validate the access token obtained from the linkedin Rest API

Question

I have a mobile application talking to a backend. I am providing login to the app through LinkedIn. I checked the linkedIn api for oauth authentication and have followed the steps as given in this link Oauth LinkedIn.

I am able to obtain the request token as per step 3. Now i am sending this request to my backend. In the backend i want to make sure that this request token is valid and has not expired.

How do i achieve this ? In FB authentication, they have provided an end point to which i post the access token (https://graph.facebook.com/app?access_token=)and it gives the expiry time, validity of token etc.

How do we do this with LinkedIn api, i searched their documentation, but no luck. Any help will be appreciated.

Thanks

Answer 1

There's no separate API that LinkedIn provides to inspect the token. However you do get a hint about the token expiry back in the response from the token endpoint when exchanging the code for an access_token in the expires_in parameter, e.g.:

   {"access_token":"<>","expires_in":5183999}

which tells you that it is valid for 60 days. You could store that information together with the access token.

Answer 2

You can use "Token Introspection" endpoint to check the validity of your access token at any time. https://learn.microsoft.com/en-us/linkedin/shared/authentication/token-introspection. Use Refresh token to refresh it before it expires.