LinkedIn OAuth 2.0 Configuration Guide


We're Moving ... Again

Yes, the Identity Cloud documentation is once more on the move. And this time we're headed to two different locations:

As for the Education Center, well, the Center itself will disappear on July 23rd. We apologize for any inconvenience, but we look forward to becoming a full-fledged member of the Akamai family.
 

LinkedIn is a business- and career-oriented social networking site with over 500 million registered users.
 

   

Important

If you have accessed the LinkedIn Developers center any time since December 11, 2018 then you’ve probably seen the following message:

This is extremely important for anyone using LinkedIn as a social login identity provider (IDP): starting March 1, 2019, any LinkedIn social login apps  not using OAuth 2.0 authentication) will no longer function. 

Note. There might be a few exceptions based on when the app was created and when (if) it made a successful API call. See LinkedIn’s API Migration FAQ (https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/migration-faq?context=linkedin/consumer/context) for more information.

Previously-created apps may (or may not) continue to work for a short amount of time. However, as your users’ access tokens begin to expire, or if your app requests user profile information no longer available to third-party developers, that app will fail and users will not be able to log on to your app or website by using their LinkedIn account.

If you currently have a LinkedIn app that's used for social login then you must migrate that app to OAuth 2.0; if you create and deploy a brand-new LinkedIn app then you run the risk of breaking any existing LinkedIn logins. If you are new to LinkedIn social login, then follow the instructions for creating a new, OAuth 2.0-compatibile app.
 

Before You Begin

To use LinkedIn for social login you must:

  1. Obtain a LinkedIn developer account from https://www.linkedin.com/developer.
  2. Do one of the following:
    • Open a previously-created LinkedIn application, and copy the client ID and client secret.
    • Create a new LinkedIn application and copy the client ID and client secret.
  3. Use the Social Login Dashboard and the LinkedIn client ID and client secret to configure LinkedIn as a social login provider.

In This Configuration Guide


Migrating an Existing LinkedIn App to OAuth 2.0

If you already have a LinkedIn app that you have been using for social login, you can continue to use that app with LinkedIn OAuth 2.0. That’s the good news. The even better news? Migrating your existing app to OAuth 2.0 involves making just one minor modification to that existing app. 

Important. This configuration guide assumes that you are using the Social Login Dashboard and the JavaScript SDK (widget) to configure social login providers. If this is not the case you will need to update the janrain.settings.providers setting to use linkedin-oauth2 instead of linkedin. For example:

janrain.settings.providers = ['google','facebook','linkedin-oauth2'];

To migrate an existing LinkedIn app, first follow the instructions detailed in the section Using an Existing LinkedIn Application for Social Login; to do, this use the existing app (along with its client ID and client secret) to configure LinkedIn OAuth 2.0. Along the way, be sure to note the new LinkedIn redirect URI:

That URI (for example, https://gms.rpxstaging.com/linkedin-oauth2/callback) must be added to your existing LinkedIn app in order to make that app OAuth 2.0-compliant.

After LinkedIn OAuth 2.0 has been configured, update your existing app by completing the following process.

  1. Log on to the LinkedIn Developers center (https://www.linkedin.com/developers/) and then, from your Developers center home page, click Go to my apps:
  2. On the My apps page, click the app you have been using for Social Login:
  3. On the home page for your app, click Auth:
  4. Scroll to the bottom of the page, then click the Edit icon (the icon that looks like a pencil). This icon is located to the right of the Redirect URLs heading:
  5. Click Add redirect URL:
  6. Enter your LinkedIn OAuth 2.0 redirect URL in the Redirect URLs field and then click Update:
    Note that you do not need to delete your previous LinkedIn redirect URL. In fact, it is recommended that you keep both the old and new redirect URLs in order to prevent disruptions in service to existing logins.
     
  7. Log off from the LinkedIn Developers center.

LinkedIn OAuth 2 should now be ready to process social logins.
 


Creating a LinkedIn OAuth 2.0 App

This section walks you through the process of creating a LinkedIn OAuth 2.0 application for social login. If you have already have an application, see the Using an Existing LinkedIn Application for Social Login section of this documentation.

To create a LinkedIn app that uses OAuth 2.0 authentication, complete the following procedure:

  1. Log on to the LinkedIn Developers center (https://www.linkedin.com/developers/):
  2. From your Developers center home page, click Create app:
  3. On the Create an app page, in the App information section, complete the fields for such things as the name of your new app, the name of your company, etc.:
    Note that, when completing this section, you must upload a logo; this logo is displayed as part of the social login process. The logo can be either a .PNG or a .JPG file, and must be stored locally: you cannot specify a logo by providing a URL to an image file. Your logo should be relatively small (for example, 80 pixels by 80 pixels). However, LinkedIn will shrink your logo as best it can to fit the available space.
     
  4. Expand the Products section, and verify that Sign In with LinkedIn is listed as one of your products:
  5. Expand the Legal terms section, select I have read and agree to these terms (after reading and agreeing to the API Terms of Use, of course), and then click Create app:
  6. On the home page for your new app, click Auth:
  7. On the Auth page, in the Application Credentials section, copy your app’s Client ID:
    You might want to, at least temporarily, paste the copied client ID to a text file. The client ID, along with the client secret, will be required when you configure LinkedIn for social login.
     
  8. After copying the client ID, click the Reveal client secret icon (the blue eyeball icon) to display the client secret:
    Copy the client secret and paste it into the same text file where you stored the client ID. Note that you must display the client secret before copying and pasting it. If you don’t display the secret, then you’ll simply copy and paste a series of dots:

    ••••••••••••••••
     
  9. Scroll down to the OAuth 2.0 settings section and then click the pencil icon:
  10. Click + Add redirect URL:
  11. In the provided field, enter your LinkedIn redirect URL. The redirect URL will typically be your rpx domain (for example, https://gms.rpxstaging.com) followed by /linkedin-oauth2/callback . Click Update:
    If the OAuth 2.0 settings section looks similar to this, then you have finished configuring your LinkedIn app:
  12. Log off from the LinkedIn Developers center.
     


Using an Existing LinkedIn OAuth 2.0 App for Social Login

If you already have a LinkedIn OAuth 2.0 application that can be used for social login, complete the following steps to retrieve the application’s client ID and client secret:

  1. Log on to the LinkedIn Developers center (https://www.linkedin.com/developers).
  2. From your home page, click Go to my apps:

  1. Click the name of the app that you want to use for social login:
  2. On the home page for your app, click Auth:
  3. On the Auth page, click the blue Reveal client secret icon to display your client secret:
  4. Copy the Client ID and Client Secret, and then log off from the LinkedIn Developers center. You can paste the copied information to a text editor, then close the text editor after you have configured social login.
     


Configuring LinkedIn OAuth 2.0 as a Social Login Provider

To configure LinkedIn OAuth 2.0 as a social login provider, make sure you have your LinkedIn client ID and client secret, and then complete the following procedure:

  1. Log on to your Social Login Dashboard (https://dashboard.janrain.com).
  2. From the Dashboard home page, click the Manage Engage Dashboard icon.
  3. From the Engage Dashboard home page, in the Widgets and SDKs section, click Sign-Ins.
  4. From the Sign-in page, verify that Widget is selected and then expand Providers:
  5. From the list of Providers, click LinkedIn OAuth2:
  6. In the LinkedIn OAuth 2 dialog box, click Next until you reach the screen requesting the LinkedIn Client ID and Client Secret:

  1. Enter your LinkedIn client ID in the Client ID field, enter your LinkedIn client secret in the Client Secret field, click Save, and then click Close. LinkedIn appears in your social login widget:
  2. When you are finished, click Save. Note that it might take as long as one hour before LinkedIn appears as a social login option on your web site.
     


Testing LinkedIn OAuth 2.0 Social Login

To test LinkedIn OAuth 2.0 social login, complete the following procedure:

  1. Do one of the following:
     
    • If you have just published your widget settings, click the Test your widget link that appears after the widget has been saved.
    • If you previously published your widget settings then, from the Social Login Dashboard Sign-in page, click Launch a test widget.
       
  2. From the Test page, click the LinkedIn icon:

  1. In the sign-in window, logon using a valid LinkedIn account:
  2. In the authorization window, click Allow:
  3. If login succeeds, information returned from the LinkedIn profile is displayed in the API response preview field:

By default, your LinkedIn app returns information similar to the following:

{
  "stat": "ok",
  "profile": {
    "displayName": "Greg Stemp",
    "identifier": "http://www.linkedin.com/profile?viewProfile=V8aqgNeblH",
    "name": {
     "familyName": "Stemp",
      "formatted": "Greg Stemp",
      "givenName": "Greg"
    },
    "photo": "https://media.licdn.com/dms/image/C4D03AQH6A7Kn2GvEFA/profile-displayphoto-shrink_100_100/0?e=1555545600&v=beta&t=fZpjE-3gicIA3Qm8KrTS_0TD4iRUrYL2D_Eb8DrQ8F0",
    "preferredUsername": "Greg Stemp",
    "providerName": "LinkedIn",
    "providerSpecifier": "linkedin",
    "provider_id": "V8aqgNeblH",
    "url": "http://www.linkedin.com/in/gregstemp"
  },
    "accessCredentials": {
    "accessToken": "AQXyfAEGXMVVHf4Sl8nx3oTfnKEyTdTxuM5jS8tEKeXv8b8mnEPL2pmgbHJzsV62asRGuvncQqLmHwAy2lkpYMPa8Z6lvX5rWpJPcf0UryROjS-qOjsgtWNpq9Z78OZ_jRsAmyySqPA7K5fnQjSuuXbx1gF6AA6NgiXPyv28Tas2TQ2PvNsvXqT0YuoPIChT7iVrOQQm506__RfO-BC-hS9GD8ynz-hUuEz1rMIhAo-iB-ZOgqPVWhDke0GVsiR_PC-ZsnZ_7N5S6Mh_WJCbp8o4Q23NOxIuTT2XV1cKzampF_7zlt671_yZbLuJe2pf6fAUzaOIFuhklvNyjiOyT0Q9vM0Alg",
    "clientId": "865tmbm2k9clrg",
    "expires": 1555105404,
    "type": "linkedin-oauth2",
    "uid": "V8aqgNeblH"
   }
}

   


Returning the User's Email Address

LinkedIn’s OAuth 2.0 default response includes only a handful of fields taken from the user’s LinkedIn profile; those fields include the following Akamai Identity Cloud attributes:

  • displayName
  • familyName
  • givenName
  • photo
  • url

One useful piece of information missing from the default response is the user’s email address; if you want to retrieve the user’s email address you’ll need to complete the following procedure:

  1. From the Social Login Dashboard home page, click the Manage Providers icon:

  1. From the Configure Providers page, click LinkedIn OAuth2. Information that can be returned from LinkedIn is displayed:
  2. Click Email Address to enable you to return the user’s email address:


Assigning a Different LinkedIn OAuth 2.0 App for Social Login

If you want to use a different LinkedIn OAuth 2.0 app or if you need to change your existing app, you must update the LinkedIn provider configuration settings. To do that, complete the following procedure:

  1. From the Engage Dashboard home page, click the Manage Providers icon:

  1. From the Configure Providers page, click LinkedIn OAuth2.
  2. Click the green Configured button to display the LinkedIn OAuth2 is currently enabled dialog box:

  1. To change the LinkedIn configuration, click Modify These Settings.
  2. In the LinkedIn dialog box, change the Client ID and/or Client Secret as needed, and then click Save:

Although you can modify your LinkedIn settings, you cannot delete those settings. If you delete the settings and then try to save your changes, you’ll see the following error:

This means that you cannot “unconfigure” the provider: once configured, the LinkedIn icon will always be shown as green (i.e., configured) in the Social Login Dashboard.
 


Removing LinkedIn OAuth 2.0 as a Social Login Provider

If you no longer want to use LinkedIn OAuth 2.0 for social login, you can remove the provider by completing the following procedure:

  1. Log on to your Social Login Dashboard (https://dashboard.janrain.com).
  2. From the Dashboard home page, click the Manage Engage Dashboard icon.
  3. From the Engage Dashboard home page, in the Widgets and SDKs section, click Sign-Ins.
  4. From the Sign-in page, verify that Widget is selected and then expand Providers.
  5. In the widget, click the X in the upper right corner of the LinkedIn icon.
  6. Scroll to the bottom of the page, select Save and Publish, and then click Publish. LinkedIn no longer appears in the sign-on widget.
Note. You must always have at least one social login provider in the widget. If you delete all the providers and then click Publish, you’ll see the error message Couldn’t save configuration: No providers.