Skip to main content

Local MCP server for authenticated LinkedIn member post snapshots

Project description

flin-linkedin-posts-mcp

flin-linkedin-posts-mcp is a local MCP server for reading and analyzing the authenticated member's own LinkedIn post/share data.

It uses LinkedIn member OAuth login and the Member Data Portability API. Each user runs the MCP locally, signs into their own LinkedIn account in the system browser, and stores their token on their own machine.

The MCP supports two login flows:

  • Regular 3-legged OAuth with a client secret. This is the recommended local setup for most LinkedIn Developer apps.
  • Native OAuth PKCE. This does not require a client secret, but LinkedIn must explicitly enable the Native PKCE protocol for your app.

Important Access Requirement

This MCP does not bypass LinkedIn API approval. Each user should create their own LinkedIn Developer app with access to Member Data Portability API (Member) and the r_dma_portability_self_serve permission. Without that product/scope, LinkedIn returns 403 ACCESS_DENIED for memberSnapshotData.

Native PKCE is a separate LinkedIn app capability. If LinkedIn shows Not enough permissions to access Native PKCE protocol, use the regular 3-legged OAuth setup below or ask LinkedIn to enable Native PKCE for the app.

Relevant LinkedIn docs:

Features

  • Browser-based LinkedIn login with regular OAuth or native PKCE
  • Local token storage outside the repository
  • Auth status and logout tools
  • Snapshot domain count/debug tool
  • Authenticated member post/share listing from MEMBER_SHARE_INFO
  • Post analysis for counts, text length, hashtags, mentions, and top terms
  • Best-effort extraction of engagement counters when they are present in snapshot rows
  • Draft-to-published matching based on provided draft texts
  • Optional engagement enrichment via LinkedIn socialMetadata and memberCreatorPostAnalytics

MCP Tools

  1. auth_status
  2. login
  3. logout
  4. list_snapshot_domains
  5. list_member_posts
  6. analyze_member_posts
  7. match_drafts_to_member_posts
  8. get_post_social_metadata
  9. get_member_post_analytics
  10. enrich_member_posts_with_engagement

Configuration

Required for login:

  • LINKEDIN_CLIENT_ID: LinkedIn Developer app client ID

Recommended for regular 3-legged OAuth:

  • LINKEDIN_CLIENT_SECRET: LinkedIn Developer app client secret. If set, LINKEDIN_OAUTH_FLOW defaults to authorization_code.
  • LINKEDIN_REDIRECT_URI: exact local callback URI registered in the LinkedIn app, for example http://127.0.0.1:63141/callback.

Optional:

  • LINKEDIN_OAUTH_FLOW: authorization_code or native_pkce. Defaults to authorization_code when LINKEDIN_CLIENT_SECRET is set, otherwise native_pkce.
  • LINKEDIN_SCOPES: defaults to r_dma_portability_self_serve
  • LINKEDIN_API_VERSION: defaults to 202312
  • LINKEDIN_RESTLI_PROTOCOL_VERSION: defaults to 2.0.0
  • LINKEDIN_TIMEOUT_SECONDS: defaults to 30
  • LINKEDIN_MAX_RETRIES: defaults to 3
  • LINKEDIN_OAUTH_TIMEOUT_SECONDS: defaults to 300
  • LINKEDIN_TOKEN_FILE: defaults to ~/.flin-linkedin-posts-mcp/tokens.json

Additional LinkedIn access may be required for engagement enrichment:

  • socialMetadata access for comment and reaction summaries
  • r_member_postAnalytics for member post impressions, reach, reactions, comments, and reshares

The MCP intentionally does not require LINKEDIN_ACCESS_TOKEN anymore. Tokens are created through the login tool.

LinkedIn Developer App Setup

  1. Create or open a LinkedIn Developer app.
  2. Add/obtain access to Member Data Portability API (Member).
  3. Make sure the app can request r_dma_portability_self_serve.
  4. For regular 3-legged OAuth, add an exact loopback redirect URL in the app's Auth tab, for example http://127.0.0.1:63141/callback.
  5. Set LINKEDIN_CLIENT_ID, LINKEDIN_CLIENT_SECRET, and LINKEDIN_REDIRECT_URI to the same redirect URL.
  6. For native PKCE only, ask LinkedIn to enable Native PKCE OAuth for the app, omit LINKEDIN_CLIENT_SECRET, and configure loopback redirect URIs as LinkedIn requires.

Claude Desktop Configuration

For a published package:

{
  "mcpServers": {
    "flin-linkedin-posts-mcp": {
      "command": "uvx",
      "args": ["--refresh", "flin-linkedin-posts-mcp@latest"],
      "env": {
        "LINKEDIN_CLIENT_ID": "<YOUR_LINKEDIN_CLIENT_ID>",
        "LINKEDIN_CLIENT_SECRET": "<YOUR_LINKEDIN_CLIENT_SECRET>",
        "LINKEDIN_REDIRECT_URI": "http://127.0.0.1:63141/callback",
        "LINKEDIN_SCOPES": "r_dma_portability_self_serve",
        "LINKEDIN_API_VERSION": "202312"
      }
    }
  }
}

For local development from this repository:

{
  "mcpServers": {
    "flin-linkedin-posts-mcp": {
      "command": "uv",
      "args": ["run", "flin-linkedin-posts-mcp"],
      "cwd": "/path/to/flin-linkedin-posts-mcp",
      "env": {
        "LINKEDIN_CLIENT_ID": "<YOUR_LINKEDIN_CLIENT_ID>",
        "LINKEDIN_CLIENT_SECRET": "<YOUR_LINKEDIN_CLIENT_SECRET>",
        "LINKEDIN_REDIRECT_URI": "http://127.0.0.1:63141/callback",
        "LINKEDIN_SCOPES": "r_dma_portability_self_serve",
        "LINKEDIN_API_VERSION": "202312"
      }
    }
  }
}

After adding the config, restart the MCP host and call:

  1. auth_status
  2. login
  3. list_snapshot_domains
  4. list_member_posts or analyze_member_posts
  5. match_drafts_to_member_posts if you want to compare draft text to published posts
  6. get_post_social_metadata, get_member_post_analytics, or enrich_member_posts_with_engagement if your LinkedIn app has the required engagement scopes

Local Development

python3 -m pip install -e '.[dev]'
pytest -q
ruff check .

Packaging

python3 -m build

The package entry point is:

flin-linkedin-posts-mcp

Troubleshooting

  • LINKEDIN_CLIENT_ID is required before running login: set LINKEDIN_CLIENT_ID in the MCP config.
  • Not enough permissions to access Native PKCE protocol: the LinkedIn app does not have Native PKCE enabled. Set LINKEDIN_CLIENT_SECRET and LINKEDIN_REDIRECT_URI to use regular 3-legged OAuth, or ask LinkedIn to enable Native PKCE for the app.
  • LINKEDIN_REDIRECT_URI is required when LINKEDIN_OAUTH_FLOW=authorization_code: add the same exact local callback URL to the LinkedIn app's Auth tab and to the MCP config.
  • 403 ACCESS_DENIED for partnerApiMemberSnapshotData: the LinkedIn Developer app/token likely does not have Member Data Portability API access or r_dma_portability_self_serve.
  • LinkedIn token has expired: run login again. If LinkedIn issued a refresh token, the MCP attempts a refresh automatically before requiring login.
  • Timed out waiting for LinkedIn OAuth callback: rerun login and complete the browser flow within LINKEDIN_OAUTH_TIMEOUT_SECONDS.
  • 403 ACCESS_DENIED on socialMetadata or memberCreatorPostAnalytics: the LinkedIn app/token does not have the extra engagement permissions needed for those tools.

Notes

  • The MCP reads only the authenticated member's own snapshot data.
  • It does not support arbitrary-author LinkedIn post lookup.
  • MEMBER_SHARE_INFO is snapshot/export-style data, so field names can vary. The normalizer is intentionally tolerant and keeps include_raw=true available for debugging.
  • LinkedIn's portability data for Shares is documented around fields like date, link, commentary, media URL, and visibility. Likes, comments, and impressions are exposed only if they appear in the snapshot payload returned for that member.
  • Saved LinkedIn drafts are not exposed as a documented portability snapshot domain here. match_drafts_to_member_posts compares draft texts you already have against published posts; it does not fetch drafts from LinkedIn.
  • analyze_member_posts can return very large payloads when include_posts=true. Use post_limit to cap the embedded posts list, or set include_posts=false when you only need aggregate metrics.
  • enrich_member_posts_with_engagement keeps export discovery and engagement lookup separate. It fetches exported posts first, derives post URNs, then merges in socialMetadata and analytics where available.
  • Bulk enrichment is intentionally bounded. Use limit to keep the number of analytics calls under control and expect per-post engagement_errors when a URN cannot be derived or LinkedIn denies a lookup.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

flin_linkedin_posts_mcp-0.2.5.tar.gz (31.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

flin_linkedin_posts_mcp-0.2.5-py3-none-any.whl (25.2 kB view details)

Uploaded Python 3

File details

Details for the file flin_linkedin_posts_mcp-0.2.5.tar.gz.

File metadata

  • Download URL: flin_linkedin_posts_mcp-0.2.5.tar.gz
  • Upload date:
  • Size: 31.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for flin_linkedin_posts_mcp-0.2.5.tar.gz
Algorithm Hash digest
SHA256 74aede1e2317d8bd75e34952c5bbfde9f4eda445fd11d7988d9a61410d2d9b67
MD5 267508b7c60649b48075fb7e7ddd65c9
BLAKE2b-256 db18933baea0cae7f1557a5b9b41d0c5af04ac601993ef3f50fd3e95655b7e46

See more details on using hashes here.

Provenance

The following attestation bundles were made for flin_linkedin_posts_mcp-0.2.5.tar.gz:

Publisher: release.yml on flin-agency/flin-linkedin-posts-mcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file flin_linkedin_posts_mcp-0.2.5-py3-none-any.whl.

File metadata

File hashes

Hashes for flin_linkedin_posts_mcp-0.2.5-py3-none-any.whl
Algorithm Hash digest
SHA256 a5659fcd7ae1c4a771ee74068842e1d69581b9098b67922019f4a3c899177082
MD5 a858635e5062ab94b127b5dc08a21105
BLAKE2b-256 94f3d701d07cb4da1d88ea2a18aec9e05fec896746d771967eee053ac5fcc1ae

See more details on using hashes here.

Provenance

The following attestation bundles were made for flin_linkedin_posts_mcp-0.2.5-py3-none-any.whl:

Publisher: release.yml on flin-agency/flin-linkedin-posts-mcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page