# LinkedIn Access Token Generation Guide ## Current Status Your LinkedIn app credentials are ready: - ✅ **Client ID**: `782ff5x832tfn4` - ✅ **Client Secret**: `WPL_AP1.Mwyqzyoyi6LguP4J.nP49EQ==` However, LinkedIn requires specific API access permissions before you can generate tokens. Here's how to set that up: --- ## Step 1: Request API Access LinkedIn requires you to request access to specific APIs for your app. ### Go to Your App Settings 1. Visit: https://www.linkedin.com/developers/apps 2. Click on your app 3. Go to the **Settings** tab ### Request Product Access In the Settings page, find the **Products** section and request access to: - **Sign In with LinkedIn** (for authentication) - **Marketing Developer Platform** (if sharing content) - **LinkedIn Jobs Search API** (optional, for job search features) **Important:** For MCP usage, you primarily need one of these. Start with "Sign In with LinkedIn" which is the most commonly approved. --- ## Step 2: Once Access is Approved LinkedIn will review your request (usually 5-10 minutes to 24 hours). Once approved: ### Option A: Generate Personal Access Token (Recommended for MCP) If you're using this for personal/development purposes: 1. Go to your app → **Settings** tab 2. Scroll down to **Personal access tokens** section 3. Click **Generate token** 4. Choose scopes (at minimum: `r_liteprofile` and `r_emailaddress`) 5. Copy the token immediately (it won't be shown again) This token is what goes in your `.env` file: ```env LINKEDIN_ACCESS_TOKEN=your_personal_token_here ``` ### Option B: OAuth2 Authorization Code Flow (For user login) If you want to authenticate via LinkedIn login: 1. Direct user to: ``` https://www.linkedin.com/oauth/v2/authorization? response_type=code &client_id=782ff5x832tfn4 &redirect_uri=http://10.0.0.25:4444/callback &scope=r_liteprofile%20r_emailaddress &state=random_string_here ``` 2. User approves access 3. LinkedIn redirects to your callback URL with an authorization code 4. Exchange the code for an access token: ```bash curl -X POST https://www.linkedin.com/oauth/v2/accessToken \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "grant_type=authorization_code" \ -d "code=AUTHORIZATION_CODE_FROM_REDIRECT" \ -d "redirect_uri=http://10.0.0.25:4444/callback" \ -d "client_id=782ff5x832tfn4" \ -d "client_secret=WPL_AP1.Mwyqzyoyi6LguP4J.nP49EQ==" ``` Response will contain: ```json { "access_token": "your_access_token_here", "expires_in": 5184000, "token_type": "Bearer" } ``` --- ## Step 3: Add to .env File Once you have your access token (either from personal token generation or OAuth flow): ```bash nano /sessions/vigilant-elegant-ramanujan/mnt/MCP\ Servers/mcp-gateway/.env ``` Add or update: ```env # LinkedIn MCP Server LINKEDIN_ACCESS_TOKEN=your_access_token_here LINKEDIN_API_KEY=optional_if_enterprise_access ``` --- ## Understanding Token Types ### Personal Access Token - **Use case**: Development, testing, personal use - **Scope**: Limited to your account - **Duration**: Varies (usually 1-12 months) - **Approval**: Often faster - **Best for**: MCP gateway running on personal machine ### OAuth2 Bearer Token - **Use case**: User delegation, multi-user scenarios - **Scope**: Limited to approved scopes - **Duration**: Shorter (usually 60 days) - **Approval**: Required for each user - **Best for**: Customer-facing applications --- ## Troubleshooting ### "Access Denied" or "Product Access Not Granted" **Solution**: Your app needs to request API access in the Products section. 1. Go to https://www.linkedin.com/developers/apps 2. Select your app 3. Go to **Products** or **Authorized products** 4. Click **Request access** for desired APIs 5. Fill in the form about your use case 6. Submit and wait for approval ### "Invalid Scope" **Solution**: You're requesting scopes your app doesn't have access to. Start with basic scopes: - `r_liteprofile` - Basic profile data - `r_emailaddress` - Email address - `r_basicprofile` - Basic profile (some APIs) Don't request enterprise scopes until your app is approved for them. ### Token Expired **Solution**: Generate a new token. LinkedIn tokens expire periodically. Before expiration: 1. Generate a new personal token, or 2. Refresh the OAuth token using refresh_token (if available) 3. Update .env with new token 4. Restart gateway container ### "Unauthorized" When Using Token **Solution**: Verify the token is correct. ```bash # Test your token curl -X GET https://api.linkedin.com/v2/me \ -H "Authorization: Bearer YOUR_TOKEN_HERE" # Should return your LinkedIn profile, not an error ``` --- ## Estimated Timeline | Step | Duration | Notes | |------|----------|-------| | Request API Access | 5 min | Immediate submission | | LinkedIn Review | 5 min - 24 hours | Usually fast for personal tokens | | Generate Token | 1 min | Immediate once approved | | Update .env | 1 min | Simple edit | | Test Token | 1 min | Curl request to verify | | Deploy Changes | 5 min | Docker rebuild | **Total**: Usually 10-30 minutes --- ## Next Steps 1. ✅ Go to your LinkedIn app settings 2. ✅ Request access to required APIs 3. ✅ Wait for approval (typically 5-60 minutes) 4. ✅ Generate personal access token 5. ✅ Add token to .env file 6. ✅ Rebuild and restart gateway: ```bash cd /path/to/mcp-gateway docker-compose down docker-compose build docker-compose up -d ``` 7. ✅ Verify LinkedIn service is healthy: ```bash curl http://10.0.0.25:4444/dashboard/status | jq '.services[] | select(.name=="LinkedIn")' ``` --- ## Quick Reference **Your LinkedIn App:** - App ID: `782ff5x832tfn4` - Settings: https://www.linkedin.com/developers/apps - Test endpoint: `https://api.linkedin.com/v2/me` - MCP Gateway callback: `http://10.0.0.25:4444/callback` **Environment Variable:** ```env LINKEDIN_ACCESS_TOKEN= ``` --- ## LinkedIn API Documentation - **Official Docs**: https://docs.microsoft.com/en-us/linkedin/ - **OAuth2 Guide**: https://docs.microsoft.com/en-us/linkedin/shared/authentication/authentication - **Jobs API**: https://docs.microsoft.com/en-us/linkedin/jobs/jobs-api/ - **Marketing API**: https://docs.microsoft.com/en-us/linkedin/marketing/marketing-api/ Get your token and we'll complete the setup! 🚀