From f102ee1ed5684cba9bf6d90bf5cc572414980262 Mon Sep 17 00:00:00 2001 From: zgaetano Date: Tue, 31 Mar 2026 15:29:25 -0400 Subject: [PATCH] Add mcp-gateway/LINKEDIN_TOKEN_GENERATION.md --- mcp-gateway/LINKEDIN_TOKEN_GENERATION.md | 234 +++++++++++++++++++++++ 1 file changed, 234 insertions(+) create mode 100644 mcp-gateway/LINKEDIN_TOKEN_GENERATION.md diff --git a/mcp-gateway/LINKEDIN_TOKEN_GENERATION.md b/mcp-gateway/LINKEDIN_TOKEN_GENERATION.md new file mode 100644 index 0000000..01d4efa --- /dev/null +++ b/mcp-gateway/LINKEDIN_TOKEN_GENERATION.md @@ -0,0 +1,234 @@ +# LinkedIn Access Token Generation Guide + +## Current Status + +Your LinkedIn app credentials are ready: +- ✅ **Client ID**: `782ff5x832tfn4` +- ✅ **Client Secret**: `WPL_AP1.Mwyqzyoyi6LguP4J.nP49EQ==` + +However, LinkedIn requires specific API access permissions before you can generate tokens. Here's how to set that up: + +--- + +## Step 1: Request API Access + +LinkedIn requires you to request access to specific APIs for your app. + +### Go to Your App Settings + +1. Visit: https://www.linkedin.com/developers/apps +2. Click on your app +3. Go to the **Settings** tab + +### Request Product Access + +In the Settings page, find the **Products** section and request access to: + +- **Sign In with LinkedIn** (for authentication) +- **Marketing Developer Platform** (if sharing content) +- **LinkedIn Jobs Search API** (optional, for job search features) + +**Important:** For MCP usage, you primarily need one of these. Start with "Sign In with LinkedIn" which is the most commonly approved. + +--- + +## Step 2: Once Access is Approved + +LinkedIn will review your request (usually 5-10 minutes to 24 hours). Once approved: + +### Option A: Generate Personal Access Token (Recommended for MCP) + +If you're using this for personal/development purposes: + +1. Go to your app → **Settings** tab +2. Scroll down to **Personal access tokens** section +3. Click **Generate token** +4. Choose scopes (at minimum: `r_liteprofile` and `r_emailaddress`) +5. Copy the token immediately (it won't be shown again) + +This token is what goes in your `.env` file: +```env +LINKEDIN_ACCESS_TOKEN=your_personal_token_here +``` + +### Option B: OAuth2 Authorization Code Flow (For user login) + +If you want to authenticate via LinkedIn login: + +1. Direct user to: +``` +https://www.linkedin.com/oauth/v2/authorization? + response_type=code + &client_id=782ff5x832tfn4 + &redirect_uri=http://10.0.0.25:4444/callback + &scope=r_liteprofile%20r_emailaddress + &state=random_string_here +``` + +2. User approves access +3. LinkedIn redirects to your callback URL with an authorization code +4. Exchange the code for an access token: + +```bash +curl -X POST https://www.linkedin.com/oauth/v2/accessToken \ + -H "Content-Type: application/x-www-form-urlencoded" \ + -d "grant_type=authorization_code" \ + -d "code=AUTHORIZATION_CODE_FROM_REDIRECT" \ + -d "redirect_uri=http://10.0.0.25:4444/callback" \ + -d "client_id=782ff5x832tfn4" \ + -d "client_secret=WPL_AP1.Mwyqzyoyi6LguP4J.nP49EQ==" +``` + +Response will contain: +```json +{ + "access_token": "your_access_token_here", + "expires_in": 5184000, + "token_type": "Bearer" +} +``` + +--- + +## Step 3: Add to .env File + +Once you have your access token (either from personal token generation or OAuth flow): + +```bash +nano /sessions/vigilant-elegant-ramanujan/mnt/MCP\ Servers/mcp-gateway/.env +``` + +Add or update: +```env +# LinkedIn MCP Server +LINKEDIN_ACCESS_TOKEN=your_access_token_here +LINKEDIN_API_KEY=optional_if_enterprise_access +``` + +--- + +## Understanding Token Types + +### Personal Access Token +- **Use case**: Development, testing, personal use +- **Scope**: Limited to your account +- **Duration**: Varies (usually 1-12 months) +- **Approval**: Often faster +- **Best for**: MCP gateway running on personal machine + +### OAuth2 Bearer Token +- **Use case**: User delegation, multi-user scenarios +- **Scope**: Limited to approved scopes +- **Duration**: Shorter (usually 60 days) +- **Approval**: Required for each user +- **Best for**: Customer-facing applications + +--- + +## Troubleshooting + +### "Access Denied" or "Product Access Not Granted" + +**Solution**: Your app needs to request API access in the Products section. + +1. Go to https://www.linkedin.com/developers/apps +2. Select your app +3. Go to **Products** or **Authorized products** +4. Click **Request access** for desired APIs +5. Fill in the form about your use case +6. Submit and wait for approval + +### "Invalid Scope" + +**Solution**: You're requesting scopes your app doesn't have access to. + +Start with basic scopes: +- `r_liteprofile` - Basic profile data +- `r_emailaddress` - Email address +- `r_basicprofile` - Basic profile (some APIs) + +Don't request enterprise scopes until your app is approved for them. + +### Token Expired + +**Solution**: Generate a new token. + +LinkedIn tokens expire periodically. Before expiration: +1. Generate a new personal token, or +2. Refresh the OAuth token using refresh_token (if available) +3. Update .env with new token +4. Restart gateway container + +### "Unauthorized" When Using Token + +**Solution**: Verify the token is correct. + +```bash +# Test your token +curl -X GET https://api.linkedin.com/v2/me \ + -H "Authorization: Bearer YOUR_TOKEN_HERE" + +# Should return your LinkedIn profile, not an error +``` + +--- + +## Estimated Timeline + +| Step | Duration | Notes | +|------|----------|-------| +| Request API Access | 5 min | Immediate submission | +| LinkedIn Review | 5 min - 24 hours | Usually fast for personal tokens | +| Generate Token | 1 min | Immediate once approved | +| Update .env | 1 min | Simple edit | +| Test Token | 1 min | Curl request to verify | +| Deploy Changes | 5 min | Docker rebuild | + +**Total**: Usually 10-30 minutes + +--- + +## Next Steps + +1. ✅ Go to your LinkedIn app settings +2. ✅ Request access to required APIs +3. ✅ Wait for approval (typically 5-60 minutes) +4. ✅ Generate personal access token +5. ✅ Add token to .env file +6. ✅ Rebuild and restart gateway: + ```bash + cd /path/to/mcp-gateway + docker-compose down + docker-compose build + docker-compose up -d + ``` +7. ✅ Verify LinkedIn service is healthy: + ```bash + curl http://10.0.0.25:4444/dashboard/status | jq '.services[] | select(.name=="LinkedIn")' + ``` + +--- + +## Quick Reference + +**Your LinkedIn App:** +- App ID: `782ff5x832tfn4` +- Settings: https://www.linkedin.com/developers/apps +- Test endpoint: `https://api.linkedin.com/v2/me` +- MCP Gateway callback: `http://10.0.0.25:4444/callback` + +**Environment Variable:** +```env +LINKEDIN_ACCESS_TOKEN= +``` + +--- + +## LinkedIn API Documentation + +- **Official Docs**: https://docs.microsoft.com/en-us/linkedin/ +- **OAuth2 Guide**: https://docs.microsoft.com/en-us/linkedin/shared/authentication/authentication +- **Jobs API**: https://docs.microsoft.com/en-us/linkedin/jobs/jobs-api/ +- **Marketing API**: https://docs.microsoft.com/en-us/linkedin/marketing/marketing-api/ + +Get your token and we'll complete the setup! 🚀