This is a pretty clear case of SlideShare trying to grab too much. The LinkedIn API (which is their own proprietary thing, not OpenID Connect) does separate all the permissions into different scopes. However, the SlideShare app is asking for all of them, and LinkedIn doesn’t let you uncheck any boxes on the authorization screen.
FWIW, the reason they want write access to your profile is to automatically add new SlideShare presentations that you upload to your LinkedIn profile page. You should still have the option of turning that off, or of turning on that functionality later. — Justin > On Jul 22, 2015, at 9:49 AM, Kathleen Moriarty > <[email protected]> wrote: > > Hey Barry, > > From my observations with Facebook, it now has options added for you to > select what resources from Facebook will get shared when authorizing access > to other applications. You can click on each of the possibilities and strip > it down. It appears to me that Facebook is managing that, so in your case, I > *think* (and am open to be corrected) that LinkedIn needs to do something > similar. Without those options, I also cancel out and just don't use the > other app. > > Thanks, > Kathleen > > On Wed, Jul 22, 2015 at 3:44 AM, Barry Leiba <[email protected] > <mailto:[email protected]>> wrote: > Yesterday, someone sent me a link to some presentation slides that > he'd posted to SlideShare. I looked at them, and wanted to download > them as a PDF. In order to let me do that, SlideShare wants me to log > in. It gives me the options to log in via LinkedIn or Facebook. As > I'm one of the three people in the world without a Facebook account, I > clicked "LinkedIn". That got me an OAuth authorization screen, image > attached. > > Now, I don't know if this is SlideShare's fault for asking for too > much, or LinkedIn's fault for not providing enough granularity for > requests, but just LOOK at that list of what I'd be giving SlideShare > access to. The first few make sense: read my profile (the whole thing > or pieces of it, including contact information). But... access to my > connections? I'm not sure they'd like my exposing their identities to > SlideShare. Access to my private messages? EDIT MY PROFILE? Srsly? > > Of course, this isn't the fault of the OAuth protocol, really (though > one might argue that there's not enough guidance provided). But, > really, with implementations like this, I have to wonder what they're > thinking. > > I clicked "Cancel", of course, and asked the slide creator to send me a PDF. > > Barry > > _______________________________________________ > OAuth mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/oauth > <https://www.ietf.org/mailman/listinfo/oauth> > > > > > -- > > Best regards, > Kathleen > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
