Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LinkedIn Connector - OAuth 2.0 Deprecated #3225

Open
3 tasks done
GeneMyslinsky opened this issue Dec 14, 2023 · 4 comments
Open
3 tasks done

LinkedIn Connector - OAuth 2.0 Deprecated #3225

GeneMyslinsky opened this issue Dec 14, 2023 · 4 comments

Comments

@GeneMyslinsky
Copy link

GeneMyslinsky commented Dec 14, 2023
edited

Preflight Checklist

  • I agree to follow the Code of Conduct that this project adheres to.
  • I have searched the issue tracker for an issue that matches the one I want to file, without success.
  • I am not looking for support or already pursued the available support channels without success.

Version

2.37.0

Storage Type

etcd

Installation Type

Official container image

Expected Behavior

Sign in using linkedin works

Actual Behavior

image
error=unauthorized_scope_error&error_description=Scope+%26quot%3Br_emailaddress%26quot%3B+is+not+authorized+for+your+application

Steps To Reproduce

  1. Create a NEW linkedin OIDC app
  2. configure dex with new client_id, secret.
  3. Try auth

Additional Information

Sign in with LinkedIn (OAuth2.0) has been deprecated as of Aug 2023. This is the only method supported by the dex connector.

Only LinkedIn apps created after Aug 2023 will be required to use the OIDC flow. While older apps will continue to work using the legacy flow. This probably necessitates a new connector.

Deprecation notice:
https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin

Supabase issue:
supabase/auth#1216

The newly supported scopes are:
- "openid"
- "profile"
- "email"

Configuration

No response

Logs

No response
@GeneMyslinsky GeneMyslinsky closed this as not planned Won't fix, can't repro, duplicate, stale Dec 17, 2023
@GeneMyslinsky GeneMyslinsky reopened this Dec 17, 2023
@ahmedabdelkafi1
Copy link

I encountered the following error: {'code': 400, 'msg': 'Unsupported provider: Provider linkedin_oidc could not be found'}. Is there a solution available?

@nabokihms
Copy link
Member

Since Linkedin is OIDC / OAuth2 compatible, can the generic connector be used?
@ahmedabdelkafi1 @GeneMyslinsky

@bradleybluebean
Copy link

The OIDC connector fails, apparently because the issuer is https://www.linkedin.com but the URL for openid-configuration is https://www.linkedin.com/oauth/.well-known/openid-configuration but dex looks for https://www.linkedin.com/.well-known/openid-configuration (which returns a 404)

@nabokihms
Copy link
Member

That's a bummer 😔 we can play around it by adding an option to the provider discovery overrides. It sounds like the sane way to play around such providers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bradleybluebean @nabokihms @GeneMyslinsky @ahmedabdelkafi1