The LinkedIn login is deprecated; updating to the new scopes is necessary!

Help
,
1

Hello,
As of today, with new LinkedIn apps, it’s not possible to use Auth0. The scopes have not been updated to the new version yet.

Currently, the scopes have these names:

image
image799×442 31.3 KB

But previously, they had these names:
image

The app generates the following URL:

…linkedin…/oauth/v2/authorization?login_hint=&prompt=login&response_type=code&redirect_uri=https%3A%2F%xxxx.eu.auth0.com%2Flogin%2Fcallback&scope=r_liteprofile&state=xxxx&client_id=xxxxx

Which should actually be:

linkedin…/oauth/v2/authorization?login_hint=&prompt=login&response_type=code&redirect_uri=https%3A%2F%xxxx.eu.auth0.com%2Flogin%2Fcallback&scope=profile&state=xxxx&client_id=xxxxx

This is my theory, but at least it makes sense to me.

Or perhaps there is another way to modify the scopes before they are sent to LinkedIn.

Cheers.

Ref: get user's LinkedIn experiences using Auth0 - missing permission r_basicprofile - Stack Overflow

3 Likes
4

Hey there @nelson2 !

Thanks for bringing this to our attention here :slight_smile: This is a known issue which is actively being worked on by engineering. I do not have an update as to when it will be resolved, but will certainly share any further info here when I have a better idea myself.

Thanks for your patience and understanding!

5

Hello @tyf ,

Thank you for your response. Within the company I am working for (related to human resources) and among our clients, I had proposed the use of Auth0 with LinkedIn, as we were already using Google login and it was working quite well.

Next week, I was supposed to give a presentation to the engineering department about the benefits of fully transitioning to Auth0. We were planning to get in touch with Felipe Rivarola from the sales department.

Is there a possibility that you could provide us with a ballpark estimate of how long it might take to resolve? 1 month? 3 months? 1 year?

I need to justify why we should either wait or start looking for an alternative solution from scratch.

Cheers.
Nelson.

2 Likes
6

Hey there @nelson2, totally understandable! I’m still waiting for confirmation of a timeframe from engineering - In the meantime there is a workaround to get social login with LinkedIn working if you are interested:

Basically, you can create a custom social connection configured to use LinkedIn.

  1. Create the custom social connection. Use the following values:

Image_2023-08-16_07-28-11
Image_2023-08-16_07-28-111996×1402 165 KB

  1. Add the following code to Fetch User Profile Sript:
function(accessToken, ctx, cb) {
  
  request.get('https://api.linkedin.com/v2/userinfo', {
  	headers: {
    'Authorization': 'Bearer ' + accessToken,
      },
      json: true
  
   }, function(e, r, profile) {
      if (e) return cb(e);
      if (r.statusCode !== 200) return cb(new Error('StatusCode: ' + r.statusCode));
      profile.user_id = profile.sub;
      cb(null, profile);
    });
}

That should do the trick!

1 Like
7

Hello @tyf ,

Discussing this response during the morning meeting, we prefer to wait until mid-September to see if is fixed.

We have a customer database that we now need to enable to log in with LinkedIn. Currently, they log in using Google and with a username and password. We need to consolidate everything using LinkedIn.

Since we need to migrate users only once and avoid any issues in case we have to migrate again when LinkedIn is back up and running.

I will return to this thread in 1 month, hopefully, it will be resolved by then!

Thank you very much!

8

Hey @nelson2 no problem, happy to help and thanks for the update!

9

Add me as another paying user who expected this to be working when I paid for Auth0. Not cool!

2 Likes
10

Hey @adam23 !

I apologize for the inconvenience and understand your frustration. This is actively being worked on, and we hope to have an update soon!

11

Thanks for the quick response @tyf . See below:

Screenshot 2023-08-31 at 1.56.26 PM
Screenshot 2023-08-31 at 1.56.26 PM1632×828 33 KB

These seem to be the only scopes LinkedIn is currently making available. I’m trying to get the LinkedIn vanityName which the docs show to be under the ‘r_liteprofile’ scope. How will we get access to that?

12

Hello @adam23

The “r_liteprofile” scopes are already deprecated as Microsoft (LinkedIn) began using OpenId Connect, which only has those 3 scopes shown in the image.

Sign In with LinkedIn using OpenID Connect - LinkedIn | Microsoft Learn - they made this change effective since August 1, 2023.

From Laravel and its socialite package, next auth, and many other libraries, the migration is being done.

I’m also at a standstill.

Hoping for a prompt resolution as I don’t want to implement any patch solutions since we don’t want this to impact the clients.

I just hope that this issue will be resolved by September.

1 Like
13

The new signup process for the Linkedin App only supports Open ID Connect, which prevents us from using the r_liteprofile scope for accessing other APIs such as the Profile API. Does anyone know how to resolve this issue

14

Hello @tyf ,

Is there any approximate ETA? Any time frame reference for when this could be resolved?
End of September? October? November?

I understand that this takes time and it’s not an instant fix, but it would be helpful if we could have a somewhat more concrete date for when it might be resolved.

In my particular case, I need a date to be able to plan around something I said was possible, but this issue just came up unexpectedly. :expressionless:

Thank you!

2 Likes
15

Hey @nelson2 thanks for following up!

The fix looks to be in a current sprint so assuming all goes as planned I would estimate no later than October, but hopefully sooner :crossed_fingers:

1 Like
16

Your sprints are longer than a week…?

The below is emphatically feedback not criticism.

I’m trialing this specific service out for my company (4k users) using a personal side project and am rather concerned straight out of the gate after reading this thread and some others. The quality of support within the threads is good to excellent however the siloing of the information which reflects no action and fact that the service is actually broken is where things go downhill. Fast.

Feedback and internal process points you may want to run a lessons learned on:

  • Your portal documentation reflects none of this information.
  • The dashboard again reflects none of this information. I was able to set up a connection and at no point got a “hey…” message.
  • You have multiple unanswered community questions on this same point indicating customers are both flailing around and more egregiously struggling with, and wasting their time on a known issue.

Further. The API migration by LinkedIn was neither sudden nor poorly communicated so now, for me and thusly my further management during review, there’s an open and hard question as to:

  • the fragility of what is a critical path element for any of our services, products, and platforms.
  • the quality of the integration, communication, and observation between Auth0 and these other endpoints/businesses.

Summed up, over the course of a full day I went from confident (as a prior and happy customer) to frustrated to wildly disappointed.

3 Likes
17

Agree with this. I was 100% sold on Auth0 but claiming you have a working integration that just doesn’t work and not notifying users about it is something I’d expect from a startup, not a multi billion dollar company. This needs to be fixed ASAP, October is still a month away.

3 Likes
18

From a technical standpoint, I don’t believe it’s trivial to adapt to a new technology like OpenID while simultaneously maintaining legacy versions. I think that’s a significant issue and likely a reason for the delay.

I can understand that.

The BIG problem is that they aren’t communicating anything and seem to think that silence is the best strategy. Technical issues can be understood, but maintaining silence makes everything very ambiguous, and in software development that relies on external APIs, communication is essential.

But clearly, these are decisions made by managers who lack experience in development and don’t realize these things.

2 Likes
19

Hello @tyf , how are you?

It’s been almost 2 months since the error was originally posted.
Any updates?

Cheers.

1 Like
20

Hi @nelson2
Assuming this fix will take much more time from their end it’s a huge blocker because literally sign-in is the first thing people do and currently products have to be disabled and enabled via LinkedIn, it would cost so much.
I looked into this thread and deviated from using auth0 (we actually started building our product)

We are exploring Oauth, have you gotten a chance to look into it?
Seems like Linkedin has restricted the response of their api to being very very limited, to a point it might not be worth using

see their login user info response

{“sub”:“”,“email_verified”:true,“name”:“”,“locale”:{“country”:“US”,“language”:“en”},“given_name":“”,“family_name”:“”,“email”:"@gmail.com”}

I don’t see in detailed user info being available, we are at a point where i might not be worth logging them via LinkedIn, not sure what “sub” in the response does. The point is logging with Google might be enough.

Let me know if anyone else read the docs and got a better idea.

21

@tyf, is there any update on this issue? I’m trying to create a Azure B2C LinkedIn sign in, but the same issue occured there…

22

Hi @bjorn
Same question to you as above, did you get a chance to try it out?