The LinkedIn login is deprecated; updating to the new scopes is necessary!

nelson2 · August 15, 2023, 7:44pm

Hello,
As of today, with new LinkedIn apps, it’s not possible to use Auth0. The scopes have not been updated to the new version yet.

Currently, the scopes have these names:

But previously, they had these names:

The app generates the following URL:

…linkedin…/oauth/v2/authorization?login_hint=&prompt=login&response_type=code&redirect_uri=https%3A%2F%xxxx.eu.auth0.com%2Flogin%2Fcallback&scope=r_liteprofile&state=xxxx&client_id=xxxxx

Which should actually be:

linkedin…/oauth/v2/authorization?login_hint=&prompt=login&response_type=code&redirect_uri=https%3A%2F%xxxx.eu.auth0.com%2Flogin%2Fcallback&scope=profile&state=xxxx&client_id=xxxxx

This is my theory, but at least it makes sense to me.

Or perhaps there is another way to modify the scopes before they are sent to LinkedIn.

Cheers.

Ref: get user's LinkedIn experiences using Auth0 - missing permission r_basicprofile - Stack Overflow

tyf · August 15, 2023, 9:25pm

Hey there @nelson2 !

Thanks for bringing this to our attention here This is a known issue which is actively being worked on by engineering. I do not have an update as to when it will be resolved, but will certainly share any further info here when I have a better idea myself.

Thanks for your patience and understanding!

nelson2 · August 16, 2023, 9:10am

Hello @tyf ,

Thank you for your response. Within the company I am working for (related to human resources) and among our clients, I had proposed the use of Auth0 with LinkedIn, as we were already using Google login and it was working quite well.

Next week, I was supposed to give a presentation to the engineering department about the benefits of fully transitioning to Auth0. We were planning to get in touch with Felipe Rivarola from the sales department.

Is there a possibility that you could provide us with a ballpark estimate of how long it might take to resolve? 1 month? 3 months? 1 year?

I need to justify why we should either wait or start looking for an alternative solution from scratch.

Cheers.
Nelson.

tyf · August 16, 2023, 11:03pm

Hey there @nelson2, totally understandable! I’m still waiting for confirmation of a timeframe from engineering - In the meantime there is a workaround to get social login with LinkedIn working if you are interested:

Basically, you can create a custom social connection configured to use LinkedIn.

Create the custom social connection. Use the following values:

Add the following code to Fetch User Profile Sript:

function(accessToken, ctx, cb) {
  
  request.get('https://api.linkedin.com/v2/userinfo', {
  	headers: {
    'Authorization': 'Bearer ' + accessToken,
      },
      json: true
  
   }, function(e, r, profile) {
      if (e) return cb(e);
      if (r.statusCode !== 200) return cb(new Error('StatusCode: ' + r.statusCode));
      profile.user_id = profile.sub;
      cb(null, profile);
    });
}

That should do the trick!

nelson2 · August 17, 2023, 9:58am

Hello @tyf ,

Discussing this response during the morning meeting, we prefer to wait until mid-September to see if is fixed.

We have a customer database that we now need to enable to log in with LinkedIn. Currently, they log in using Google and with a username and password. We need to consolidate everything using LinkedIn.

Since we need to migrate users only once and avoid any issues in case we have to migrate again when LinkedIn is back up and running.

I will return to this thread in 1 month, hopefully, it will be resolved by then!

Thank you very much!

tyf · August 17, 2023, 10:08pm

Hey @nelson2 no problem, happy to help and thanks for the update!

adam23 · August 31, 2023, 5:39pm

Add me as another paying user who expected this to be working when I paid for Auth0. Not cool!

tyf · August 31, 2023, 5:42pm

Hey @adam23 !

I apologize for the inconvenience and understand your frustration. This is actively being worked on, and we hope to have an update soon!

adam23 · August 31, 2023, 5:58pm

Thanks for the quick response @tyf . See below:

These seem to be the only scopes LinkedIn is currently making available. I’m trying to get the LinkedIn vanityName which the docs show to be under the ‘r_liteprofile’ scope. How will we get access to that?

nelson2 · August 31, 2023, 6:31pm

Hello @adam23

The “r_liteprofile” scopes are already deprecated as Microsoft (LinkedIn) began using OpenId Connect, which only has those 3 scopes shown in the image.

Sign In with LinkedIn using OpenID Connect - LinkedIn | Microsoft Learn - they made this change effective since August 1, 2023.

From Laravel and its socialite package, next auth, and many other libraries, the migration is being done.

I’m also at a standstill.

Hoping for a prompt resolution as I don’t want to implement any patch solutions since we don’t want this to impact the clients.

I just hope that this issue will be resolved by September.

terrylinooo · September 7, 2023, 2:20am

The new signup process for the Linkedin App only supports Open ID Connect, which prevents us from using the r_liteprofile scope for accessing other APIs such as the Profile API. Does anyone know how to resolve this issue

nelson2 · September 11, 2023, 7:09pm

Hello @tyf ,

Is there any approximate ETA? Any time frame reference for when this could be resolved?
End of September? October? November?

I understand that this takes time and it’s not an instant fix, but it would be helpful if we could have a somewhat more concrete date for when it might be resolved.

In my particular case, I need a date to be able to plan around something I said was possible, but this issue just came up unexpectedly.

Thank you!

tyf · September 11, 2023, 7:44pm

Hey @nelson2 thanks for following up!

The fix looks to be in a current sprint so assuming all goes as planned I would estimate no later than October, but hopefully sooner

auth025 · September 14, 2023, 12:37am

Your sprints are longer than a week…?

The below is emphatically feedback not criticism.

I’m trialing this specific service out for my company (4k users) using a personal side project and am rather concerned straight out of the gate after reading this thread and some others. The quality of support within the threads is good to excellent however the siloing of the information which reflects no action and fact that the service is actually broken is where things go downhill. Fast.

Feedback and internal process points you may want to run a lessons learned on:

Your portal documentation reflects none of this information.
The dashboard again reflects none of this information. I was able to set up a connection and at no point got a “hey…” message.
You have multiple unanswered community questions on this same point indicating customers are both flailing around and more egregiously struggling with, and wasting their time on a known issue.

Further. The API migration by LinkedIn was neither sudden nor poorly communicated so now, for me and thusly my further management during review, there’s an open and hard question as to:

the fragility of what is a critical path element for any of our services, products, and platforms.
the quality of the integration, communication, and observation between Auth0 and these other endpoints/businesses.

Summed up, over the course of a full day I went from confident (as a prior and happy customer) to frustrated to wildly disappointed.

adam23 · September 14, 2023, 12:03pm

Agree with this. I was 100% sold on Auth0 but claiming you have a working integration that just doesn’t work and not notifying users about it is something I’d expect from a startup, not a multi billion dollar company. This needs to be fixed ASAP, October is still a month away.

nelson2 · September 14, 2023, 2:27pm

From a technical standpoint, I don’t believe it’s trivial to adapt to a new technology like OpenID while simultaneously maintaining legacy versions. I think that’s a significant issue and likely a reason for the delay.

I can understand that.

The BIG problem is that they aren’t communicating anything and seem to think that silence is the best strategy. Technical issues can be understood, but maintaining silence makes everything very ambiguous, and in software development that relies on external APIs, communication is essential.

But clearly, these are decisions made by managers who lack experience in development and don’t realize these things.

nelson2 · October 3, 2023, 12:28pm

Hello @tyf , how are you?

It’s been almost 2 months since the error was originally posted.
Any updates?

Cheers.

m2makamaestro · October 8, 2023, 5:36am

Hi @nelson2
Assuming this fix will take much more time from their end it’s a huge blocker because literally sign-in is the first thing people do and currently products have to be disabled and enabled via LinkedIn, it would cost so much.
I looked into this thread and deviated from using auth0 (we actually started building our product)

We are exploring Oauth, have you gotten a chance to look into it?
Seems like Linkedin has restricted the response of their api to being very very limited, to a point it might not be worth using

see their login user info response

{“sub”:“”,“email_verified”:true,“name”:“”,“locale”:{“country”:“US”,“language”:“en”},“given_name":“”,“family_name”:“”,“email”:"@gmail.com”}

I don’t see in detailed user info being available, we are at a point where i might not be worth logging them via LinkedIn, not sure what “sub” in the response does. The point is logging with Google might be enough.

Let me know if anyone else read the docs and got a better idea.

bjorn · October 9, 2023, 7:09am

@tyf, is there any update on this issue? I’m trying to create a Azure B2C LinkedIn sign in, but the same issue occured there…

m2makamaestro · October 9, 2023, 9:53am

Hi @bjorn
Same question to you as above, did you get a chance to try it out?