Fix email scope for LinkedIn Provider (#191)

* Used user email address from LinkedIn

* Update example user_info_mapping in initializer

* Force r_emailaddress in @scope in linkedin provider

* Load email only if r_emailaddress is in scope

* Adjust initializers Linkedin comment

Author: JakubSzajna

lib/generators/sorcery/templates/initializer.rb

@@ -88,11 +88,19 @@
   #
   # config.ca_file =
 
+  # Linkedin requires r_emailaddress scope to fetch user's email address.
+  # You can skip including the email field if you use an intermediary signup form. (using build_from method).
+  # The r_emailaddress scope is only necessary if you are using the create_from method directly.
+  #
   # config.linkedin.key = ""
   # config.linkedin.secret = ""
   # config.linkedin.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=linkedin"
-  # config.linkedin.user_info_mapping = {first_name: "firstName", last_name: "lastName"}
-  # config.linkedin.scope = "r_basicprofile"
+  # config.linkedin.user_info_mapping = {
+  #   first_name: 'localizedFirstName',
+  #   last_name:  'localizedLastName',
+  #   email:      'emailAddress'
+  # }
+  # config.linkedin.scope = "r_liteprofile r_emailaddress"
   #
   #
   # For information about XING API:

lib/sorcery/providers/linkedin.rb

@@ -9,25 +9,26 @@ module Providers
     class Linkedin < Base
       include Protocols::Oauth2
 
-      attr_accessor :auth_url, :scope, :token_url, :user_info_url
+      attr_accessor :auth_url, :scope, :token_url, :user_info_url, :email_info_url
 
       def initialize
         super
 
-        @site          = 'https://api.linkedin.com'
-        @auth_url      = '/oauth/v2/authorization'
-        @token_url     = '/oauth/v2/accessToken'
-        @user_info_url = 'https://api.linkedin.com/v2/me'
-        @scope         = 'r_liteprofile'
-        @state         = SecureRandom.hex(16)
+        @site           = 'https://api.linkedin.com'
+        @auth_url       = '/oauth/v2/authorization'
+        @token_url      = '/oauth/v2/accessToken'
+        @user_info_url  = 'https://api.linkedin.com/v2/me'
+        @email_info_url = 'https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))'
+        @scope          = 'r_liteprofile r_emailaddress'
+        @state          = SecureRandom.hex(16)
       end
 
       def get_user_hash(access_token)
-        response = access_token.get(user_info_url)
+        user_info = get_user_info(access_token)
 
         auth_hash(access_token).tap do |h|
-          h[:user_info] = JSON.parse(response.body)
-          h[:uid] = h[:user_info]['id']
+          h[:user_info] = user_info
+          h[:uid]       = h[:user_info]['id']
         end
       end
 
@@ -45,6 +46,30 @@ def process_callback(params, _session)
 
         get_access_token(args, token_url: token_url, token_method: :post)
       end
+
+      def get_user_info(access_token)
+        response  = access_token.get(user_info_url)
+        user_info = JSON.parse(response.body)
+
+        if email_in_scope?
+          email = fetch_email(access_token)
+
+          return user_info.merge(email)
+        end
+
+        user_info
+      end
+
+      def email_in_scope?
+        scope.include?('r_emailaddress')
+      end
+
+      def fetch_email(access_token)
+        email_response = access_token.get(email_info_url)
+        email_info     = JSON.parse(email_response.body)['elements'].first
+
+        email_info['handle~']
+      end
     end
   end
 end