LinkedIn API v2 with Hybridauth 3.0

[mattrabe]

This PR adds working LinkedIn API v2 functionality in, as well as upgrades Hybridauth from 3.x-RC to full-blown 3.0

[ghost]

https://github.com/miled/wordpress-social-login/pull/323

[mattrabe]

@sviluppomania @ahhussein This branch & PR were based on the 323 PR and the jobstertheme/aleximbir branch, and then we added functionality. We very much appreciate and respect @aleximbir 's work on that, however, the 323 PR has a major problem in our opinion: it leaves LinkedIn v1 intact for reasons that I cannot understand. LinkedIn API v1 is permanently offline, and despite claims that existing apps built using LinkedIn api v1 do not work on v2, I currently have an existing linkedin app that was originally built on v1 and DOES work with v2 and this PR (maybe he forgot to update the auth redirect_uri in LinkedIn Developer's portal?? We included updated instructions for that in this PR...;) ). Based on official LinkedIn documentation this is expected: all apps need to switch to v2. The above problem makes PR 323 a breaking change, as anyone upgrading to that PR would need to delete and recreate their LinkedIn setup in wp-admin. This PR does not have that issue.

Also, this PR includes upgrade to hybridauth 3.0, which is not available elsewhere on this repo currently.

My team has tested this PR for LinkedIn v2 and Facebook, and currently it in production on a client site using only those two sso providers.

[ghost]

@mattrabe https://github.com/miled/wordpress-social-login/issues/321

[aleximbir]

@mattrabe

This PR doesn't work for me; I get "unathorized_scope_error for r_liteprofile" and that's because my app was created a long time ago; the application still works with version 3.0.1.

I have another recently created application and this application works with your version of PR but doesn't work with 3.0.1.

Check the attached screens

[mattrabe]

@aleximbir Do you have the r_liteprofile scope on the app? Click on a LinkedIn app such as in your screenshot above, click Auth tab - the scope should be listed under Permissions:

(it is worth noting that this is also where you need to set the redirect_uri in the same fashion as I have done here, using your actual domain)

If not, what Products do you have enabled on the app? Click the Products tab, you should see the "Sign In with LinkedIn" Product:

[aleximbir]

@mattrabe

If you create a new application you have those permissions and 'sign in with Linkedin' product automatically. For old apps, I see that I need to request permission to add that product. I made the request for this product to check the Linkedin requirements.

[mattrabe]

@aleximbir I think what is happening is that you need to add the "Sign In with LinkedIn" Product to your app, and then r_liteprofile will be in scope. Note that you will have to add a Company to your app (Settings tab) if you have not already.

There is more, though...

What surprises me is that you still have the r_basicprofile permission in scope. r_liteprofile replaces r_basicprofile in v2, so I would expect that no one would have access to it anymore... Digging a little deeper, I think the May 1 end-of-support date on the LinkedIn Notice is very confusing. It clearly states and even reiterates "all developers need to migrate to Version 2.0 of our APIs and OAuth 2.0 by May 1" - and yet, you have an app that is still somehow accessing v1... My app immediately stopped being able to access v1 data on May 1. I can only guess that since my app already had the "Sign In with LinkedIn" Product enabled, but yours did not, you have found a loophole to still accessing v1. Their notice seems pretty clear that v1 should no longer be available, and yet it is.

So path forward I still think is to stop using v1 - LinkedIn has been clear that it is no longer supported and that we need to stop using it - loophole or not. I think this is done by adding the "Sign In with LinkedIn" Product, and it will probably then force you to use r_liteprofile and no longer r_basicprofile.

@pierrestudios What does our updated documentation say about the Products tab?

[aleximbir]

@mattrabe As I have an application that uses v1, it is very likely that my clients also have v1 applications. Now I think it's easy to understand why I have to use two providers for Linkedin and why I have implemented it in this way until Linkedin will refuse any access to v1 applications.

[mattrabe]

@aleximbir I would agree, except that LinkedIn has clearly stated that "all developers need to migrate to Version 2.0 of our APIs and OAuth 2.0 by May 1" so including v1 code is going against what the provider has clearly stated, and prolongs the inevitable... by your own admission they will refuse access to v1 at some point. I think your current access is a loophole which LinkedIn does not officially support.

So if your PR is merged in it is a breaking change for some users (those that have correctly followed LinkedIn's directions and switched to v2) since we would all need to go into wp-admin and create a new LinkedIn-2 integration. And there will be an inevitable second breaking change when LinkedIn completely turns off v1 at some future date (for all users this time).

My PR represents the correct path forward: Stop using v1 completely, as dictated by the provider LinkedIn. If we want legacy support for the v1 loophole I recommend calling that something different like LinkedIn-legacy and allow v2 to be just LinkedIn, thereby making the breaking change only apply to those who refuse to upgrade.

[ktecho]

Hi @mattrabe and others

Do you know of anyone that's maintaining an updated version of this plugin at any place? Thanks!

[tamara-m]

As far as I've been able to see, the plugin is kept up to date with API changes and such on this repo here.

But for some reason the version in the WP repo is not updated.

On Tue, Sep 10, 2019, 10:36 Luis Miguel notifications@github.com wrote:

Hi @mattrabe https://github.com/mattrabe and others

Do you know of anyone that's maintaining an updated version of this plugin at any place? Thanks!

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/miled/wordpress-social-login/pull/328?email_source=notifications&email_token=ACG3S2PBTN7QMBG6AFZHQFDQI6PEFA5CNFSM4HZE4J7KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6LDNVY#issuecomment-529938135, or mute the thread https://github.com/notifications/unsubscribe-auth/ACG3S2IXP7CAVEHUOQ46KX3QI6PEFANCNFSM4HZE4J7A .

[ktecho]

@tamara-m so the version in this repository lets you login with Facebook, Twitter, Google? Last change is from 6 months ago.

[tamara-m]

Yes, as far as I know.

On Tue, Sep 10, 2019, 13:43 Luis Miguel notifications@github.com wrote:

@tamara-m https://github.com/tamara-m so the version in this repository lets you login with Facebook, Twitter, Google? Last change is from 6 months ago.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/miled/wordpress-social-login/pull/328?email_source=notifications&email_token=ACG3S2OKQAIYUQCUQVCGZ7TQI7FC5A5CNFSM4HZE4J7KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6LX7EI#issuecomment-530022289, or mute the thread https://github.com/notifications/unsubscribe-auth/ACG3S2KQROXVBIFHYCL6DBTQI7FC5ANCNFSM4HZE4J7A .

[mattrabe]

@ktecho The version that is available from the WP Plugins thingy worked with at least Facebook last we checked. It was only when LinkedIn changed their API ~3 mos ago that we saw breakage, hence this PR. On the master branch of this repo I believe are other changes, and it's currently a dev version (3.0.1-dev), while in the WP Plugins thingy it currently says 2.3.3. I can't really comment on either the 3.0.1-dev or the 2.3.3 versions. I can say that we use this branch (mattrabe:master) in production currently for Facebook and LinkedIn.

Not sure if this repo is no longer maintained or just owner is too busy right now to update. It seemed like he was active when this PR (and the competing PR) were created, but it doesn't seem like either were ever merged.