Linkedin Provider - Sign in Issue

Questions and Answers
1
System Information
  • Strapi Version: v4.20.0
  • Operating System: Windows 11
  • Database: better-sqlite3 9.4.0
  • Node Version: v20.9.0
  • NPM Version: 10.2.3
    -** Frontend: Next.js 14

I am trying to add Sign in with Linkedin as the provider. I’ve set everything up on the Linkedin App and on Strapi Admin.
Currently available products on linkedin side are:

Sign In with LinkedIn v2 (custom OAUTH)

Sign In with LinkedIn using OpenID Connect

These are the available scopes:

image
image969×490 20.1 KB

When following instructions from Users & Permissions | Strapi Documentation everything is fine until i get to this step:

  • Create a frontend route like FRONTEND_URL/connect/${provider}/redirect that have to handle the access_token param and that have to request STRAPI_BACKEND_URL/api/auth/${provider}/callback with the access_token parameter.
    The JSON request response will be { "jwt": "...", "user": {...} }.

I’ve created the route, but when I call this endpoint I get an error 403 Unauthorized.

I did some digging around, and when I console.log out the response from node_modules/@strapi/plugin-users-permissions/server/controllers/auth.js I get an error response
from Strapi backend when trying to issue jwt via provider:

_header: 'GET /v2/me HTTP/1.1\r\n' +
        'authorization: Bearer AQXsmFcnxNJ3EUR8bgZpkkt23nx3Nuv8QEESTSfmMdeuMiq_PNcGFVHNi5BWQXcubVos8s8MW7-B2at0ZQbb8FIIHS8kC-TpPBUoPvjryI59FuhOmDOjkt7QQLyRod02hRwMQUzGKyrKyBycTXlrx7h9hRBsDAp8Ot1zGGv1ND4vdLYlE_hc3fVngZ8TNE-9BWXKlRjUm3vDAeL58tyT_gxFK5Rh8hdsdoLyFqkDJcBo5kXuztq7ADm8WgeYB2uhTMXWyTnYxg_oqwu8KbxEY5siwszPzyLzfSvjKjHV1JRpvba9cCig7dPBGsjKT3B5kPTI85bUwjCNNhin1viJ3QJwljGTD3o9A\r\n' +
        'Host: api.linkedin.com\r\n' +
        'Connection: keep-alive\r\n' +
        '\r\n',
      _keepAliveTimeout: 0,
      _onPendingData: [Function: nop],
      agent: [Agent],
      socketPath: undefined,
      timeout: 5000,
      method: 'GET',
      maxHeaderSize: undefined,
      insecureHTTPParser: undefined,
      joinDuplicateHeaders: undefined,
      path: '/v2/me',
      _ended: true,
      res: [Circular *1],
      aborted: false,
      timeoutCb: null,
      upgradeOrConnect: false,
      parser: null,
      maxHeadersCount: null,
      reusedSocket: false,
      host: 'api.linkedin.com',
      protocol: 'https:',
      id: '45d490a0260a5fb66535f6088574b88181a17387',
      [Symbol(kCapture)]: false,
      [Symbol(kBytesWritten)]: 0,
      [Symbol(kNeedDrain)]: false,
      [Symbol(corked)]: 0,
      [Symbol(kOutHeaders)]: [Object: null prototype],
      [Symbol(errored)]: null,
      [Symbol(kHighWaterMark)]: 16384,
      [Symbol(kRejectNonStandardBodyWrites)]: false,
      [Symbol(kUniqueHeaders)]: null
    },
    id: '45d490a0260a5fb66535f6088574b88181a17387',
    [Symbol(kCapture)]: false,
    [Symbol(kHeaders)]: {
      'x-li-responseorigin': 'RGW',
      'x-restli-gateway-error': 'true',
      'content-type': 'application/json',
      'content-length': '91',
      date: 'Fri, 09 Feb 2024 10:07:10 GMT',
      'x-li-fabric': 'prod-ltx1',
      connection: 'keep-alive',
      'x-li-source-fabric': 'prod-lva1',
      'x-li-pop': 'prod-lva1-x',
      'x-li-proto': 'http/1.1',
      'x-li-uuid': 'AAYQ5CdfMnNdfqMNR4lKFw==',
      'set-cookie': [Array],
      'x-li-route-key': '"b=TB81:s=T:r=T:a=T:p=T:g=3396:u=5:x=1:i=1707473230:t=1707500164:v=2:sig=AQEC7ZXNcI9P_j9nxxx7tekU-Dqkg7B5"'        
    },
    [Symbol(kHeadersCount)]: 28,
    [Symbol(kTrailers)]: null,
    [Symbol(kTrailersCount)]: 0
  },
  body: {
    serviceErrorCode: 100,
    message: 'Not enough permissions to access: GET /me',
    status: 403
  },
  raw: '{"serviceErrorCode":100,"message":"Not enough permissions to access: GET /me","status":403}'
}

According to this error and Profile API - LinkedIn | Microsoft Learn seems like Strapi is calling linkedin /v2/me endpoint which requires r_liteprofile, r_basicprofile, r_compliance, while Linkedin now is using /v2/userinfo and these scopes: openid, profile, email, and that’s why I’m getting this error.

Did anyone encounter this, or I’m doing something wrong?

Would appreciate any help or advice. Thanks.

1 Like
2

similar issue. I followed these steps: Users & Permissions | Strapi Documentation

But if i click the Button “Signup with Linkedin”, I get the Error “Internal Server Error”. the console log of strapi is saying:
Error: Cannot send secure cookie over unencrypted connection
at Cookies.set (/opt/node_modules/cookies/index.js:94:11)
at ContextSession.save (/opt/node_modules/koa-session/lib/context.js:341:22)
at ContextSession.commit (/opt/node_modules/koa-session/lib/context.js:244:16)
at session (/opt/node_modules/koa-session/index.js:46:20)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async middleware (/opt/node_modules/@strapi/strapi/dist/services/metrics/middleware.js:20:5)

3

Did not encounter that problem.

This might help someone:
I’m using next.js on the frontend and next-auth for authentication, I solved this issue by using LinkedIn provider from next-auth that calls LinkedIn and gets data about the user from LinkedIn, if response is valid, I am then calling a custom endpoint in Strapi which I created that is handling user auth on Strapi side and issuing jwt which is then sent to next auth to login the user.

4

@stanojevicbojan @ulrichbenedikt I ran into the same issue and created this PR to support the new LinkedIn social login with openid:

$5

1 Like