From fd5e23e1c55ec99f552321a317770015a4b788e1 Mon Sep 17 00:00:00 2001 From: David Emanuel Buchmann Date: Mon, 4 Oct 2021 16:58:25 +0200 Subject: [PATCH] linkedidn: Update provider to v2 (#1315) * linkedin: Update provider to v2 * changelog: Add change --- CHANGELOG.md | 1 + providers/linkedin.go | 13 ++++++------- providers/linkedin_test.go | 12 ++++++------ 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5e2ee2a6..727ebd46 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ ## Changes since v7.1.3 +- [#1315](https://github.com/oauth2-proxy/oauth2-proxy/pull/1315) linkedin: Update provider to v2 (@wuurrd) - [#1348](https://github.com/oauth2-proxy/oauth2-proxy/pull/1348) Using the native httputil proxy code for websockets rather than yhat/wsutil to properly handle HTTP-level failures (@thetrime) - [#1379](https://github.com/oauth2-proxy/oauth2-proxy/pull/1379) Fix the manual sign in with --htpasswd-user-group switch (@janrotter) - [#1337](https://github.com/oauth2-proxy/oauth2-proxy/pull/1337) Changing user field type to text when using htpasswd (@pburgisser) diff --git a/providers/linkedin.go b/providers/linkedin.go index 115d4c99..9e5135ab 100644 --- a/providers/linkedin.go +++ b/providers/linkedin.go @@ -19,7 +19,7 @@ var _ Provider = (*LinkedInProvider)(nil) const ( linkedinProviderName = "LinkedIn" - linkedinDefaultScope = "r_emailaddress r_basicprofile" + linkedinDefaultScope = "r_emailaddress r_liteprofile" ) var ( @@ -28,7 +28,7 @@ var ( linkedinDefaultLoginURL = &url.URL{ Scheme: "https", Host: "www.linkedin.com", - Path: "/uas/oauth2/authorization", + Path: "/oauth/v2/authorization", } // Default Redeem URL for LinkedIn. @@ -43,8 +43,8 @@ var ( // Pre-parsed URL of https://www.linkedin.com/v1/people/~/email-address. linkedinDefaultProfileURL = &url.URL{ Scheme: "https", - Host: "www.linkedin.com", - Path: "/v1/people/~/email-address", + Host: "api.linkedin.com", + Path: "/v2/emailAddress", } ) @@ -76,7 +76,7 @@ func (p *LinkedInProvider) GetEmailAddress(ctx context.Context, s *sessions.Sess return "", errors.New("missing access token") } - requestURL := p.ProfileURL.String() + "?format=json" + requestURL := p.ProfileURL.String() + "?q=members&projection=(elements*(handle~))" json, err := requests.New(requestURL). WithContext(ctx). WithHeaders(makeLinkedInHeader(s.AccessToken)). @@ -85,8 +85,7 @@ func (p *LinkedInProvider) GetEmailAddress(ctx context.Context, s *sessions.Sess if err != nil { return "", err } - - email, err := json.String() + email, err := json.Get("elements").GetIndex(0).Get("handle~").Get("emailAddress").String() if err != nil { return "", err } diff --git a/providers/linkedin_test.go b/providers/linkedin_test.go index 1ba0c184..1d5bd90a 100644 --- a/providers/linkedin_test.go +++ b/providers/linkedin_test.go @@ -30,7 +30,7 @@ func testLinkedInProvider(hostname string) *LinkedInProvider { } func testLinkedInBackend(payload string) *httptest.Server { - path := "/v1/people/~/email-address" + path := "/v2/emailAddress" return httptest.NewServer(http.HandlerFunc( func(w http.ResponseWriter, r *http.Request) { @@ -51,11 +51,11 @@ func TestNewLinkedInProvider(t *testing.T) { // Test that defaults are set when calling for a new provider with nothing set providerData := NewLinkedInProvider(&ProviderData{}).Data() g.Expect(providerData.ProviderName).To(Equal("LinkedIn")) - g.Expect(providerData.LoginURL.String()).To(Equal("https://www.linkedin.com/uas/oauth2/authorization")) + g.Expect(providerData.LoginURL.String()).To(Equal("https://www.linkedin.com/oauth/v2/authorization")) g.Expect(providerData.RedeemURL.String()).To(Equal("https://www.linkedin.com/uas/oauth2/accessToken")) - g.Expect(providerData.ProfileURL.String()).To(Equal("https://www.linkedin.com/v1/people/~/email-address")) - g.Expect(providerData.ValidateURL.String()).To(Equal("https://www.linkedin.com/v1/people/~/email-address")) - g.Expect(providerData.Scope).To(Equal("r_emailaddress r_basicprofile")) + g.Expect(providerData.ProfileURL.String()).To(Equal("https://api.linkedin.com/v2/emailAddress")) + g.Expect(providerData.ValidateURL.String()).To(Equal("https://api.linkedin.com/v2/emailAddress")) + g.Expect(providerData.Scope).To(Equal("r_emailaddress r_liteprofile")) } func TestLinkedInProviderOverrides(t *testing.T) { @@ -92,7 +92,7 @@ func TestLinkedInProviderOverrides(t *testing.T) { } func TestLinkedInProviderGetEmailAddress(t *testing.T) { - b := testLinkedInBackend(`"user@linkedin.com"`) + b := testLinkedInBackend(`{"elements":[{"handle~":{"emailAddress": "user@linkedin.com"}}]}`) defer b.Close() bURL, _ := url.Parse(b.URL)