LinkedIn Login Fails with Error "Scope "r_emailaddress" is not authorized for your application"

Knowledge Articles
, , ,
1

Last Updated: Nov 11, 2024

Overview

A LinkedIn connection is configured in a tenant. Attempting a login via this connection results in the following error being displayed:

Scope "r_emailaddress" is not authorized for your application

This article clarifies why this error occurs when attempting to log in via a LinkedIn social connection.

2.jpeg
2.jpeg1674×344 68.9 KB

Applies To

  • LinkedIn
  • Social connection

Cause

This error can occur when using “Sign In with LinkedIn using OpenID Connect” in the LinkedIn Developer Portal.

2.jpeg
2.jpeg1674×344 68.9 KB

The LinkedIn product has recently changed - "Sign In with LinkedIn " was deprecated and replaced with “Sign In with LinkedIn using OpenID Connect”. The essential differences between the two methods are as follows:

  • Sign In with LinkedIn using OpenID Connect.” does not add r_liteprofile and r_emailaddress listed under “OAuth 2.0 scopes” for the application. Instead, it adds openid, profile, email.
  • Auth0’s LinkedIn Social Connection requests r_liteprofile no matter how the connection is configured. (r_emailaddress is additionally requested if the “Email address” box is checked.)

The outcome is that it is not possible to configure a new LinkedIn connection using the deprecated method of “Sign In with LinkedIn”. However, existing applications/connections should continue to work.

Solution

Our Engineering team has a backlog item to update our LinkedIn connection to accommodate the new “Sign In with LinkedIn using OpenID Connect” product.

In the meantime, it is possible to configure a Custom Social Connection to work with the LinkedIn app.

  1. Login to the Auth0 dashboard as a tenant member ( Administrator )
  2. Navigate to Authentication > Social
  3. Click Create Connection button
  4. Scroll to the bottom of the page
  5. Click Create Custom
    3.jpeg
    3.jpeg2448×1254 182 KB
  6. Configure the application and include the following script to fetch the user profile:
function(accessToken, ctx, cb) {
  
  request.get('https://api.linkedin.com/v2/userinfo', {
      headers: {
          'Authorization': 'Bearer ' + accessToken,
      },
      json: true
  }, function(e, r, profile) {
      if (e) return cb(e);
      if (r.statusCode !== 200) return cb(new Error('StatusCode: ' + r.statusCode));
      profile.user_id = profile.sub;
      cb(null, profile);
    });
}