Developers
are wasting days for achieving the very basic task of being able
to get access to LinkedIn API. The reason for that is the vary
basic nature of OAuth authorization approach used by LinkedIn.
The
problem with integrating an API that uses OAuth is that Consumer
(the side you represent) and Provider (the API provider)
MUST make exactly the same assumptions when building the
Strings that are used to compute signature sent to Provider,
so that provider can reconstruct from it Consumer's keys.
One bit that goes wrong in the syntax for building the signature
fail the authorization! Simple as that!
Developers,
including me wasted hours because of “&” sign
that was not put in the right place or because of encoding some
HTTP param, that was not supposed to be encoded, or because
inaccurate use of input pass to signature algorithm etc',
The
good news are that you can save this effort now and go directly to
the matter of developing your application! This become avialble due to small service
that gives you atomic pocess for authorizing your application into LinkedIn.
The even better news are that you also get extra tools with that!
See example...
If
you find the tools package suitable for your needs, save you time and
helpful please go back and donate. Your donation will help us to keep
our small startup so we can develop more tools, more building blocks
and of course developing our main business of Virtual Workplace
technology. If you are a registered member of Rhizome NetWorks you
can optionally set your member-id,as part of donation procedure.
Putting the member-id let us give you a discount for accessing
Rhizome NetWorks premium service in the future, that will express our
appreciation for your donation.
The
package contains the following:
Java
based web application that encapsulate the authorization procedure
so you can jump directly to the actual important issue which is
developing you application. The authorization process can be handled
in the following ways:
AJAX:
calling a single JavaScript method that receive a callback
function that is invoked when access tokens are ready.
JSP
page to handle the process on the server side (planed to next
version).
Desktop
tool that helps you step-by-step to test authorization Strings, in
case you decide to create the login procedure by your own, possibly
using other technologies then Java
Web
application tool, parallel to the desktop tool, that is a part of
the same web-application that supply the authorization service.
Example
of Java sources that can be used for performing the authorization,
or can be used as reference for creating the parallel procedure
with other languages.
Installation
instructions
Web
application services
You
will need a J2EE compliant application-server, for example Apache
Tomcat.
Unpack
the downloaded Zip file. The relevant files are under
[installation_dir]/web_tools directory
Put
the linkedin_tools.war file in
the webapps directory of your
server.
That
all – you are ready for accessing the authorization service as
well as the Web based Oath tool. See usage instructions below.
LinkedIn
OAuth Desktop Tool
You
will need a Java Runtime (JRE) or JDK installed on your system. You
can install it from here.
Unpack
the downloaded Zip file. The tool is under
[installation_dir]/desktop_tools
directory .
Set
your keys in the marked places of start.cmd file (a similar
file for Linux can be easily prepared). This is optional and prevent
you from writing the keys, for every time you start the software.
Double
click start.cmd or start from a Command-line
Notice#1 - THE GIFTOLOGIST Widgets For Affiliates
We offer some of the Widgets we use for THE GIFTOLOGIST network, as an hosted service for a monthly fee (SAAS).
With these widgets you can increase your sells as Amazon associate, by providing your audience with unique
promotional content. Some of the Widgets are intend to be used with other affiliate networks veside amazon.
Setup is very easy - usually you should provide your Client Id, your Amazon tracking-id so you can get the
commission,
your domain and some product category preferences.
All the rest is handled by our script. Here is an example of script you can put on your website:
Read more details and see examples of widgets you can you can get and customize by clicking this link: Download Widgets
Notice#2 - Shop With Alpha Launch
"Shop With" is small client that provide real-time experience of "shopping together" for online stores. It
means that two or more remote people can review products together, track each other browsing and create a
shared list of products that can be later sent to shopping cart.
The first version is running on http://www.the-giftologist.com website.
The product can be easily adapted to other online stores.
Next step: Advertiser dashboard to allow advertisers to submit laser-targeted ads.
Video Marketing Goldmine is a great course for starting your Video
Marketing way. The course was created by Sean Donahow based on two years of experience in this field.
videomarketinggoldmineintro.com
Usage
instructions
Authorization
service
Authorization
service gives you atomic entry point for performing the authorization
process and getting the access tokens that you will use then to call
commands. The process is implemented by Ajax that call the web
application. The actual call to LinkedIn is performed by the web
application that negotiate with the Ajax client. All you have to
do is calling JavaScript method and pass a callback function that is
invoked once access granted. The rest of this chapter may looks
complicated but it is provided only for in case you will have to make
changes. So it gives you some orientation. If you are familiar with
JavaScript you can now goes directly and see example at
inkedin_oauth_service.html
. Check for the function
accessLinkedIn and
continue from there.To
have better understanding however it is recommended to read the
following.
Authorization
is made of three steps: getting the request-token,
user-authentication and getting the access code. When you have the
access-code, you can run commands. The service encapsulate those
steps for you so you can immediately get the access-code and use it
for executing commands. Note that this service does not handle
commands, although it is provided with sample command. You will find
that you can execute also other commands in the same way, but package
was not designed to support all set of commands – only to help
you pass the authorization nightmare. We will supply in the future
building blocks for performing commands, based on developers requests
and our capacity.
Take
a look at linkedin_oauth_service.htmlfile that is in the root of
your web application directory. You can use this HTML file as an
example, for a page that perform the authorization and then continue
to perform commands. The functions that should interest you are
accessLinkedIn
that call the authorization procedure and accessReadyCallback
callback function that receive the notification when access-tokens
are ready.
Another
example is linkedin_oauth_service_redirect.html.
This page is invoked by application's page and after granting access,
it redirect back to caller page. You can use test_redirect.htmlas
an example for testing that case.
Note
about keys:
Before you use the service you must set the customer-key and
secret-key provided to you by LinkedIn. You can set the keys on the
HTML page, which can be used for testing, but you can also set the
keys on the environment.xml
file of the web application, that promises that keys are stay on the
server-side. See example. The file can
be found under [webapp_dir]/environment
directory of unpacked web application..
Note
about Ajax calls:
Current Ajax code assumes that web application is on the same domain
name and port from where service's HTML page is loaded. It does not mean you can't call this page from other domain and redirect back when access granted, see example for that in file linkedin_oauth_service_redirect.html.
If you need some cross-domain behavior (for the authorization service's part) you will have to make adjustments to
Ajax
scripts. The scripts are all in the file linkedin_oauth_service.js.
Note that the file rhz.js
also
contains Ajax scripts but this script is used by the Oauth tool and
not by the authorization service.
Note
about Cookies: The authorization process include few steps
that involve transitions between web pages, and/or reloading of
pages. To keep steps information so it can serve us during processing
we are using cookies. There are two cookies for that purpose:
linkedIn_oauth_request and
linkedIn_oauth_access. Cookies
are retrieved by two function that return object with required
information: getRequestTokenResult
and getAccessTokenResult
respectively. The last one you wil use for getting the tokens
required for executing commands. See the function doTestCommand
as an example of getting relevant tokens and executing command
The
script and HTML are given as a reference case and can be changed as
needed. For example, you may decide to remove the alerts when error
occur, or adding support for cross domain Ajax, etc' In addition you
can use the web application as the base for developing your other
business-logic. Development methodology of RHZ Open Components is not
discussed here. See also not in the bottom of this page.
Oath
tools
The
package come with two version of the Oauth tool. One as a desktop
application and another as a web application, on the same application
you are using for getting the authorization service. The purpose of
the tool is to present you with the Strings created at each step so
you can have a reference in case you develop authorization process of
your own (Note to special comment about syntax of output in the web
application tool!). Using the tool is simple. Once you set your keys
all you have to do is click buttons step-by-step and watch the result
produced by any of the steps.
Step1:
you will see the result of getting the request-token.
Step2:
pressing the button will redirect you to user's authentication page
of LinkedIn. Once authentication is done, you will be redirected back
to the page specified in the callback field above. He redirection
request will contains a query String from which you should copy the
value of “oauth_verifier”param. Paste the value at the field
that say “Enter Security Code:”
Step3:
getting the access-token that will let you perform a command. Press
button and examine resulted Strings.
Step4:
Performing sample command.
To
use the Desktop application tool,double
click and perform the steps as described above.
To
use the web application tool you
should call http://[my
server:port]/linkedin_tools/linkedin_oauth_tool.html
where:
'my server'
is the host name, 'port'
is the port you set for application server (e.g. 8080),
'linkedin_tools'
is the installation directory of web application and
linkedin_oauth_tool.htmlis the web page that present
you with the tool.
Using
Sources
Sources
are located under [installation_dir]/sources
directory. Sources present you with Java code that
implement the various steps of authorization process. You can use
this code as a reference for creating similar code in other
languages. The important issue when referring to code is to follow
the syntax. For example if you see line like this one:
It
means that you should add “&” to secrey-key before
sending it to signature algorithm. This may sound obvious now when
emphasizing this, but in the rush it is very easy for our eye to skip
such small details. Another example, compare the two lines below:
These
lines belong to different sections. Note that in one case '
secretKey' is encoded and in other case it is not.
Terms
Licenses
are located under [installation_dir]/license
directory
Source
examples are published under Apache License: license.txt
Tools
and authorization service are provided for free AS-IS under Services
License terms.
Comply
with LinkedIn policy of protecting keys: All tools are provided so
that secret-keys are under the full responsibility of application
provider. Nothing in these tools expose your keys to our own
services or hosts. Note that in the case of authorization web
application you have the option to specify keys, on the HTML that
perform the ajax calls, which is good for testing. The recommended
approach however for production is to put those keys in the
environment.xml
file
of the web application. The file reside under
[webapp_dir]/environmentdirectory.
Here is an example.
Getting
help
The
tools are provided AS-IS and may not be suitable for your needs, or
that you may need an extra help to use them or analyze results and
behavior. If you need help you can contact us to
support@rhizome-networks.com
but please note that due to our very limited capacity and stressed
schedule we are not always free to assist you, and when we do this is
based on a very limited capacity.
Extending
your experience with RHZ-Open Components applications
The
web application provided by this page is a tiny example of
applications that can be produced using RHZ-Open-Components. It can
be easily extended into a wide range web application. The same
approaches can be used for developing applications for various
purposes such as desktop application (for example our Rhizome
Browser), embedded components, web gadgets and more. Applications can
be developed manually, using IDE software or using Rhizome Browser
which is currently in its beta phase. If you would like to know more
you are welcome to tour our website. If you are interested in
developing more modules manually or soon with Rhizome Browser, tell
us what is your interest so we can think of the best way to pass you
the relevant knowledge. Please contact support@rhizome-networks.com
