Retrieving Linkedin Group discussion posts using ColdFusion

Question

I have been requested by a client to pull the latest posts from their LinkedIn group to one of our website pages.

I am developing using ColdFusion 9 and have been researching this for quite a few days now and decided to post my query here in the hopes that someone will be able to help me out.

I can get to the point where I have a requestToken. My understanding is that I now need to sign the request token to get the accessToken. My problem is that I need to do this behind-the-scenes. However, all the examples that I can find are redirecting the front-end user to the authorisation url to allow the user to authenticate, but I don't want the user to authenticate, I want to authenticate server-side instead.

I am trying to use the Scribe Java wrapper library. Below is the code that I have so far which gets the requestToken (as well as the authorisation url). I need someone to point me in the right direction to sign the token on the server-side code so that I can make the necessary calls to consume the Groups API (e.g. http://api.linkedin.com/v1/groups/{id}/posts?count=5&start=1)

<cfscript>
    var l = {};
    //The LinkedIn public and private keys for application
    l.oauth_consumer_key = "[My public key]";
    l.oauth_sign_key = "[My secret key]";
    l.serviceBuilder = CreateObject("java","org.scribe.builder.ServiceBuilder");
    l.LinkedInApiClass = CreateObject("java", "org.scribe.builder.api.LinkedInApi").getClass();
    l.service = l.serviceBuilder.provider(l.LinkedInApiClass).apiKey(l.oauth_consumer_key).apiSecret(l.oauth_sign_key).callback("[My callback url]").build();
    l.requestToken = l.service.getRequestToken();
    l.authUrl = l.service.getAuthorizationUrl(l.requestToken);

    // I NEED TO DEFINE WHAT TO DO AT THIS POINT TO SIGN THE REQUEST SERVER SIDE
    ...
    ...
</cfscript>

Answer 1

Kirsten is technically correct - Linked In Api's require user authentication. It's annoying because you need to authenticate to even retrieve group posts.

However there are ways round it.

With scribe you can manually create an access token. So what I would do is create a dummy user account on Linked In, authenticate that user as normal and save the returned signed credentials on your database, which you can then use to create the token:

var accessToken = createObject("java", "org.scribe.model.Token").init(
                "singedTokenStringReturnBackFromLinkedIn",
                "singedSecretStringReturnBackFromLinkedIn",
                "oauth_token=singedTokenStringReturnBackFromLinkedIn&oauth_token_secret=singedSecretStringReturnBackFromLinkedIn&oauth_expires_in=0&oauth_authorization_expires_in=0"
            ); 

You can then skip the authenticate part and call the api allowing you to display the group posts without the current user having to sign in:

var req = createObject("java", "org.scribe.model.OAuthRequest").init(
            createObject("java", "org.scribe.model.Verb").GET,
            "http://api.linkedin.com/v1/groups/123456/posts"
        );

oAuthService.signRequest(accessToken, req);

I have no idea if this would violate Linked In's T&C though.

Answer 2

OAuth authentication is designed for the user to give their permission to the application via a login on the site (in this case LinkedIn). It is not designed for you to automatically have the user grant permission for your application.

In order to get an access token to use the LinkedIn APIs, you have to include the part of the authentication flow that sends the user to LinkedIn to give your application permission to act on their behalf, at which point you can retrieve a verifier token either via PIN (which the user inputs) or via a callback to your application.

In short, there is no way to "authenticate server-side" without having the user interact with the LinkedIn site.