PHP Login with LinkedIn API

Image for post
Image for post
Final result of what we’ll be building

This tutorial will show you how to create a web application using PHP to have your users sign in with their existing LinkedIn account using HybridAuth.

I recently wrote about coding a web application with a User Login system in PHP. I wanted to create a similar application, but this time use someone’s existing social network credentials- specifically with LinkedIn.

This took several hours to figure out, as I looked at many alternatives. I hope that this saves you time :)

My Objective

  • Use LinkedIn — however keep the possibility of using other social networks
  • Use PHP, ideally without Composer

An Immediate “Gotcha”

I was unable to figure out how to utilize the r_fullprofile scope. It seems that to use this, you have to fill out a form. After you fill out the form, there’s no guarantee that LinkedIn will approve your request; and also there’s no indication on how long the approval process is. The form I filled out (if it was even the right form!) has been in process for about a month.

Just knowing to ignore the attempt at getting the full-blown profile details and accepting that it’s not an immediate capability, at the time of writing anyways, may save you hours of time!

High Level Explanation of the Solution

Let the Tutorial Begin!

I assume that you already registered your app with LinkedIn, and have a Client ID and Client Secret.

You’ll need to set your Redirect URL in the OAuth 2.0 settings of your app in LinkedIn:

Image for post
Image for post

You can have multiple values there (ex. local, development, production environments).

Files You Need

  • Configuration file: stores the Client ID, Secret ID, and the URL to return to
  • Index file: where will people click to “Login with LinkedIn”
  • Callback: process the request once the user clicks “Login with LinkedIn”

Note: if you change the file structure to not have callback.php within a subfolder, you’ll need to update the OAuth 2.0 Settings in LinkedIn and the value of the config.php file and the file paths where you “include” the other files.

File 1 of 3: config.php

File 2 of 3: index.php

Explanation:

  • Include the required HybridAuth files, and pass in your configuration array
  • If “adapters” is set, then the user is logged in. In this case, show the handful of variables that LinkedIn allows us to see (name, email, profile URL)
  • If “adapters” is not set, then give a link for the user to sign in with

File 3 of 3: Callback

I put this in a folder called “login,” as opposed to the root directory where the other two files are:

This is where the magic happens:

  • Include the required HybridAuth files, and pass in your configuration array
  • Login using LinkedIn
  • Optional: Get the values returned from the LinkedIn API (make sure the OAuth Settings reflect the URL for this file)
  • Redirect the user back to the homepage
  • Give the ability to sign-out the user if the “logout” URL parameter is set

Another file to update, because people are scared

Trying to break the site, I got an error

serviceErrorCode: 65601

message: The token used in the request has been revoked by the user

The trick is, we need to sign the user out (of HybridAuth) and then have the user re-login. I noticed that the Logout portion of the code wasn’t working in its current placement in the code, being after the user tries to authenticate and “get the connected adapters.” So I moved this portion to be above it.

When the user comes to the page, the code is wrapped in a try/catch block. I look for a certain exception, and if it contains that error code then I redirect the user back to the same callback URL, first logging them out.

But then in the logout block of code, I see if they were really trying to log out, or just redirected there back because of the access token being revoked. I then redirect the user accordingly.

At the same time, I gracefully handle the error if the user declines the login (where they put in their password on LinkedIn) or the authorization (the specific permissions my app is trying to use).

On the homepage, I wanted to detect if the user was logged in (and if not, correctly show the “login” button).

I added another try/catch block, and changed the variable I was checking to display the information.

The Full Final Code

That’s it!

Like this style of writing? 👍👍 Are you creating a PHP web application and already know what a “variable” is and the concept of an “if” statement? Check out my book: Web Development for Intermediate Programmers — with PHP

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store