Salesforce Auth Provide – LinkedIn

In this blog, I am going to explain how to configure salesforce social sign on with LinkedIn. Salesforce has a number of social sign-on options like google, Facebook, and LinkedIn etc.Salesforce social sign gives users the option to sign-up and login on salesforce using their account on a social network like Facebook, Twitter, or Google+. Social Sign has a number of advantages like Pre-Validated Email, rich user profile date, One Click experiences and etc. . . .

How does Social Login work?

Social Login is a simple process, with the following steps.

1. The user enters your application and selects the desired social network provider.
2. A login request is sent to the social network provider.
3. Once the social network provider confirms the user’s identity, a current user will get access to your application.
4. A new user will be registered as a new user and then logged into the application.
Prerequisites:-

Custom Domain should be created and enabled for users.

Step 1: Creating LinkedIn Application.

Now we will see how to create LinkedIn Application. In order to enable the LinkedIn application first, log into the LinkedIn Developer Console and create a new LinkedIn Application by clicking the “Create Application” button and fill the information as explained below.

Name The name of your application.
Application Use Pick the intended use of your application.
Website URL The base URL of salesforce.

Click “Submit” to finish creating the new application.
Step 2: Enable LinkedIn permissions

In order to use the new LinkedIn Application with Salesforce, you need to enable the correct LinkedIn permissions.Under the “Default Application Permissions” section, enable the r_basicprofile and the r_emailaddress, rw_company_admin permissions. These permissions allow salesforce to access the basic profile properties like email and first, middle, and last name.


Please take note of Client Id and Client Secrete which will be used in Salesforce auth provides creation process.

We will be updating LinkedIn OAuth Setting later after creating auth providers in Salesforce

Step 3: Defining LinkedIn Auth Provider in Salesforce

To Setup auth Provide in Salesforce Go to setup->Security control->Auth. Providers select LinkedIn in the provider and fill the information as shown below.


1.Name: Desire name as you wish, but good to keep as Auth Provider name i.e LinkedIn
2.URL Suffix: Auto Populated based on Name
3.Consumer Key: Consumer key which you got in LinkedIn Application
4.Consumer Secret: Consumer key which you got in LinkedIn Application
5.Authorize Endpoint URL: Optional, leave it blank.Authorization URL from Linked
6.Token Endpoint URL: Optional, leave it blank OAuth token URL from LinkedIn.
7.User Info Endpoint URL: Optional, leave it blank.URL to change the values requested from LinkedIn’s profile API.
8.Default Scopes: Optional, leave it blank. Default Scopes to enter a supported value or several space-separated values that represent the information you get from LinkedIn.
9.Custom Error URL: Optional, leave it blank.Custom Error URL for the provider to use to report any errors.

10.Custom Logout URL: Optional, leave it blank. Custom Logout URL to provide a specific destination for users after they log out if they authenticated using the SSO flow.
11 .Registration Handler: Apex class as the Registration Handler class. Or click Automatically create a registration handler template to create an Apex class template for the registration handler. Later we are going to edit this class
12 .Execute Registration As select the user that runs the Apex handler class. The user must have the “Manage Users” permission.
13.Portals: Include in any portals in you wish to
14.Icon URL: field to add a path to an icon to display as a button on the login page for a community.

After saving salesforce will generate several Configuration URL

Test-Only Initialization URL—Admins use this URL to ensure that the third-party provider is set up correctly. The admin opens this URL in a browser, signs into the third party, and is redirected back to Salesforce with a map of attributes. You will able to see sample data as shown below.


Single Sign-On Initialization URL—Use this URL to perform SSO into Salesforce from a third party (using third-party credentials).

Existing User Linking URL—Use this URL to link existing Salesforce users to a third-party account. The user opens this URL in a browser, signs into the third party, signs into Salesforce and approves the link

OAuth-Only Initialization URL—Use this URL to obtain OAuth access tokens for a third party. Users must authenticate with Salesforce for the third-party service to get a token.

Callback URL—Use the callback URL for the endpoint that the authentication provider calls back to for configuration. The authentication provider has to redirect to the callback URL with information for each client configuration URL

Step 4: Updating OAuth URL in Previously created LinkedIn Application

Copy the Callback URL and then go back to the LinkedIn application. Paste it in the OAuth 2.0 redirect URLs value as show below the update the application.


Step 5: Configure Auth Provides as Login Options.

You can configure the Auth Provide from Communities or from your Domain Page.
Here we are going to see how to configure form Domain Page.

Go to Setup –> Domain Management — My Domain. Edit Authentication Configuration then select the LinkedIn Check box and save it.

Step 6: Login into Salesforce with LinkedIn Auth Provider

Go to your Domain login page to login with LinkedIn as shown below.

Now Click Log in by using LinkedIn. You will see an error like below. No worries, It expected behavior.

Let’s fix it now.

Step 7: Understanding and Updating System generated Registration Handler

To Set up Sign sign on you need to implement Auth. RegistrationHandler interface which is having the definition to create or update the user date appropriately.

Update the AuthRegigisration handler with the below code.

// This Class is template
// TODO : Modify create and update user logic based requirement
// TODO : Account and Contact Updated based on requirement .
global class AutocreatedRegHandler1486767418304 implements Auth.RegistrationHandler{

global User createUser(Id portalId, Auth.UserData data){

if (data.provider==’LinkedIn’) {
// Create Account
Account a= new Account(name = ‘LinkedIn’);
insert a ;
// Create contact
Contact c = new Contact();
c.accountId = a.Id;
c.firstName = data.firstName;
c.lastName = data.lastName;
insert c;

// Create User
User u = new User();
Profile p =[SELECT Id FROM profile WHERE name = ‘Marketing User’];
u.username = data.firstName+data.lastName+’@yourcompany.com.sandbox’;
u.email = data.email;
u.lastName = data.lastName;
u.firstName = data.firstName;
u.alias = data.firstName.substring(0, Math.min(data.firstName.length(), 5));
u.languagelocalekey = UserInfo.getLocale();
u.localesidkey = UserInfo.getLocale();
u.emailEncodingKey = ‘UTF-8’;
u.timeZoneSidKey = ‘America/Los_Angeles’;
u.profileId = p.Id;

return u;
}else{
return null ;

}

}

global void updateUser(Id userId, Id portalId, Auth.UserData data){
User u = new User(id = userId);
u.lastName = data.lastName;
u.firstName = data.firstName;
update u;
}
}
Now You can able to login into Salesforce with LinkedIn . Once you login with Linked in ,its going to create a new user as per the above code