Skip to content

Add LinkedIn OAuth 2.0 authentication #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lnqminh3003 merged 1 commit into from
Feb 9, 2026
Merged

Add LinkedIn OAuth 2.0 authentication #58

lnqminh3003 merged 1 commit into from
Feb 9, 2026

Conversation

@rxmox
Copy link
Collaborator

@rxmox rxmox commented Feb 9, 2026
edited
Loading

Summary

Implements LinkedIn OAuth 2.0 authentication flow, allowing users to sign up and log in using their LinkedIn accounts alongside the existing email/password authentication.

Changes

  • User Model: Added OAuth fields (linkedinId, linkedinUrl, profilePhoto, authProvider), made passwordHash optional for OAuth users
  • LinkedIn OAuth Utility: Created helper functions for authorization URL generation, token exchange, and profile fetching
  • Auth Controllers: Added linkedinAuth and linkedinCallback endpoints with CSRF state token protection
  • Auth Routes: Added GET /api/auth/linkedin and GET /api/auth/linkedin/callback
  • Server Validation: Added startup validation for LinkedIn environment variables
  • Dependencies: Added axios for HTTP requests to LinkedIn API

Email Conflict Handling

If a LinkedIn email matches an existing password-based account, returns error asking user to login with password instead (prevents unauthorized account linking).

Security Features

  • CSRF protection using JWT-signed state tokens (5-minute expiration)
  • OAuth users attempting password login are redirected to use LinkedIn
  • Pre-save validation ensures local auth users have passwords

Testing

  • TypeScript compiles successfully
  • Server starts with environment validation
  • CSRF protection verified (invalid state → 401)
  • LinkedIn redirect URL generation confirmed

Environment Variables Required

LINKEDIN_CLIENT_ID=<app-client-id>
LINKEDIN_CLIENT_SECRET=<app-client-secret>
LINKEDIN_CALLBACK_URL=http://localhost:4000/api/auth/linkedin/callback
FRONTEND_URL=http://localhost:19006

Note: @Lujarios pls add http://localhost:4000/api/auth/linkedin/callback to the LinkedIn app's authorized redirect URLs for testing.

@rxmox
Add LinkedIn OAuth 2.0 authentication
8d78da7 
- Add LinkedIn OAuth utility for auth URL generation, token exchange, and profile fetching
- Add linkedinAuth and linkedinCallback controllers with CSRF state token protection
- Update User model with OAuth fields (linkedinId, profilePhoto, authProvider) and make passwordHash optional
- Add pre-save validation ensuring local auth users still require passwords
- Handle email conflicts between OAuth and password-based accounts
- Add environment variable validation for LinkedIn credentials at startup
@rxmox
Copy link
Collaborator Author

rxmox commented Feb 9, 2026

Please don't merge yet, there are a thing or two I still need to confirm redirect URL is added

@rxmox
Copy link
Collaborator Author

rxmox commented Feb 9, 2026

image

@lnqminh3003 lnqminh3003 merged commit c808fa7 into backend Feb 9, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lnqminh3003 lnqminh3003 Awaiting requested review from lnqminh3003

@Lujarios Lujarios Awaiting requested review from Lujarios

@rodolfo-gp rodolfo-gp Awaiting requested review from rodolfo-gp

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rxmox @lnqminh3003