-address', 'first-name', 'last-name'] +provider :linkedin, ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'], :fields => ['id', 'first-name', 'last-name'] ``` -To see a complete list of available fields, consult the LinkedIn documentation at: https://developer.linkedin.com/documents/profile-fields - -## Other Options - -* `secure_image_url` - Set to `true` to use https for the profile picture url. Default is `false`. +To see a complete list of available fields, consult the LinkedIn documentation at: https://developer.linkedin.com/docs/fields ## Contributing -1. Fork it -2. Create your feature branch (`git checkout -b my-new-feature`) -3. Commit your changes (`git commit -am 'Add some feature'`) -4. Push to the branch (`git push origin my-new-feature`) -5. Create new Pull Request +1. Fork it +2. Create your feature branch (`git checkout -b my-new-feature`) +3. Commit your changes (`git commit -am 'Add some feature'`) +4. Push to the branch (`git push origin my-new-feature`) +5. Create new Pull Request diff --git a/lib/omniauth-linkedin-oauth2/version.rb b/lib/omniauth-linkedin-oauth2/version.rb index 40b7d22..00663a8 100644 --- a/lib/omniauth-linkedin-oauth2/version.rb +++ b/lib/omniauth-linkedin-oauth2/version.rb @@ -1,5 +1,5 @@ module OmniAuth module LinkedInOAuth2 - VERSION = "0.2.5" + VERSION = '1.0.0' end end diff --git a/lib/omniauth/strategies/linkedin.rb b/lib/omniauth/strategies/linkedin.rb index 1b16934..ecff8a5 100755 --- a/lib/omniauth/strategies/linkedin.rb +++ b/lib/omniauth/strategies/linkedin.rb @@ -3,45 +3,34 @@ module OmniAuth module Strategies class LinkedIn < OmniAuth::Strategies::OAuth2 - # Give your strategy a name. option :name, 'linkedin' - # This is where you pass the options you would pass when - # initializing your consumer from the OAuth gem. option :client_options, { :site => 'https://api.linkedin.com', :authorize_url => 'https://www.linkedin.com/oauth/v2/authorization?response_type=code', :token_url => 'https://www.linkedin.com/oauth/v2/accessToken' } - option :scope, 'r_basicprofile r_emailaddress' - option :fields, ['id', 'email-address', 'first-name', 'last-name', 'headline', 'location', 'industry', 'picture-url', 'public-profile-url'] + option :scope, 'r_liteprofile r_emailaddress' + option :fields, ['id', 'first-name', 'last-name', 'picture-url', 'email-address'] - # These are called after authentication has succeeded. If - # possible, you should try to set the UID without making - # additional calls (if the user id is returned with the token - # or as a URI parameter). This may not be possible with all - # providers. - uid { raw_info['id'] } + uid do + raw_info['id'] + end info do { - :name => user_name, - :email => raw_info['emailAddress'], - :nickname => user_name, - :first_name => raw_info['firstName'], - :last_name => raw_info['lastName'], - :location => raw_info['location'], - :description => raw_info['headline'], - :image => raw_info['pictureUrl'], - :urls => { - 'public_profile' => raw_info['publicProfileUrl'] - } + :email => email_address, + :first_name => localized_field('firstName'), + :last_name => localized_field('lastName'), + :picture_url => picture_url } end extra do - { 'raw_info' => raw_info } + { + 'raw_info' => raw_info + } end def callback_url @@ -52,28 +41,93 @@ def callback_url def access_token ::OAuth2::AccessToken.new(client, oauth2_access_token.token, { - :mode => :query, - :param_name => 'oauth2_access_token', :expires_in => oauth2_access_token.expires_in, :expires_at => oauth2_access_token.expires_at }) end def raw_info - @raw_info ||= access_token.get("/v1/people/~:(#{option_fields.join(',')})?format=json").parsed + @raw_info ||= access_token.get(profile_endpoint).parsed end private - def option_fields - fields = options.fields - fields.map! { |f| f == "picture-url" ? "picture-url;secure=true" : f } if !!options[:secure_image_url] - fields + def email_address + if options.fields.include? 'email-address' + fetch_email_address + parse_email_address + end + end + + def fetch_email_address + @email_address_response ||= access_token.get(email_address_endpoint).parsed + end + + def parse_email_address + return unless email_address_available? + + @email_address_response['elements'].first['handle~']['emailAddress'] + end + + def email_address_available? + @email_address_response['elements'] && + @email_address_response['elements'].is_a?(Array) && + @email_address_response['elements'].first && + @email_address_response['elements'].first['handle~'] + end + + def fields_mapping + { + 'id' => 'id', + 'first-name' => 'firstName', + 'last-name' => 'lastName', + 'picture-url' => 'profilePicture(displayImage~:playableStreams)' + } + end + + def fields + options.fields.each.with_object([]) do |field, result| + result << fields_mapping[field] if fields_mapping.has_key? field + end + end + + def localized_field field_name + return unless localized_field_available? field_name + + raw_info[field_name]['localized'][field_locale(field_name)] + end + + def field_locale field_name + "#{ raw_info[field_name]['preferredLocale']['language'] }_" \ + "#{ raw_info[field_name]['preferredLocale']['country'] }" + end + + def localized_field_available? field_name + raw_info[field_name] && raw_info[field_name]['localized'] + end + + def picture_url + return unless picture_available? + + picture_references.last['identifiers'].first['identifier'] + end + + def picture_available? + raw_info['profilePicture'] && + raw_info['profilePicture']['displayImage~'] && + picture_references + end + + def picture_references + raw_info['profilePicture']['displayImage~']['elements'] + end + + def email_address_endpoint + '/v2/emailAddress?q=members&projection=(elements*(handle~))' end - def user_name - name = "#{raw_info['firstName']} #{raw_info['lastName']}".strip - name.empty? ? nil : name + def profile_endpoint + "/v2/me?projection=(#{ fields.join(',') })" end end end diff --git a/omniauth-linkedin-oauth2.gemspec b/omniauth-linkedin-oauth2.gemspec index b98e951..8c786ac 100644 --- a/omniauth-linkedin-oauth2.gemspec +++ b/omniauth-linkedin-oauth2.gemspec @@ -18,12 +18,11 @@ Gem::Specification.new do |gem| gem.test_files = gem.files.grep(%r{^(test|spec|features)/}) gem.require_paths = ["lib"] - gem.add_runtime_dependency 'omniauth', '~> 1.0' gem.add_runtime_dependency 'omniauth-oauth2' - gem.add_development_dependency 'bundler', '~> 1.3' + gem.add_development_dependency 'bundler' gem.add_development_dependency 'rake' - gem.add_development_dependency 'rspec', '~> 3.0' + gem.add_development_dependency 'rspec' gem.add_development_dependency 'simplecov' end diff --git a/spec/omniauth/strategies/linkedin_spec.rb b/spec/omniauth/strategies/linkedin_spec.rb index ffc299a..02765af 100755 --- a/spec/omniauth/strategies/linkedin_spec.rb +++ b/spec/omniauth/strategies/linkedin_spec.rb @@ -4,7 +4,7 @@ describe OmniAuth::Strategies::LinkedIn do subject { OmniAuth::Strategies::LinkedIn.new(nil) } - it 'should add a camelization for itself' do + it 'adds camelization for itself' do expect(OmniAuth::Utils.camelize('linkedin')).to eq('LinkedIn') end @@ -13,11 +13,11 @@ expect(subject.client.site).to eq('https://api.linkedin.com') end - it 'has correct authorize url' do + it 'has correct `authorize_url`' do expect(subject.client.options[:authorize_url]).to eq('https://www.linkedin.com/oauth/v2/authorization?response_type=code') end - it 'has correct token url' do + it 'has correct `token_url`' do expect(subject.client.options[:token_url]).to eq('https://www.linkedin.com/oauth/v2/accessToken') end end @@ -30,7 +30,7 @@ describe '#uid' do before :each do - allow(subject).to receive(:raw_info) { { 'id' => 'uid' } } + allow(subject).to receive(:raw_info) { Hash['id' => 'uid'] } end it 'returns the id from raw_info' do @@ -38,84 +38,75 @@ end end - describe '#info' do + describe '#info / #raw_info' do + let(:access_token) { instance_double OAuth2::AccessToken } + + let(:parsed_response) { Hash[:foo => 'bar'] } + + let(:profile_endpoint) { '/v2/me?projection=(id,firstName,lastName,profilePicture(displayImage~:playableStreams))' } + let(:email_address_endpoint) { '/v2/emailAddress?q=members&projection=(elements*(handle~))' } + + let(:email_address_response) { instance_double OAuth2::Response, parsed: parsed_response } + let(:profile_response) { instance_double OAuth2::Response, parsed: parsed_response } + before :each do - allow(subject).to receive(:raw_info) { {} } + allow(subject).to receive(:access_token).and_return access_token + + allow(access_token).to receive(:get) + .with(email_address_endpoint) + .and_return(email_address_response) + + allow(access_token).to receive(:get) + .with(profile_endpoint) + .and_return(profile_response) end - context 'and therefore has all the necessary fields' do - it { expect(subject.info).to have_key :name } - it { expect(subject.info).to have_key :email } - it { expect(subject.info).to have_key :nickname } - it { expect(subject.info).to have_key :first_name } - it { expect(subject.info).to have_key :last_name } - it { expect(subject.info).to have_key :location } - it { expect(subject.info).to have_key :description } - it { expect(subject.info).to have_key :image } - it { expect(subject.info).to have_key :urls } + it 'returns parsed responses using access token' do + expect(subject.info).to have_key :email + expect(subject.info).to have_key :first_name + expect(subject.info).to have_key :last_name + expect(subject.info).to have_key :picture_url + + expect(subject.raw_info).to eq({ :foo => 'bar' }) end end describe '#extra' do + let(:raw_info) { Hash[:foo => 'bar'] } + before :each do - allow(subject).to receive(:raw_info) { { :foo => 'bar' } } + allow(subject).to receive(:raw_info).and_return raw_info end - it { expect(subject.extra['raw_info']).to eq({ :foo => 'bar' }) } + specify { expect(subject.extra['raw_info']).to eq raw_info } end describe '#access_token' do - before :each do - allow(subject).to receive(:oauth2_access_token) { double('oauth2 access token', :expires_in => 3600, :expires_at => 946688400).as_null_object } + let(:expires_in) { 3600 } + let(:expires_at) { 946688400 } + let(:token) { 'token' } + let(:access_token) do + instance_double OAuth2::AccessToken, :expires_in => expires_in, + :expires_at => expires_at, :token => token end - it { expect(subject.access_token.expires_in).to eq(3600) } - it { expect(subject.access_token.expires_at).to eq(946688400) } - end - - describe '#raw_info' do before :each do - access_token = double('access token') - response = double('response', :parsed => { :foo => 'bar' }) - expect(access_token).to receive(:get).with("/v1/people/~:(baz,qux)?format=json").and_return(response) - - allow(subject).to receive(:option_fields) { ['baz', 'qux'] } - allow(subject).to receive(:access_token) { access_token } + allow(subject).to receive(:oauth2_access_token).and_return access_token end - it 'returns parsed response from access token' do - expect(subject.raw_info).to eq({ :foo => 'bar' }) - end + specify { expect(subject.access_token.expires_in).to eq expires_in } + specify { expect(subject.access_token.expires_at).to eq expires_at } end describe '#authorize_params' do describe 'scope' do before :each do - subject.stub(:session => {}) + allow(subject).to receive(:session).and_return({}) end it 'sets default scope' do - expect(subject.authorize_params['scope']).to eq('r_basicprofile r_emailaddress') + expect(subject.authorize_params['scope']).to eq('r_liteprofile r_emailaddress') end end end - - describe '#option_fields' do - it 'returns options fields' do - subject.stub(:options => double('options', :fields => ['foo', 'bar']).as_null_object) - expect(subject.send(:option_fields)).to eq(['foo', 'bar']) - end - - it 'http avatar image by default' do - subject.stub(:options => double('options', :fields => ['picture-url'])) - allow(subject.options).to receive(:[]).with(:secure_image_url).and_return(false) - expect(subject.send(:option_fields)).to eq(['picture-url']) - end - - it 'https avatar image if secure_image_url truthy' do - subject.stub(:options => double('options', :fields => ['picture-url'])) - allow(subject.options).to receive(:[]).with(:secure_image_url).and_return(true) - expect(subject.send(:option_fields)).to eq(['picture-url;secure=true']) - end - end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index d611ce3..28b016e 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -8,7 +8,6 @@ # # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration RSpec.configure do |config| - config.treat_symbols_as_metadata_keys_with_true_values = true config.run_all_when_everything_filtered = true config.filter_run :focus