LinkedIn today rolled out support for OAuth 2.0 as part of a set of tools that make it easier to integrate features of the social networking site into other applications.

LinkedIn joins a growing list of OAuth 2.0 supporters that includes Google, Salesforce.Com, Facebook, Microsoft and Twitter (v1).  Support from Ping will be available in the next few months.

OAuth is a security framework that can be used for both authentication and authorization. The spec has yet to be finalized by the Internet Engineering Task Force (IETF). LinkedIn began its OAuth 2.0 and JavaScript API test in October, “since then we’ve had over a thousand developers test out the new technology platform, serving over one billion page views across the web,” LinkedIn’s vice president of product management Adam Nash wrote on his blog.

The JavaScript API is critical for simplifying integration between browsers and REST endpoints, according to LinkedIn.

Here is how they describe the API's function:

“This API bridges between the user's browser and our REST endpoint. As a developer, you use a simple, consistent JavaScript interface to interact with the fundamental LinkedIn data types (Profiles, Connections, People, Search, etc). Under the hood, we translate your request into a REST call that we make on your behalf via Ajax. All the details of cross domain Ajax and OAuth 2 are abstracted away - you simply invoke a method and receive JSON (JavaScript Object Notation) in return.”

LinkedIn describes the OAuth flow like this:

  1. An application implements "Sign-in with LinkedIn" via an easy JavaScript API button. Once a user completes the sign-in flow, the browser now has a JavaScript API bearer token.
  2. The application securly passes the JSAPI token from the user's browser to the application's server/backend.
  3. The backend code makes a call to LinkedIn to exchange the short-lived token for a longer-lived, OAuth token. The application confirms that this is secure and safe by signing the request with their API secret (normal OAuth, nothing proprietary).

LinkedIn says once the app has a user logged in, it can invoke any LinkedIn REST API using just a few lines of JavaScript.

LinkedIn has also upgraded all its APIs to support JSON, allowing them to handle any request directly from the browser.

In addition to OAuth 2.0 support and the JavaScript API, LinkedIn also released a number of plug-ins:

  • Sign-In with LinkedIn. Makes it easier for users to authenticate or register for your site using their LinkedIn identity.
  • Share. A button that enables users to share your website with LinkedIn’s professional audience.
  • Member Profile. Brings LinkedIn profiles to your site.
  • Full Member Profile. Brings larger, more detailed LinkedIn profiles to your site.
  • Company Profile. Displays company info at-a-glance.
  • Company Insider. Shows company data from several different views.
  • Recommend. A button that enables users to recommend your products and drive traffic back to your site.

Follow John on Twitter and check out his Identity-Conversation Tweet list


JavaScript API is very good and easy to use, but we can't define ourselves' style.Maybe i haven't found the useful method.

* Required Fields