Step-by-Step Guide to Integrate LinkedIn Connect with the eXo Platform Sign-In Mechanism

A few weeks ago, we implemented a new way to connect to the eXo Community website, which runs on eXo Platform 4, using third-party authentication systems, namely LinkedIn, Facebook, and Google+. We excluded Twitter, as its system doesn’t enable developers to retrieve an email address, which is the main way to identify a user account.

It’s a great improvement to our community website, as it enables people to connect in two clicks, without the hassle of filling out a long form to create an account. Returning users also benefit from this new feature: if their email address in LinkedIn is the same as the one they use for eXo Community, they can sign in with just one click.

A few days ago, a community member asked us how to make the LinkedIn sign-in mechanism work for his own project running eXo Platform 4. After we shared the process with him, we thought it would be valuable to share the knowledge with everyone. This article will focus on using LinkedIn authentication to sign in to Platform 4, but the same process should be usable to allow authentication via Facebook or Google+, as well.

I. Objective

1. Users can sign into your eXo Platform 4 website using their LinkedIn accounts.

2. The LinkedIn user profile can be imported into the eXo Platform user profile.

II. Prerequisites

This tutorial involves developing your own components, so it is good if you have knowledge about:

III. Steps

Summary of the steps:
1. Obtain LinkedIn API key and secret key via the LinkedIn developer website.
2. Develop a LinkedIn OAuth component (.jar) in your own java project.
3. Deploy your component into eXo Platform
4. Develop a login module (.jar) in your java project.
5. Deploy and configure JAAS Realm to enable your login module.

1. Obtain LinkedIn API key and secret code.

– Sign in at http://developer.linkedin.com

– Click “API Keys”, in the drop-down menu under your name.

– Click “Add New Application” to launch the LinkedIn Application Wizard.

– Complete the wizard. Notice that in the Default Scope section, “r_emailaddress” should be checked.

01_OAuth_user_details

– Once the wizard is complete and the information is saved, you can retrieve your API key and secret key. Note that the keys can be regenerated later, if needed.

02_OAuth_Keys

2. Develop a LinkedIn OAuth component (.jar).

– Start your Maven project.

– Edit your pom.xml to add scribe dependency:

The scrib library can be used this way:

– Write a java class that carries out the interconnection between eXo Platform and LinkedIn using Scribe API.

The interconnection is explained here:
http://developer.linkedin.com/documents/authentication

If you need to read more about Scribe API:
http://developer.linkedin.com/thread/2239
https://github.com/fernandezpablo85/scribe-java

– Write another class (called “filter” in this tutorial) that:

  • Redirects users to the LinkedIn login page using the login url
  • Redirects users to the login page on our website once the needed information has been retrieved

Sample code for the filter:

Note: This sample saves the username and password in a browser session.

4. Deploy your LinkedIn Auth component.

– After building your project, install jar to tomcat/lib.

– Declare the filter via an eXo Platform Extension. The filter will be declared in WEB-INF/conf/portal/configuration.xml, as in the following sample. (Note that the class name is org.exoplatform.community.oauth.linkedin.OAuthLinkedinFilter and the url is /linkedinAuth.)

More about declaring filters in eXo Platform extension: http://docs.exoplatform.com/PLF30/refguide/html/ch-how-to-extend-my-gatein-instance.html#d0e18239

5. Develop your login module.

– Write a login module that extends AbstractLoginModule.

See the code sample below:

6. Deploy and configure JAAS to enable your login module.

– After building your login module jar, install it to tomcat/lib.

– Configure to enable the module in tomcat/conf/jaas.conf. Your login module should be placed before other modules. In the following example, it is ORGLoginModule:

7. Test it.

– To check if the filter works, go to {your website}/portal/linkedInAuth

If the module is working, it will redirect you to a LinkedIn login page like this one:

03_LinkedIn_Login_page

Once you are identified on LinkedIn and allow access, you will be redirected back to the website with the user data provided by LinkedIn. These data are formatted under json format in the following manner:

{“id”:”QuUeufSui4″,”lastName”:”Vu”,”emailAddress”:”anhvta@yahoo.com”,”firstName”:”Tuan Anh”}

Now, you can do whatever you want with these data.

See the mechanism in action by signing in into the community, and learn more about our add-ons and what you can do with eXo Platform 4.

Join the eXo Community if you have any questions or if you want more details on how we did it for Google+ and Facebook logins.

Be part of the discussion, share your comments

comments