feat(connector): add linkedin connector (#7032)

Author: wangsijie

.changeset/thin-paws-yell.md

@@ -0,0 +1,5 @@
+---
+"@logto/connector-linkedin": minor
+---
+
+add LinkedIn social connector

packages/connectors/connector-linkedin/README.md

@@ -0,0 +1,61 @@
+# LinkedIn connector
+
+The official Logto connector for LinkedIn social sign-in.
+
+**Table of contents**
+- [LinkedIn connector](#linkedin-connector)
+  - [Get started](#get-started)
+  - [Setup a LinkedIn app](#setup-a-linkedin-app)
+  - [Configure your connector](#configure-your-connector)
+    - [Config types](#config-types)
+  - [Test LinkedIn connector](#test-linkedin-connector)
+  - [Reference](#reference)
+
+## Get started
+
+The LinkedIn connector enables end-users to sign in to your application using their own LinkedIn accounts via the LinkedIn OAuth 2.0 authentication protocol.
+
+## Setup a LinkedIn app
+
+Go to the [LinkedIn Developers](https://www.linkedin.com/developers) and sign in with your LinkedIn account. If you don’t have an account, you can register for one.
+
+Then, create an app.
+
+**Step 1:** Fill in the App Details.
+
+Complete the form and create the app.
+
+**Step 2:** Setup callback URLs.
+
+Go to App details page and find "Auth" tab, "OAuth 2.0" section and find the field "Authorized redirect URLs for your app".
+
+In our case, this will be `${your_logto_endpoint}/callback/${connector_id}`. e.g. `https://foo.logto.app/callback/${connector_id}`. The `connector_id` can be found on the top bar of the Logto Admin Console connector details page.
+
+**Step 3:** Add the product.
+
+Go to "Products" tab and add the product "Sign In with LinkedIn using OpenID Connect".
+
+## Configure your connector
+
+In your Logto connector configuration, fill out the following fields with the values obtained from your App's "Auth" tab, "Application credentials" section:
+
+- **clientId:** Your App's Client ID.
+- **clientSecret:** Your App's Primary Client Secret.
+
+`scope` is a space-delimited list of OIDC scopes. If not provided, the default scope is `openid profile email`.
+
+### Config types
+
+| Name         | Type   |
+| ------------ | ------ |
+| clientId     | string |
+| clientSecret | string |
+| scope        | string |
+
+## Test LinkedIn connector
+
+That's it! The LinkedIn connector should now be available for end-users to sign in with their LinkedIn accounts. Don't forget to [Enable the connector in the sign-in experience](https://docs.logto.io/docs/recipes/configure-connectors/social-connector/enable-social-sign-in/).
+
+## Reference
+
+- [Sign in with LinkedIn](https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin)

packages/connectors/connector-linkedin/logo.svg

@@ -0,0 +1,70 @@
+{
+  "name": "@logto/connector-linkedin",
+  "version": "0.0.0",
+  "description": "LinkedIn web connector implementation.",
+  "author": "Silverhand Inc. <[email protected]>",
+  "dependencies": {
+    "@logto/connector-kit": "workspace:^4.0.0",
+    "@silverhand/essentials": "^2.9.1",
+    "ky": "^1.2.3",
+    "query-string": "^9.0.0",
+    "snakecase-keys": "^8.0.1",
+    "zod": "^3.23.8"
+  },
+  "main": "./lib/index.js",
+  "module": "./lib/index.js",
+  "exports": "./lib/index.js",
+  "license": "MPL-2.0",
+  "type": "module",
+  "files": [
+    "lib",
+    "docs",
+    "logo.svg",
+    "logo-dark.svg"
+  ],
+  "scripts": {
+    "precommit": "lint-staged",
+    "check": "tsc --noEmit",
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "lint": "eslint --ext .ts src",
+    "lint:report": "pnpm lint --format json --output-file report.json",
+    "test": "vitest src",
+    "test:ci": "pnpm run test --silent --coverage",
+    "prepublishOnly": "pnpm build"
+  },
+  "engines": {
+    "node": "^20.9.0"
+  },
+  "eslintConfig": {
+    "extends": "@silverhand",
+    "settings": {
+      "import/core-modules": [
+        "@silverhand/essentials",
+        "got",
+        "nock",
+        "snakecase-keys",
+        "zod"
+      ]
+    }
+  },
+  "prettier": "@silverhand/eslint-config/.prettierrc",
+  "publishConfig": {
+    "access": "public"
+  },
+  "devDependencies": {
+    "@silverhand/eslint-config": "6.0.1",
+    "@silverhand/ts-config": "6.0.0",
+    "@types/node": "^20.11.20",
+    "@types/supertest": "^6.0.2",
+    "@vitest/coverage-v8": "^2.1.8",
+    "eslint": "^8.56.0",
+    "lint-staged": "^15.0.2",
+    "nock": "14.0.0-beta.15",
+    "prettier": "^3.0.0",
+    "supertest": "^7.0.0",
+    "tsup": "^8.3.0",
+    "typescript": "^5.5.3",
+    "vitest": "^2.1.8"
+  }
+}

packages/connectors/connector-linkedin/package.json

@@ -0,0 +1,54 @@
+import type { ConnectorMetadata } from '@logto/connector-kit';
+import { ConnectorPlatform, ConnectorConfigFormItemType } from '@logto/connector-kit';
+
+// See https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin
+export const authorizationEndpoint = 'https://www.linkedin.com/oauth/v2/authorization';
+export const defaultScope = 'openid profile email';
+export const accessTokenEndpoint = 'https://www.linkedin.com/oauth/v2/accessToken';
+export const userInfoEndpoint = 'https://api.linkedin.com/v2/userinfo';
+
+export const defaultMetadata: ConnectorMetadata = {
+  id: 'linkedin-universal',
+  target: 'linkedin',
+  platform: ConnectorPlatform.Universal,
+  name: {
+    en: 'LinkedIn',
+    'zh-CN': 'LinkedIn',
+    'tr-TR': 'LinkedIn',
+    ko: 'LinkedIn',
+  },
+  logo: './logo.svg',
+  logoDark: null,
+  description: {
+    en: 'LinkedIn is a social media platform for professional networking and information sharing.',
+    'zh-CN': 'LinkedIn是一个职业社交和信息分享的社交媒体平台。',
+    'tr-TR':
+      'LinkedIn, profesyonel ağ oluşturma ve bilgi paylaşma için bir sosyal medya platformudur.',
+    ko: 'LinkedIn은 전문 네트워킹과 정보 공유를 위한 소셜 미디어 플랫폼입니다.',
+  },
+  readme: './README.md',
+  formItems: [
+    {
+      key: 'clientId',
+      type: ConnectorConfigFormItemType.Text,
+      label: 'Client ID',
+      required: true,
+    },
+    {
+      key: 'clientSecret',
+      type: ConnectorConfigFormItemType.Text,
+      label: 'Client Secret',
+      required: true,
+    },
+    {
+      key: 'scope',
+      type: ConnectorConfigFormItemType.Text,
+      label: 'Scope',
+      required: false,
+      description:
+        "The `scope` determines permissions granted by the user's authorization. If you are not sure what to enter, do not worry, just leave it blank.",
+    },
+  ],
+};
+
+export const defaultTimeout = 5000;

packages/connectors/connector-linkedin/src/constant.ts

@@ -0,0 +1,98 @@
+import nock from 'nock';
+
+import { accessTokenEndpoint, authorizationEndpoint, userInfoEndpoint } from './constant.js';
+import createConnector, { getAccessToken } from './index.js';
+import { mockedConfig } from './mock.js';
+
+const getConfig = vi.fn().mockResolvedValue(mockedConfig);
+const setSession = vi.fn();
+const getSession = vi.fn().mockResolvedValue({
+  redirectUri: 'http://localhost:3000/callback',
+});
+
+describe('getAuthorizationUri', () => {
+  afterEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it('should get a valid uri by redirectUri and state', async () => {
+    const connector = await createConnector({ getConfig });
+    const authorizationUri = await connector.getAuthorizationUri(
+      {
+        state: 'some_state',
+        redirectUri: 'http://localhost:3000/callback',
+        connectorId: 'some_connector_id',
+        connectorFactoryId: 'some_connector_factory_id',
+        jti: 'some_jti',
+        headers: {},
+      },
+      setSession
+    );
+    expect(setSession).toHaveBeenCalledWith({
+      redirectUri: 'http://localhost:3000/callback',
+    });
+    expect(authorizationUri).toEqual(
+      `${authorizationEndpoint}?response_type=code&client_id=%3Cclient-id%3E&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid+profile+email&state=some_state`
+    );
+  });
+});
+
+describe('getAccessToken', () => {
+  afterEach(() => {
+    nock.cleanAll();
+    vi.clearAllMocks();
+  });
+
+  it('should get an accessToken by exchanging with code', async () => {
+    nock(accessTokenEndpoint).post('').reply(200, {
+      access_token: 'access_token',
+    });
+    const { access_token } = await getAccessToken(mockedConfig, 'code', 'redirectUri');
+    expect(access_token).toEqual('access_token');
+  });
+});
+
+describe('getUserInfo', () => {
+  beforeEach(() => {
+    nock(accessTokenEndpoint).post('').query(true).reply(200, {
+      access_token: 'access_token',
+    });
+  });
+
+  afterEach(() => {
+    nock.cleanAll();
+    vi.clearAllMocks();
+  });
+
+  it('should get valid SocialUserInfo', async () => {
+    nock(userInfoEndpoint).get('').reply(200, {
+      sub: '1',
+      name: 'monalisa',
+      email: '[email protected]',
+      picture: 'https://example.com/picture.jpg',
+    });
+    const connector = await createConnector({ getConfig });
+    const socialUserInfo = await connector.getUserInfo(
+      { code: 'code', redirectUri: 'http://localhost:3000/callback' },
+      getSession
+    );
+    expect(socialUserInfo).toStrictEqual({
+      id: '1',
+      name: 'monalisa',
+      email: '[email protected]',
+      picture: 'https://example.com/picture.jpg',
+      rawData: {
+        sub: '1',
+        name: 'monalisa',
+        email: '[email protected]',
+        picture: 'https://example.com/picture.jpg',
+      },
+    });
+  });
+
+  it('throws unrecognized error', async () => {
+    nock(userInfoEndpoint).get('').reply(500);
+    const connector = await createConnector({ getConfig });
+    await expect(connector.getUserInfo({ code: 'code' }, vi.fn())).rejects.toThrow();
+  });
+});