# LinkedIn Developer Portal — Application Registry **Status tracker for Stargue's LinkedIn apps.** Every row must stay current — Claude Code verifies against this file during Stage 0 DoD 0.9. ## Applications | App | Product | Purpose | Scopes granted | State | App ID | Approval date | Notes | |---|---|---|---|---|---|---|---| | Stargue Publishing Engine — Sign In | Sign In with LinkedIn using OpenID Connect | Identity / `whoami` | `openid profile email` | **TODO: register** | — | — | Standard — no approval required beyond Dev Portal self-service | | Stargue Publishing Engine — Member Share | Share on LinkedIn | Personal-profile posts (Angelo) | `w_member_social` | **TODO: register** | — | — | Standard — attached to the same app as Sign In | | Stargue Publishing Engine — Org Share | Community Management API | Company-page posts (`urn:li:organization:2605890`) | `w_organization_social`, `r_organization_social` | **TODO: apply** | — | — | Requires LinkedIn partner approval; submit via Dev Portal "Request access" | | Stargue Publishing Engine — Refresh | Marketing Developer Platform (MDP) | Programmatic refresh tokens (eliminates 60-day re-auth) | (extends above) | **TODO: apply** | — | — | Requires LinkedIn partner approval; multi-week review | ## OAuth redirect URIs - Production: `https://publishing.stargue.net/auth/linkedin/callback` - Local dev: `http://localhost:3002/auth/linkedin/callback` ## Client credentials Stored in Dokploy secrets on `sg-paas-s1.stargue.net`: - `LINKEDIN_CLIENT_ID` - `LINKEDIN_CLIENT_SECRET` - `LINKEDIN_TOKEN_ENCRYPTION_KEY` (32-byte key for `crypto_secretbox`) ## Manual setup checklist (Stage 0.9) 1. Sign in to `https://www.linkedin.com/developers/` as Angelo (personal account). 2. Create app "Stargue Publishing Engine" linked to Stargue Company Page `urn:li:organization:2605890` (required for Community Management API eligibility). 3. Under **Products**, request: - Sign In with LinkedIn using OpenID Connect (self-service; instant) - Share on LinkedIn (self-service; instant) - Community Management API (submit partner-access request — fill in use-case: "Programmatic posting of original content to Stargue Company Page for knowledge-management-as-a-service practice") - Marketing Developer Platform (separate partner-access request — fill in use-case: "Automate posting and engagement-metric collection for owned content from a self-hosted publishing pipeline") 4. Under **Auth**, add redirect URIs above. 5. Copy Client ID and Client Secret to Dokploy secrets (never commit). 6. Update this file with the app ID. 7. Re-request Community Management API + MDP if denied initially, with more detailed use-case. ## References - [LinkedIn Developer Portal](https://www.linkedin.com/developers/) - [Posts API](https://learn.microsoft.com/en-us/linkedin/marketing/community-management/shares/posts-api) - [3-Legged OAuth Flow](https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow) - [Programmatic Refresh Tokens](https://learn.microsoft.com/en-us/linkedin/shared/authentication/programmatic-refresh-tokens) - [Community Management API overview](https://learn.microsoft.com/en-us/linkedin/marketing/community-management/)