问题
I am building a Ruby on Rails app that: a) authenticates the user through OAuth via LinkedIn, and I would like to: b) use the acquired OAuth token to authenticate Mechanize for access to http://www.linkedin.com (instead of re-entering the user-name/password into the Mechanize agent).
So, a) is it possible to authenticate Mechanize http access via an OAuth token, b) will this work with LinkedIn, and c) can anyone point me to a Ruby example?
Here are my gems:
gem 'omniauth', '~> 1.3', '>= 1.3.1'
gem 'omniauth-linkedin', '~> 0.2.0'
gem 'mechanize', '~> 2.7', '>= 2.7.4'
Thank you!
回答1:
Linkedin offers an api so you can follow their protocol to get the outh token and make requests.
Using the api is different than using the website, though. Using an oauth token isn't equivalent to logging in through the website.
To use the api, I'd recommend searching for a gem. There are a few Google hits for "LinkedIn oauth rails". Here is a tutorial - http://sourcey.com/rails-4-omniauth-using-devise-with-twitter-facebook-and-linkedin/
Technically, you could get the username and password for the users LinkedIn account and then login to the website in their behalf server side using mechsnize. But you shouldn't do this, because it's a bad security practice. With oauth you never actually see their LinkedIn credentials, which is what users want.
In short, LinkedIn expects you to use their api to do anything on behalf of users. You'll have to implement an oauth scheme to do this. Don't be discouraged if this seems like a pain to set up. Oauth isn't an easy thing for many seasoned developers.
来源:https://stackoverflow.com/questions/37771163/ruby-mechanize-oauth-and-linkedin-all-in-one-happy-family