Search code examples
iosoauthlinkedin-apiparse-serversecret-key

Integrating LinkedIn login in a safe way on parse-server / iOS

I am running parse-server and want to integrate a LinkedIn login. If I understand the process correctly the steps are:

  1. use the LinkedIn SDK or a library like LinkedinSwift to get the access_token
  2. use this approach after you get the access token to login with the Parse SDK

However, using the SDKs from step 1 requires to embed the secret key inside your app and LinkedIn themselves state in their best practices that you should not do that (for good reason).

I am probably missing something here. Has anyone solved this? To get LinkedIn login working in combination with parse-server and NOT storing your secret in the app itself?

Solution

  • You should acquire the access token on a server endpoint then send it to your client, then the client can finish the login/linking/signup with option 2.

    Does that make sense?