github.com/pusher/oauth2_proxy@v3.2.0+incompatible/providers/linkedin.go (about) 1 package providers 2 3 import ( 4 "errors" 5 "fmt" 6 "net/http" 7 "net/url" 8 9 "github.com/pusher/oauth2_proxy/api" 10 ) 11 12 // LinkedInProvider represents an LinkedIn based Identity Provider 13 type LinkedInProvider struct { 14 *ProviderData 15 } 16 17 // NewLinkedInProvider initiates a new LinkedInProvider 18 func NewLinkedInProvider(p *ProviderData) *LinkedInProvider { 19 p.ProviderName = "LinkedIn" 20 if p.LoginURL.String() == "" { 21 p.LoginURL = &url.URL{Scheme: "https", 22 Host: "www.linkedin.com", 23 Path: "/uas/oauth2/authorization"} 24 } 25 if p.RedeemURL.String() == "" { 26 p.RedeemURL = &url.URL{Scheme: "https", 27 Host: "www.linkedin.com", 28 Path: "/uas/oauth2/accessToken"} 29 } 30 if p.ProfileURL.String() == "" { 31 p.ProfileURL = &url.URL{Scheme: "https", 32 Host: "www.linkedin.com", 33 Path: "/v1/people/~/email-address"} 34 } 35 if p.ValidateURL.String() == "" { 36 p.ValidateURL = p.ProfileURL 37 } 38 if p.Scope == "" { 39 p.Scope = "r_emailaddress r_basicprofile" 40 } 41 return &LinkedInProvider{ProviderData: p} 42 } 43 44 func getLinkedInHeader(accessToken string) http.Header { 45 header := make(http.Header) 46 header.Set("Accept", "application/json") 47 header.Set("x-li-format", "json") 48 header.Set("Authorization", fmt.Sprintf("Bearer %s", accessToken)) 49 return header 50 } 51 52 // GetEmailAddress returns the Account email address 53 func (p *LinkedInProvider) GetEmailAddress(s *SessionState) (string, error) { 54 if s.AccessToken == "" { 55 return "", errors.New("missing access token") 56 } 57 req, err := http.NewRequest("GET", p.ProfileURL.String()+"?format=json", nil) 58 if err != nil { 59 return "", err 60 } 61 req.Header = getLinkedInHeader(s.AccessToken) 62 63 json, err := api.Request(req) 64 if err != nil { 65 return "", err 66 } 67 68 email, err := json.String() 69 if err != nil { 70 return "", err 71 } 72 return email, nil 73 } 74 75 // ValidateSessionState validates the AccessToken 76 func (p *LinkedInProvider) ValidateSessionState(s *SessionState) bool { 77 return validateToken(p, s.AccessToken, getLinkedInHeader(s.AccessToken)) 78 }