System Information
- Strapi Version: v4.20.0
- Operating System: Windows 11
- Database: better-sqlite3 9.4.0
- Node Version: v20.9.0
- NPM Version: 10.2.3
-** Frontend: Next.js 14
I am trying to add Sign in with Linkedin as the provider. I’ve set everything up on the Linkedin App and on Strapi Admin.
Currently available products on linkedin side are:
Sign In with LinkedIn v2 (custom OAUTH)
Sign In with LinkedIn using OpenID Connect
These are the available scopes:
When following instructions from Users & Permissions | Strapi Documentation everything is fine until i get to this step:
- Create a frontend route like
FRONTEND_URL/connect/${provider}/redirect
that have to handle theaccess_token
param and that have to requestSTRAPI_BACKEND_URL/api/auth/${provider}/callback
with theaccess_token
parameter.
The JSON request response will be{ "jwt": "...", "user": {...} }
.
I’ve created the route, but when I call this endpoint I get an error 403 Unauthorized.
I did some digging around, and when I console.log out the response from node_modules/@strapi/plugin-users-permissions/server/controllers/auth.js I get an error response
from Strapi backend when trying to issue jwt via provider:
_header: 'GET /v2/me HTTP/1.1\r\n' +
'authorization: Bearer AQXsmFcnxNJ3EUR8bgZpkkt23nx3Nuv8QEESTSfmMdeuMiq_PNcGFVHNi5BWQXcubVos8s8MW7-B2at0ZQbb8FIIHS8kC-TpPBUoPvjryI59FuhOmDOjkt7QQLyRod02hRwMQUzGKyrKyBycTXlrx7h9hRBsDAp8Ot1zGGv1ND4vdLYlE_hc3fVngZ8TNE-9BWXKlRjUm3vDAeL58tyT_gxFK5Rh8hdsdoLyFqkDJcBo5kXuztq7ADm8WgeYB2uhTMXWyTnYxg_oqwu8KbxEY5siwszPzyLzfSvjKjHV1JRpvba9cCig7dPBGsjKT3B5kPTI85bUwjCNNhin1viJ3QJwljGTD3o9A\r\n' +
'Host: api.linkedin.com\r\n' +
'Connection: keep-alive\r\n' +
'\r\n',
_keepAliveTimeout: 0,
_onPendingData: [Function: nop],
agent: [Agent],
socketPath: undefined,
timeout: 5000,
method: 'GET',
maxHeaderSize: undefined,
insecureHTTPParser: undefined,
joinDuplicateHeaders: undefined,
path: '/v2/me',
_ended: true,
res: [Circular *1],
aborted: false,
timeoutCb: null,
upgradeOrConnect: false,
parser: null,
maxHeadersCount: null,
reusedSocket: false,
host: 'api.linkedin.com',
protocol: 'https:',
id: '45d490a0260a5fb66535f6088574b88181a17387',
[Symbol(kCapture)]: false,
[Symbol(kBytesWritten)]: 0,
[Symbol(kNeedDrain)]: false,
[Symbol(corked)]: 0,
[Symbol(kOutHeaders)]: [Object: null prototype],
[Symbol(errored)]: null,
[Symbol(kHighWaterMark)]: 16384,
[Symbol(kRejectNonStandardBodyWrites)]: false,
[Symbol(kUniqueHeaders)]: null
},
id: '45d490a0260a5fb66535f6088574b88181a17387',
[Symbol(kCapture)]: false,
[Symbol(kHeaders)]: {
'x-li-responseorigin': 'RGW',
'x-restli-gateway-error': 'true',
'content-type': 'application/json',
'content-length': '91',
date: 'Fri, 09 Feb 2024 10:07:10 GMT',
'x-li-fabric': 'prod-ltx1',
connection: 'keep-alive',
'x-li-source-fabric': 'prod-lva1',
'x-li-pop': 'prod-lva1-x',
'x-li-proto': 'http/1.1',
'x-li-uuid': 'AAYQ5CdfMnNdfqMNR4lKFw==',
'set-cookie': [Array],
'x-li-route-key': '"b=TB81:s=T:r=T:a=T:p=T:g=3396:u=5:x=1:i=1707473230:t=1707500164:v=2:sig=AQEC7ZXNcI9P_j9nxxx7tekU-Dqkg7B5"'
},
[Symbol(kHeadersCount)]: 28,
[Symbol(kTrailers)]: null,
[Symbol(kTrailersCount)]: 0
},
body: {
serviceErrorCode: 100,
message: 'Not enough permissions to access: GET /me',
status: 403
},
raw: '{"serviceErrorCode":100,"message":"Not enough permissions to access: GET /me","status":403}'
}
According to this error and Profile API - LinkedIn | Microsoft Learn seems like Strapi is calling linkedin /v2/me endpoint which requires r_liteprofile, r_basicprofile, r_compliance, while Linkedin now is using /v2/userinfo and these scopes: openid, profile, email, and that’s why I’m getting this error.
Did anyone encounter this, or I’m doing something wrong?
Would appreciate any help or advice. Thanks.