PHP Login with LinkedIn API
This tutorial will show you how to create a web application using PHP to have your users sign in with their existing LinkedIn account using HybridAuth.
I recently wrote about coding a web application with a User Login system in PHP. I wanted to create a similar application, but this time use someone’s existing social network credentials- specifically with LinkedIn.
This took several hours to figure out, as I looked at many alternatives. I hope that this saves you time :)
My Objective
- Have a user sign-in to a web application with their existing social network credentials
- Use LinkedIn — however keep the possibility of using other social networks
- Use PHP, ideally without Composer
An Immediate “Gotcha”
LinkedIn has different “scopes,” or permissions that each user must acknowledge how the app can interact. At the time of writing, I am only able to utilize the scope r_liteprofile so we have access only to limited fields.
I was unable to figure out how to utilize the r_fullprofile scope. It seems that to use this, you have to fill out a form. After you fill out the form, there’s no guarantee that LinkedIn will approve your request; and also there’s no indication on how long the approval process is. The form I filled out (if it was even the right form!) has been in process for about a month.
Just knowing to ignore the attempt at getting the full-blown profile details and accepting that it’s not an immediate capability, at the time of writing anyways, may save you hours of time!
High Level Explanation of the Solution
Several code samples I found were difficult to use (or were outdated or didn’t work!). I ended up using HybridAuth, which allows you to use multiple social networks (not just LinkedIn). I modeled my code after their example of “Build a simple HTML page with multiple providers” (at the time of writing, it was in folder example_06).
Let the Tutorial Begin!
The official examples from HybridAuth go into much more depth, and I removed several comments from my code. Since my need was only for one social network, I hard-coded it several times rather than dynamically detecting which service the user was logging in with.
I assume that you already registered your app with LinkedIn, and have a Client ID and Client Secret.
You’ll need to set your Redirect URL in the OAuth 2.0 settings of your app in LinkedIn:
You can have multiple values there (ex. local, development, production environments).
Files You Need
Aside from the HybridAuth library, you basically need 3 files:
- Configuration file: stores the Client ID, Secret ID, and the URL to return to
- Index file: where will people click to “Login with LinkedIn”
- Callback: process the request once the user clicks “Login with LinkedIn”
Note: if you change the file structure to not have callback.php within a subfolder, you’ll need to update the OAuth 2.0 Settings in LinkedIn and the value of the config.php file and the file paths where you “include” the other files.
File 1 of 3: config.php
You’ll get these values from LinkedIn. This is set up such that you could potentially add in other social networks, after:
File 2 of 3: index.php
Explanation:
- Include the required HybridAuth files, and pass in your configuration array
- If “adapters” is set, then the user is logged in. In this case, show the handful of variables that LinkedIn allows us to see (name, email, profile URL)
- If “adapters” is not set, then give a link for the user to sign in with
File 3 of 3: Callback
I put this in a folder called “login,” as opposed to the root directory where the other two files are:
This is where the magic happens:
- Include the required HybridAuth files, and pass in your configuration array
- Login using LinkedIn
- Optional: Get the values returned from the LinkedIn API (make sure the OAuth Settings reflect the URL for this file)
- Redirect the user back to the homepage
- Give the ability to sign-out the user if the “logout” URL parameter is set
Another file to update, because people are scared
You should limit the permissions of your app to only what you need. By default, there is a scope called w_member_social which allows your app to post things on LinkedIn on behalf of the user. I’d be hesitant to use an app if I saw that! In the HybridAuth code folder /Provider/LinkedIn.php I removed that scope, leaving only r_liteprofile and r_emailaddress .
Trying to break the site, I got an error
Once you authenticate yourself, go ahead and revoke access in LinkedIn. When you try to come back to your site, you’ll get this error:
serviceErrorCode: 65601
message: The token used in the request has been revoked by the user
The trick is, we need to sign the user out (of HybridAuth) and then have the user re-login. I noticed that the Logout portion of the code wasn’t working in its current placement in the code, being after the user tries to authenticate and “get the connected adapters.” So I moved this portion to be above it.
When the user comes to the page, the code is wrapped in a try/catch block. I look for a certain exception, and if it contains that error code then I redirect the user back to the same callback URL, first logging them out.
But then in the logout block of code, I see if they were really trying to log out, or just redirected there back because of the access token being revoked. I then redirect the user accordingly.
At the same time, I gracefully handle the error if the user declines the login (where they put in their password on LinkedIn) or the authorization (the specific permissions my app is trying to use).
On the homepage, I wanted to detect if the user was logged in (and if not, correctly show the “login” button).
I added another try/catch block, and changed the variable I was checking to display the information.
The Full Final Code
You can find the entire code example for this PHP HybridAuth login on GitHub.
That’s it!
Hopefully you found this tutorial early in your quest for how to do this, and it saved you some time :)
Like this style of writing? 👍👍 Are you creating a PHP web application and already know what a “variable” is and the concept of an “if” statement? Check out my book: Web Development for Intermediate Programmers — with PHP
