Comments (4)
brettle
commented on July 21, 2024
It appears that the publicProfileUrl can be customized by the user but the customized URL appears to always start with https://www.linkedin.com/in/, whereas the unedited form seems to start with https://www.linkedin.com/pub/. It would presumably be secure to use the unedited form to identify users, but in rare cases it wouldn't be secure to use the customized form. Specifically, if a user customized his profile URL, then used LinkedIn to log into the app, then customized his profile URL again but didn't log into the app using LinkedIn afterward, then LinkedIn allowed an attacker to use the original customized URL. Under those circumstances, the attacker could gain access to the app as the user.
from meteor-accounts-linkedin.
samudranb
commented on July 21, 2024
Was this fixed? @brettle
from meteor-accounts-linkedin.
brettle
commented on July 21, 2024
Not that I'm aware of.
from meteor-accounts-linkedin.
svda
commented on July 21, 2024
This has been fixed here
from meteor-accounts-linkedin.
Related Issues (20)
- How to user requestPermissions in Meteor.loginWithLinkedin HOT 5
- invalid redirect_uri. This value must match a URL registered with the API Key. HOT 6
- Name or email not showing, in UI. HOT 4
- OAuth Sever Error HOT 2
- linked in picture url HOT 1
- Error: No matching login attempt found HOT 1
- Unable to start meteor after pauli:accounts-linkedin HOT 3
- "loginWithService is not a function" @2.0.0 HOT 5
- There is an extra notice showing even when not needed HOT 1
- How to get access-token after login into the linkedin?
- Having difficulties using Meteor 1.6.1 HOT 6
- Package displaying in browser inspector credentials of login HOT 1
- LinkedIn drops OAuth 1 HOT 4
- Create option in configuration to return cleaned up data
- Option to ignore getImage function HOT 4
- Bad data on login HOT 1
- Error in OAuth Server: unauthorized_scope_error HOT 3
- Destructuring options parameter in linkedin-client when it's null or undefined HOT 1
- The passed in client_id is invalid "undefined" HOT 1
- Package doesnt work on Meteor 2.3.4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from meteor-accounts-linkedin.