I would like to use the linkedin javascript API as a way to login to my website as it seems far more end user friendly than using OAuth (ie: nicer to use with just a small popup to log into linked in).
How can i use the information returned by linked in to securely log a user into my own website so that it can't be forged? Or do I need to provide an extra password that a user must enter?
该代码由两个<script>标签组成。第一个包含对 LinkedIn 库的引用和 API 密钥的声明。
<script type="text/javascript" src="//platform.linkedin.com/in.js">
api_key: <LinkedIn API Key>
</script>
第二个标签具有所需的功能。liLogin() 函数将在用户单击 Login with LinkedIn 按钮时调用。您可以在此处定义应用程序所需的数据范围。
getProfileData() 函数在身份验证后调用,并进行第二次调用以获取请求的数据。如您所见,您在响应中声明了所需的数据。
<script>
var liLogin = function() { // Setup an event listener to make an API call once auth is complete
IN.UI.Authorize().params({"scope":["r_basicprofile", "r_emailaddress"]}).place();
IN.Event.on(IN, 'auth', getProfileData);
}
var getProfileData = function() { // Use the API call wrapper to request the member's basic profile data
IN.API.Profile("me").fields("id,firstName,lastName,email-address,picture-urls::(original),public-profile-url,location:(name)").result(function (me) {
var profile = me.values[0];
var id = profile.id;
var firstName = profile.firstName;
var lastName = profile.lastName;
var emailAddress = profile.emailAddress;
var pictureUrl = profile.pictureUrls.values[0];
var profileUrl = profile.publicProfileUrl;
var country = profile.location.name;
});
}
</script>
要获取 LinkedIn API 密钥,请访问LinkedIn Developers。转到我的应用程序,然后单击创建应用程序。
来自马口: https ://developer.linkedin.com/documents/sign-linkedin 概述: http ://thinlight.org/2011/08/07/using-facebook-and-other-sites-as-用户身份验证系统/
我不是很肯定,但我认为您对 Oauth 是什么感到困惑。有很多用于各种 CMS/语言的 Oauth 插件可以无缝集成(只需一点点努力)——所以最终用户体验是“点击登录”