4

I'm trying to get a user profile picture and save the image URL to my DB. It worked for a while but now I'm starting to see that some of the images aren't loadings anymore... I'm getting 403 (Forbidden).

here is the currently code:

user auth API:

const linkedinAuth = passport.authenticate("linkedin");

router.get("/linkedin", addSocketIdToSession, linkedinAuth);

const addSocketIdToSession = (req, res, next) => {
  req.session.socketId = req.query.socketId;
  next();
};

paspport.js:

  passport.use(new LinkedInStrategy({
    clientID: "clientid",
    clientSecret: "secret",
    scope: ["r_emailaddress", "r_liteprofile"],
    callbackURL: linkedinURL,
  }, callback));

  const callback = async (accessToken, refreshToken, profile, cb) => {
    let user = {
      email: profile.emails[0].value,
      firstName: profile.name.givenName,
      lastName: profile.name.familyName,
      photo: profile.photos[0].value,
      providers: profile.provider,
    };
};

I searched and found this option but I see the image URLs I'm getting are the same as I get from the code above.

I think I had something similar with Facebook auth and the fix was to use Facebook API to get the profile image: photo: https://graph.facebook.com/${profile.id}/picture?type=large

ronara
  • 336
  • 11
  • 26
  • Can you add how are you making the request, I mean the `URL` to which you are making the request? – Shivam Sep 02 '20 at 01:59
  • I added all the code I use for Linkedin auth – ronara Sep 02 '20 at 08:24
  • did you check if the users remove the authorization to your app calling `https://api.linkedin.com/v2/me` ? – Manuel Spigolon Sep 04 '20 at 08:19
  • one of them is me and I didn't remove the auth – ronara Sep 04 '20 at 13:26
  • 1
    This is interesting - it sounds like linkedIn is limiting the timeframe that you have access to this profile image. This is where the world is going. To test for this - if you reauthenticate with your user can you get to the image again? I'm sure you'd like to avoid this - but if this is so - you may need to copy and store these images if you want them to remain available for your use case. – darrin Sep 07 '20 at 13:01
  • @darrin That's also what I thought... But I thought maybe they have API like Facebook has... and even if no, Why not write something about the limitation in the documentation? – ronara Sep 07 '20 at 13:12
  • @ronara Agreed. It seems strange but with data privacy / security standards heightening every day it is the sort of thing they SHOULD do. And you have to admin the docs aren't always perfect. ;) Have you tried it? – darrin Sep 07 '20 at 13:24

0 Answers0