为什么我无需通过 "Apply with LinkedIn" API 就可以访问 LinkedIn 完整个人资料?
Why do I have access to the LinkedIn Full Profile without having to go through the "Apply with LinkedIn" API?
LinkedIn 开发者文档指出 full profile information is only accessible when calling the "Apply with LinkedIn" API。
但在实践中,当使用我自己的 LinkedIn 个人资料进行简单测试时,我设法通过 "Sign in with LinkedIn" 调用访问完整个人资料字段(顺便说一句,我使用 JavaScript SDK)。
一切都很好,因为这意味着我可以通过 "Sign in with LinkedIn" API 访问比预期更多的字段,但这不是安全漏洞吗?
PS:如果您是 LinkedIn 开发人员,Basic Profile fields page 中存在拼写错误:字段 specialities 应拼写为 specialties.
您正在访问您自己个人资料的数据,您可以访问所有字段.. 如果您尝试访问任何其他人的完整个人资料,那么您将无法从这些个人资料中检索数据。这些配置文件的数据检索仅限于基本配置文件字段
@JustinKominar 的评论就是答案:
There is a blog post (https://developer.linkedin.com/blog/posts/2015/developer-program-changes) that explains that the recently announced changes to LinkedIn's API program will take effect on May 12th, 2015. You still have access because we are still in the transition period between the announcement and formal change. Presently, all previously documented capabilities are still available to you.
LinkedIn 开发者文档指出 full profile information is only accessible when calling the "Apply with LinkedIn" API。
但在实践中,当使用我自己的 LinkedIn 个人资料进行简单测试时,我设法通过 "Sign in with LinkedIn" 调用访问完整个人资料字段(顺便说一句,我使用 JavaScript SDK)。
一切都很好,因为这意味着我可以通过 "Sign in with LinkedIn" API 访问比预期更多的字段,但这不是安全漏洞吗?
PS:如果您是 LinkedIn 开发人员,Basic Profile fields page 中存在拼写错误:字段 specialities 应拼写为 specialties.
您正在访问您自己个人资料的数据,您可以访问所有字段.. 如果您尝试访问任何其他人的完整个人资料,那么您将无法从这些个人资料中检索数据。这些配置文件的数据检索仅限于基本配置文件字段
@JustinKominar 的评论就是答案:
There is a blog post (https://developer.linkedin.com/blog/posts/2015/developer-program-changes) that explains that the recently announced changes to LinkedIn's API program will take effect on May 12th, 2015. You still have access because we are still in the transition period between the announcement and formal change. Presently, all previously documented capabilities are still available to you.