LinkedIn API returning extra/incorrect login prompt

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Paul Osetinsky on Stack Overflow See other posts from Stack Overflow or by Paul Osetinsky
Published on 2012-08-30T15:37:00Z Indexed on 2012/08/30 15:38 UTC
Read the original article Hit count: 397

Filed under:
|
|

I have a Rails application running the omniauth-linkedin gem and linkedin gem (essentialy an API wrapper). When a user logs in, they receive a primary login prompt that displays to them the correct scopes (FULL PROFILE and EMAIL ADDRESS), as below:

enter image description here

However, after they log in, they get another login prompt that should not come up, and that ignores the initial scope request. It tells them that LinkedIN is only requesting their PROFILE OVERVIEW, which is incorrect:

enter image description here

The problem must lie in my auth_controller, and I think it has do to with the url that is created in one of the authentication stages (definitely right after the user enters their LinkedIn authentication credentials). Here is my auth_controller:

require 'linkedin'

class AuthController < ApplicationController

  def auth
    client = LinkedIn::Client.new(ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'])
    request_token = client.request_token(:oauth_callback => "http://#{request.host_with_port}/callback")
    session[:rtoken] = request_token.token
    session[:rsecret] = request_token.secret
    redirect_to client.request_token.authorize_url
  end

  def callback
    client = LinkedIn::Client.new(ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'])
    if session[:atoken].nil?
      pin = params[:oauth_verifier]
      atoken, asecret = client.authorize_from_request(session[:rtoken], session[:rsecret], pin)
      session[:atoken] = atoken
      session[:asecret] = asecret
      @user = current_user
      @user.uid = client.profile(:fields => ["id"]).id
      flash.now[:success] = 'Signed in with LinkedIn.'
    else
      client.authorize_from_access(session[:atoken], session[:asecret])
      @user.uid = client.profile(:fields => ["id"]).id
      flash.now[:success] = 'Signed in with LinkedIn.'
    end
    @user = current_user
    @user.save
    redirect_to current_user
  end

end

Just in case, here is my omniauth.rb file that states the scopes I am requesting for my application: 

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :linkedin, ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'], 
  :scope => 'r_fullprofile r_emailaddress', :fields => ['id', 'email-address', 'first-name', 'last-name', 'headline', 'industry', 'picture-url', 'public-profile-url', 'location', 'positions', 'educations']
end

Can't figure out how to get rid of that second unnecessary and misleading prompt from LinkedIn and would appreciate any guidance!

Thank you.

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about ruby-on-rails

Related posts about omniauth

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle