LinkedIn OAuth issues

114 views
Skip to first unread message

Mike Bifulco

unread,
Jul 2, 2015, 12:44:32 PM7/2/15
to edx-...@googlegroups.com
Hi Gang,
I've been mostly successful getting LinkedIn and Google 3rd party auth successful for my installation of EdX.  At this point, I'm trying to iron out a few wrinkles with LinkedIn that I hadn't seen until recently:

  • Registering with LinkedIn doesn't seem to return from LinkedIn's OAuth login page with an email address - even though I log into LinkedIn with my email/password, EdX doesn't get the email address passed back to it, and users have to fill in that field manually to complete registration
  • After clicking to complete registration, users are automatically brought to their dashboard page, but their LinkedIn account isn't yet linked to the EdX account! This means that unless they manually click "link", they won't be able to log into their account the next time, because they never had to set a password.

How can I fix these issues?  I suspect this may be somewhat related to LinkedIn's recent API changes -- however, I should be in compliance with their new rules:


Mike Bifulco

unread,
Jul 7, 2015, 1:04:25 PM7/7/15
to edx-...@googlegroups.com
Bumping this post - I'm not making any progress on this still.  Any help?

Braden MacDonald

unread,
Jul 8, 2015, 6:10:19 PM7/8/15
to edx-...@googlegroups.com
Hi Mike,

I'm assuming you're using the Birch release? The upcoming Cypress release may work better for you.

A few weeks ago, we merged PR 8262 on the development version of edX. That PR and subsequent work has upgraded the version of python-social-auth, which is what actually implements the interaction with LinkedIn. I haven't checked, but it's liekly that that upgrade will have resolved the email address issue you're seeing.

As for the other issue (manually linking accounts), that was a conscious security-based decision ("feature not a bug"). However, since that lack of automatic linking is confusing, provides poor usability, and has resulted in multiple bug reports (e.g. CRI-9, ECOM-1503), we have now changed the behavior. As of pull request 8262 to which I linked above, user third party accounts will be automatically linked during sign in. As this raises some potential security implications, we have introduced other changes as well to reduce the risk - a full discussion for those interested is in the CRI-9 ticket.

Bottom line: try the development version or the upcoming Cypress release :)

Regards,
--
Braden MacDonald
@OpenCraft

--
You received this message because you are subscribed to the Google Groups "General Open edX discussion" group.
To view this discussion on the web visit https://groups.google.com/d/msgid/edx-code/d58e658c-e3d7-4d05-ae09-11414cf2bc37%40googlegroups.com.

Reply all
Reply to author
Forward
0 new messages