HomeNewPandaSocial Posts How-To'sLinked In Membership Authentication (December 2013)

8.8. Linked In Membership Authentication (December 2013)

Updated 09.04.14

In December 2013, the current access tokens were all retired, i.e. authentication with them was not anymore possible. As a result, each user will have to re-authenticate in order to post to their LinkedIn accounts, and then re-authenticate every 60 day thereafter.

The following changes were made to the Linked-In connections.

1)      The membership based authentication was incorporated (https://developer.linkedin.com/blog/migrating-all-applications-member-permissions-0  ).

2)      New API was incorporated (http://developer.linkedin.com/documents/authentication )

3)      Re-authentication upon expiration of the previous authentication was implemented.

4)      Posting will take place with the Share API (http://developer.linkedin.com/documents/share-api).

5)      Expiration Date is now visible on the Social Network tab of the "settings" page.


1.     The membership based authentication


Membership based authentication was implemented. Currently on authentication, the following permissions are granted for the NewPanda connections (http://developer.linkedin.com/documents/authentication#granting):

-          Basic Profile Data (r_basicprofile): Name, photo, headline, and current positions.

-          Network Updates (rw_nus): Retrieve and post updates to LinkedIn as you.

This means that the following authentication dialog is now displayed when authentication takes place:






2.     New LinkedIn API

New API was incorporated that is based on the membership authentication and OAUTH 2.0 access tokens. All calls need valid, non-expired access tokens. The access tokens are valid only for 60 days. There are no non-expiring access tokens like there used to be in the earlier versions, which now has been retired.

For example, the new version of the API to post network updates was incorporated (http://developer.linkedin.com/documents/share-api). It allows posting much more than a comment text.


3.     Re-authentication and renewal of 60-day valid authentication tokens


The following practice is taken to ensure that the users' access tokens - which are only valid for 60 days -  are re-authenticated and renewed:

1)      A LinkedIn re-authentication upon logging in is requested when the token expires within 30 days, or when there is no expiration date. The re-authentication is prompted on logging in for the maximum 10 times but only once per day. When the user re-authenticates, the counter is reset, and the use gets a 60 day token. Note: If the user is logged in the LinkedIn with the same account that is about to get expired, this all takes place in the background. (https://developer.linkedin.com/blog/tips-and-tricks-refreshing-access-token, http://stackoverflow.com/questions/13411938/linkedin-api-how-to-refresh-access-tokens-from-a-console-application, )

2)      This re-authentication is not requested if the user is logged in through the Admin pages, but it is in all other cases (included seamless login etc.).

3)      User can re-authenticate as earlier also through the Social Networks of the settings page.

Re-authentication can fail for three reasons:

-          The user prefers not to do it by pressing the cancel in the LinkedIn authentication dialog. In this case the user is redirected to the normal start page (the "dash-board" page), and the re-authentication counter is incremented by one. Note that this only will take place once per each day. The re-authentication not prompted again until next day.

-          User enters an incorrect username or password. In this case the screen below will show and the user needs to re-try or press the cancel.


-          There will be a system error. In this case the screen as follows will be presented, and the user can press the continue link to perform the rest of the logging process. In this case the re-authentication counter is incremented by one, and an error is stored in the globalerrors table.



4.     Posting will take place with the Share API

Posting to Linked in will take place by using the new Share API (http://developer.linkedin.com/documents/share-api). Note that even if it has options to post a web site URL with associated description and image, this was not implemented now. The user interface to post remained.

5.     Expiration Date is now visible on the Social Network tab of the "settings" page.



If there is no expiration date, or the expiration date is in the past, the user is still using the retired non-membership based authentication and cannot use LinkedIn from NewPanda.



Related Pages
This page was: Helpful | Not Helpful