Git Product home page Git Product logo

omniauth-linkedin-oauth2's Introduction

OmniAuth LinkedIn OAuth2 Strategy

A LinkedIn OAuth2 strategy for OmniAuth.

For more details, read the LinkedIn documentation: https://learn.microsoft.com/en-us/linkedin/shared/authentication/authentication

This version of Sign In with LinkedIn has been deprecated as of August 1, 2023. For all Sign In with LinkedIn implementations going forward, please refer to Sign In with LinkedIn using OpenID Connect.

Sign In with LinkedIn using OpenID Connect

LinkedIn is now offering a way for your apps to authenticate members using OpenID Connect (OIDC).

You should install the new gem 'omniauth-linkedin-openid' for this purpose. You can find it at jclusso/omniauth-linkedin-openid.

Installation

Add this gem to your application's Gemfile:

bundle add omniauth-linkedin-oauth2

Or install it yourself as:

$ gem install omniauth-linkedin-oauth2

Upgrading

This version is a major upgrade to the LinkedIn API version 2. As such, it switches from the soon to be no longer available r_basicprofile to r_liteprofile. This results in a much limited set of data that we can get from LinkedIn.

Previous versions of this gem used the provider name :linkedin_oauth2. In order to provide a cleaner upgrade path for users who were previously using the OAuth 1.0 omniauth adapter for LinkedIn [https://github.com/skorks/omniauth-linkedin], this has been renamed to just :linkedin.

Users who are upgrading from previous versions of this gem may need to update their Omniauth and/or Devise configurations to use the shorter provider name.

Usage

Register your application with LinkedIn to receive an API key: https://www.linkedin.com/developers/apps

This is an example that you might put into a Rails initializer at config/initializers/omniauth.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :linkedin, ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET']
end

You can now access the OmniAuth LinkedIn OAuth2 URL: /auth/linkedin.

Granting Member Permissions to Your Application

With the LinkedIn API, you have the ability to specify which permissions you want users to grant your application. For more details, read the LinkedIn documentation: https://developer.linkedin.com/docs/oauth2

By default, omniauth-linkedin-oauth2 requests the following permissions:

'r_liteprofile r_emailaddress'

You can configure the scope option:

provider :linkedin, ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'], :scope => 'r_liteprofile'

Profile Fields

When specifying which permissions you want to users to grant to your application, you will probably want to specify the array of fields that you want returned in the omniauth hash. The list of default fields is as follows:

['id', 'first-name', 'last-name', 'picture-url', 'email-address']

Here's an example of a possible configuration where the fields returned from the API are: id, first-name and last-name.

provider :linkedin, ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'], :fields => ['id', 'first-name', 'last-name']

To see a complete list of available fields, consult the LinkedIn documentation at: https://developer.linkedin.com/docs/fields

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request

omniauth-linkedin-oauth2's People

Contributors

benaubin avatar chussenot avatar claudioldf avatar decioferreira avatar dhamaniasad avatar gabrielgaraujo avatar gawin avatar heythisisnate avatar iainbeeston avatar j4rs avatar jrichardlai avatar kenips avatar loganhasson avatar od-c0d3r avatar ouranos avatar pjg avatar qnm avatar steveltn avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

omniauth-linkedin-oauth2's Issues

Failing to get /me

E, [2019-02-07T23:56:35.544889 #45219] ERROR -- omniauth: (linkedin) Authentication failure! invalid_credentials: OAuth2::Error, :
{"serviceErrorCode":100,"message":"Not enough permissions to access: GET /me","status":403}

Linkedin Unversioned API will be deprectaed by June 30

We got an email from linkedin that they will deprecate unversioned api by 30th June, 2023 and as per their docs following endpoints will be available

Unversioned

Screenshot 2023-05-19 at 7 30 31 PM

Versioned

Screenshot 2023-05-19 at 7 30 41 PM

Do we have any plans to upgrade this gem or do we have any alternate gem for versioned api. We are using following products in our application.
Screenshot 2023-05-19 at 7 31 50 PM

Create a new release to rubygems

Hi! Could you please release a new version of the gem including Fix the oauth 1.4 issuex commit (that seems to be merged to master already).

Get the original referer

I can't find a way to get the page URL from which the user clicked the linkedin button, is there an easy way to do it ?

Thanks !

LinkedIn error: "The token used in the request is expired"

I'm getting the following error when I'm using this gem.

OAuth2::Error at /auth/linkedin/callback
: { "errorCode": 0, "message": "The token used in the request is expired.", "requestId": "5LVAAP7YZ2", "status": 401, "timestamp": 1392084765723 }
file: client.rb location: request line: 110

So it actually looks like a problem with LinkedIn. I was seeing it intermittently, so I surmised it was a timing issue. Low and behold if I put a 10 second sleep in there it works every time.

  def raw_info
    @raw_info ||= begin
      sleep 10
      access_token.get("/v1/people/~:(#{options.fields.join(',')})?format=json").parsed
    end
  end

I'm wondering if anyone else has seen this behavior?

There was an unexpected problem that prevented us from completing your request.

I added the credentials and the provider into my Omniauth configuration and when I try to access '/auth/linkedin' I get redirected to the linkedin website with this message: There was an unexpected problem that prevented us from completing your request.

Here's my code for it:

OmniAuth.config.logger = Rails.logger

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'],
             :scope => 'user_about_me,email,publish_actions,user_location,publish_stream,offline_access,user_interests,user_likes,user_hometown,user_birthday',
             :display => 'popup',
             :auth_type => 'reauthenticate'

    provider :linkedin, ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'],
             :scope => 'r_fullprofile r_emailaddress'

    OmniAuth.config.on_failure = Proc.new { |env|
        OmniAuth::FailureEndpoint.new(env).redirect_to_failure
    }
end

I already setup my ENV variables inside development.rb and it works great for Facebook but I keep getting this error for LinkedIn.

Unauthorised scope r_liteprofile with linkedin oauth2

I am getting unauthorized_scope_error | Scope "r_liteprofile" is not authorized for your application very sporadically with linkedin oauth-2. This is very weird as there's no r_liteprofile in the linkedin developer's console. It only has basicprofile, r_emailaddress, rw_company_admin and w_share. Is this a pre-known issue ? Not getting any footprint online.
Linkedin is pushing the control to https://www.linkedin.com/oauth/v2/authorization?client_id=817pm189a9zxnp&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Flinkedin%2Fcallback&response_type=code&scope=r_basicprofile&state=cea1676704da0832326304c1da6ee80eabc79463da80ac1d which has r_liteprofile while on linkedin console I'm clearly only requesting r_basicprofile .

Invalid redirect_uri

Hi!
Since today, when I try to authenticate in LinkedIn, I get an error page from LinkedIn
with the following error:

Invalid redirect_uri. This value must match a URL registered with the API Key.

It seems that from now on the redirect_uri has to be sent also in the request, as specified here:

https://developer.linkedin.com/documents/authentication#oauth2-redirect-uri

Is this happening to anyone else? It's been working like a charm until this morning...
Thanks in advance.

Is there any way i can post message to my connections.

Im using this gem to authenticate Linkedin users.

Step 3. Make the API calls
https://developer.linkedin.com/documents/authentication
Im able to access my connections with this token
ttps://api.linkedin.com/v1/people/~?oauth2_access_token=AQXdSP_W41_UPs5ioT_t8HESyODB4FqbkJ8LrV_5mff4gPODzOYR

Is there any way i can post message to my connections.

This is small code

require "rest-client"
require 'json'
require 'multi_json'
require 'hashie'

def send_message(subject, body, recipient_paths)
path = "http://api.linkedin.com/v1/people/~/mailbox?oauth2_access_token=AQXdSP_W41_UPs5ioT_t8HESyODB4FqbkJ8LrV_5mff4gPODzOYR"

message = {
    'content_type' => "application/json",
    'subject' => subject,
    'body' => body,
    'recipients' => {
        'values' => recipient_paths.map do |profile_path|
        { 'person' => { '_path' => "/people/#{profile_path}" } }
        end
    }
}
puts message.to_json
RestClient.post(path, message.to_json, :accept => :json)

end

send_message("Welcome to mvi","Hi testing for new message", ["wEoHBvlFX0"])

HERE IS MY OUTPUT.
{"content_type":"application/json","subject":"Welcome to mvi","body":"Hi testing for new message","recipients":{"values":[{"person":{"_path":"/people/wEoHBvlFX0"}}]}}
/home/localadmin/.rvm/gems/ruby-1.9.3-p392/gems/rest-client-1.6.7/lib/restclient/abstract_response.rb:48:in `return!': 401 Unauthorized (RestClient::Unauthorized)

OmniAuth::AuthenticityError

Started POST "/auth/linkedin" for ::1 at 2021-05-25 18:08:07 +0530
D, [2021-05-25T18:08:07.525231 #36353] DEBUG -- omniauth: (linkedin) Request phase initiated.
W, [2021-05-25T18:08:07.525652 #36353] WARN -- omniauth: Attack prevented by OmniAuth::AuthenticityTokenProtection
E, [2021-05-25T18:08:07.525704 #36353] ERROR -- omniauth: (linkedin) Authentication failure! authenticity_error: OmniAuth::AuthenticityError, Forbidden
E, [2021-05-25T18:08:07.525806 #36353] ERROR -- omniauth: (linkedin) Authentication failure! Forbidden: OmniAuth::AuthenticityError, Forbidden

OmniAuth::AuthenticityError (Forbidden):

getting this error.

omniauth-oauth2 1.4 compatibility

Hi there,

we have error on the callback with the omniauth-oauth2 gem in version 1.4 so we lock it in our rails application.

$> Gemfile

 52 group :auth do
 53   gem 'devise',                   '~> 4.2'
 54   gem 'devise-i18n'               # Only yaml files
 55   gem 'omniauth',                 '~> 1.3'
 56   gem 'omniauth-facebook',        '~> 4.0'
 57   gem 'linkedin'
 58   gem 'omniauth-linkedin-oauth2', branch: 'master'
 59   gem 'omniauth-oauth',           '1.1'
 60   gem 'omniauth-oauth2',          '=1.2'
 61 end

$> config/initializers/devise.rb

264   config.omniauth :linkedin,
265     Gaston.providers.linkedin.api_key, Gaston.providers.linkedin.secret_key,
266     scope: 'r_emailaddress r_basicprofile'

With omniauth-oauth2 1.4 we have this error in application server logs

E, [2016-08-04T10:50:15.569508 #32664] ERROR -- omniauth: (linkedin) Authentication failure! invalid_credentials: OAuth2::Error, invalid_request: missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired
{"error_description":"missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired","error":"invalid_request"}

Missing something ?

Authenticating always shows "allow/deny" prompt for legacy linkedin app

I'm seeing the "Allow/Deny" prompt on the linkedin side, even when I have previously authenticated, and am currently logged into linkedin.

I notice this is happening only with an older linkedin app (4 years old?), and is NOT happening with a freshly created linkedin app.

I've seen similar issues with other oauth2 circles. Google, for example has an option to force the dialog prompt, as well as a way to pass a "allow_prompt=auto" param/value to bypass it if the user has previously authenticated and is logged in.

After looking at the linkedin api info, I haven't come across a param for this.

This issue is more so on Linkedin's side (not this gem), as I'm assuming our older linkedin app is maybe some sort of "legacy" app.

Has anyone dealt with this?

Secret is nil

I'm trying to upgrade an app to use v2 of LinkedIn's Api. I found this gem, which I hope should replace the omniauth-linkedin gem. I changed the provider method to something like:

provider :linkedin, 'key', 'secret', scope: 'r_liteprofile r_emailaddress w_member_social'

However, after going through the oauth connection process and trying to post as the user I get an error:

LinkedIn::Errors::UnauthorizedError ((401): [unauthorized]. The token used in the OAuth request is not valid.

I believe the cause of this issue is I never obtain a secret for the user, the oauth hash is incompete. After the user accepts connecting an account, the request.env['omniauth.auth'] hash looks something like:

#<OmniAuth::AuthHash credentials=#<OmniAuth::AuthHash expires=true expires_at=1555966761 token="verylongtoken"> extra=#<OmniAuth::AuthHash raw_info=#<OmniAuth::AuthHash firstName=#<OmniAuth::AuthHash localized=#<OmniAuth::AuthHash en_US="me"> preferredLocale=#<OmniAuth::AuthHash country="US" language="en">> id="id" lastName=#<OmniAuth::AuthHash localized=#<OmniAuth::AuthHash en_US="me"> preferredLocale=#<OmniAuth::AuthHash country="US" language="en">>>> info=#<OmniAuth::AuthHash::InfoHash email="[email protected]" first_name="me" last_name="me" picture_url=nil> provider="linkedin" uid="uid">

Notice that there is no secret.

I tried changing the requested permissions. I've looked at the app in LinkedIn and looks to be setup correctly. LinkedIn was working yesterday, but they must have forced v2 on the app today. I tried using different versions of omniauth-oauth2 gem. Please let me know if you have any suggestions. Thanks.

expires? and expires_at (expires_in) is not present in auth hash

While oauth2_access_token.expires_at and oauth2_access_token.expires_in have valid token expiration informations (here https://github.com/decioferreira/omniauth-linkedin-oauth2/blob/master/lib/omniauth/strategies/linkedin.rb#L49), I can't see expiration date in auth hash in omniauth. There is also expires marked as false in token part.

{"provider"=>"linkedin",
 "uid"=>"abcd",
 "info"=>
  {"name"=>"Šlukas McPrásk",
   "email"=>"[email protected]",
   "nickname"=>"Šlukas McPrásk",
   "first_name"=>"Šlukas",
   "last_name"=>"McPrásk",
   "location"=>{"country"=>{"code"=>"cz"}, "name"=>"Czech Republic"},
   "description"=>"deli clerk",
   "image"=>nil,
   "urls"=>
    {"public_profile"=>
      "url"}},
 "credentials"=>
  {"token"=>
    "token",
   "expires"=>false},
 "extra"=>
  {"raw_info"=>
    {"emailAddress"=>"[email protected]",
     "firstName"=>"Jimmy",
     "headline"=>"deli clerk",
     "id"=>"abcd",
     "industry"=>"Computer Software",
     "lastName"=>"McPrásk",
     "location"=>{"country"=>{"code"=>"cz"}, "name"=>"Czech Republic"},
     "publicProfileUrl"=>
      "http://www.linkedin.com/pub/url"}}}

release version that supports omniauth-oauth2 v1.5

Hi.

Since google is retiring Google+ APIs on March 7, 2019, some users need to upgrade omniauth-google-oauth2 gem to v0.5.4 or higher (v0.6.0). Problem is that Google's gem depends on omniauth-oauth2 to be v1.5 or higher. I'm aware of the problem v1.4 caused and a lot of people have set it to v1.3.1 to get around callback_url problem. Now that Google is making changes, this problem needs to be addressed (I believe it has been addressed in the master branch) and new release is needed.

state param

Having an issue implementing this gem for OAuth2 authentication. I've been getting errors when redirecting to LinkedIn's auth site. Upon investigating further, it seems that the state param is required[1] to be present in the URL.

I've gone through the source of this gem and see no reference to state. Using this PR #6 fixes the problem (when I pass in the state), but I'm confused about the implementation of it. The wording of it makes it seem like state is optional, but it says that it is required in LinkedIn's documentation. Am I missing something? How is this gem working for anybody in its current implementation?

Thanks!

[1]http://developer.linkedin.com/documents/authentication

Does the gem return the refresh token when a token is expired?

@decioferreira The gem doesn't seem to return the refresh token, which I believe I need it to get a new token when the token is expired.

I debugged my app to see what the omniauth response provides me and I do not see a refresh token returned just the token and the expiry date.

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :linkedin, ENV['LINKEDIN_CONSUMER_KEY'], ENV['LINKEDIN_CONSUMER_SECRET'], {
    :scope => ENV['LINKEDIN_SCOPES'],
    :fields => ['id', 'first-name', 'last-name', 'picture-url']
  }
end

I'd like to find out if the gem's supposed to return the refresh token? Or does the gem issue me a new token? Or does it extend the expiry date for an existing token?

Using r_emailaddress as scope giving Authentication failure! invalid_credentials: OAuth2::Error

I have an application running with successful Google and Facebook omniauthentication running. I want to add Linkedin Login too with omniauth. All seems to fine until I request the email address by adding :scope => 'r_emailaddress' to the line

devise.rb

config.omniauth :linkedin, ENV['LINKEDIN_CLIENT_ID'], ENV['LINKEDIN_CLIENT_SECRET'], :scope => 'r_emailaddress', :fields => ['email', 'id', 'first-name', 'last-name']

All seems to be correct if I removed the r_emailaddress and add any other scope like r_liteprofile as

config.omniauth :linkedin, ENV['LINKEDIN_CLIENT_ID'], ENV['LINKEDIN_CLIENT_SECRET'], :scope => 'r_liteprofile', :fields => ['email', 'id', 'first-name', 'last-name']

The error is coming up in the backend and in the front end after successfully putting all the credentials on the Linkedin page, the app is redirecting to the home page and not giving any error in the UI.

The error it's throwing in the logs is

ERROR -- omniauth: (linkedin) Authentication failure! invalid_credentials: OAuth2::Error, : {"serviceErrorCode":100,"message":"Not enough permissions to access: GET /me","status":403}

It would be great if anyone can help me in this matter.

Authentication failure! Connection reset by peer: Faraday::SSLError

I'm trying to set up an authentication via LinkedIn in the rails 5.2 application, for the same I'm referring to the documentation given by devise but I am getting the following error:

D, [2021-05-31T05:35:53.970669 #6] DEBUG -- omniauth: (linkedin) Request phase initiated.
Started GET "/users/auth/linkedin/callback?code=[FILTERED]&state=9e349ee89f75a4549e047dcb67da2c9a6a9b484fa8820480" for 172.19.0.1 at 2021-05-31 05:36:09 +0000
D, [2021-05-31T05:36:09.697959 #6] DEBUG -- omniauth: (linkedin) Callback phase initiated.
E, [2021-05-31T05:36:09.870838 #6] ERROR -- omniauth: (linkedin) Authentication failure! Connection reset by peer: Faraday::SSLError, Connection reset by peer

I have added these using the following gems for the configuration

  1. devise ~> 4.8.0
  2. omniauth-linkedin-oauth2 ~> 1.0.0
  3. omniauth ~> 2.0.4

I even tried running on the active domain in the production server which contains the valid SSL certificate but still, the same error is thrown. How should I fix this?

The authorization flow opens the linkedin app and never returns to the callback url (IPHONE)

Problem
When trying to sign_up/login from an Iphone it opens the linkedin app and do nothing else. Same thing using Chrome and Safari. On the contrary, it works perfectly:

  • When on desktop
  • If the linkedin app is not installed in the iphone
  • If we use an incognito browser in the iphone (either Safari or Chrome)

Context

  • In my logs I see Started POST "/users/auth/linkedin" for IP. DEBUG -- omniauth: (linkedin) Request phase initiated. and nothing else.
  • I've disabled Turbo and even javascript but the issue remains.
  • Same thing is happening in development, staging and production.
  • I tried debugging in safari to see if I saw a clue in network or even console logs, but nothing. Any ideas?
  • and Ruby 3.0.1

More context

  • I tried using rails redirection to the url https://www.linkedin.com/oauth/v2/authorization?all_the_needed parameters and works as expected.
  • The Gem is actually creating the Rack response correctly.
  • I tried changing the status of the rack response to 303 or 302 but the issue remains.

Stack

  • Rails (6.1.3.2)
  • Ruby (3.0.1)
  • Rack (2.2.3)
  • omniauth (2.0.4)
  • oauth2 (1.4.7)
  • omniauth-linkedin-oauth2 (1.0.0)
  • Devise (4.8.0)

Any Idea? I looked very hard trying to find people reporting this issue but without any luck. I start to think that may be related to my ruby or rails version but haven't check. Both apps use same stack...

Incompatibility of gems

FYI:

gem 'omniauth-oauth2', '~>1.4.0' 
+
gem 'omniauth-linkedin-oauth2', '~>0.1.5'

Causes omni auth to fail. Linkedin reply with this:

Started GET "/auth/linkedin?logon=linkedin" for 127.0.0.1 at 2017-05-24 18:28:51 +0200
(linkedin) Callback phase initiated.
(linkedin) Authentication failure! invalid_credentials: OAuth2::Error, invalid_request: missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired
{"error_description":"missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired","error":"invalid_request"}

Using gem 'omniauth-oauth2', '~>1.3.1' works...

LinkedIn oauth fails at getting a request token

Hi, I'm getting the following response from LinkedIn Oauth:
{"error_description":"missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired","error":"invalid_request"}

The problem seems to happen at Step 3 — Exchange Authorization Code for a Request Token (https://developer.linkedin.com/docs/oauth2).

When I look at the request made by omniauth (lib/oauth2/client.rb)...

{:raise_errors=>true, :parse=>nil, :body=>{"grant_type"=>"authorization_code", "code"=>"AQRXa3pON-Dz2PeQiHesH0k0ENLI1M_NdcUY2Y5Gae7EpiRnBrwLcEBHqF5E9opvNqtqP5kRaXXweTJwyp8oJfv5yXEMUlotjuMTt2L80D6mTp8-cGw", "client_id"=>"XXX", "client_secret"=>"XXX", :redirect_uri=>"http://localhost:3000/auth/linkedin/callback?code=AQRXa3pON-Dz2PeQiHesH0k0ENLI1M_NdcUY2Y5Gae7EpiRnBrwLcEBHqF5E9opvNqtqP5kRaXXweTJwyp8oJfv5yXEMUlotjuMTt2L80D6mTp8-cGw&state=16ae401bac5b0c55eba2089cd964a9590d587e81545a226f"}, :headers=>{"Content-Type"=>"application/x-www-form-urlencoded"}}

...and compare with LinkedIn requirements for Step 3, the only difference I see is the redirect_uri encoding.

Could that be the problem? Can it be fixed? Has anyone else had that type of issue?

Thanks for helping!

Authentication failure! invalid_credentials: OAuth2::Error

I, [2019-04-18T15:01:00.068558 #3923] INFO -- omniauth: (linkedin) Callback phase initiated.
E, [2019-04-18T15:01:01.774531 #3923] ERROR -- omniauth: (linkedin) Authentication failure! invalid_credentials: OAuth2::Error, :
{
"errorCode": 0,
"message": "This resource is no longer available under v1 APIs",
"requestId": "4RZES38RSZ",
"status": 410,
"timestamp": 1555579861698
}

I am getting above issue. Can someone help?

r_fullprofile not fetching all the details.

I have been using this gem quite a long time. I have never tweaked around the :scope. But now I wanted to get certifications from linkedin and tired the steps given in read me though its not working.

#config/initializers/omniauth.rb
provider :linkedin, '**************' , *******************', :scope => 'r_fullprofile'

the auth hash returned from linkedin

<OmniAuth::AuthHash credentials=#<OmniAuth::AuthHash expires=true expires_at=1401539399 token="AQVSUdXiNCHUMHlG0hV_Fp8uSJ0W6-kU4XB5JeWS8kO6ksPirijaF9sb5qH*************************************************************************"> extra=#<OmniAuth::AuthHash raw_info=#<OmniAuth::AuthHash firstName="*******************r" headline="************************" id="************" industry="Computer Software" lastName="**********" location=#<OmniAuth::AuthHash country=#<OmniAuth::AuthHash code="in"> name="Chennai Area, India"> pictureUrl="http://m.c.lnkd.licdn.com/mpr/mprx/********************************" publicProfileUrl="http://www.linkedin.com/in/****************************">> info=#<OmniAuth::AuthHash::InfoHash description="********************" email=nil first_name="**********************r" image="http://m.c.lnkd.licdn.com/mpr/mprx/**********************************************************************" last_name="*******" location=#<OmniAuth::AuthHash country=#<OmniAuth::AuthHash code="in"> name="Chennai Area, India"> name="Shivakumaar MGS" nickname="Shivakumaar MGS" urls=#<OmniAuth::AuthHash public_profile="http://www.linkedin.com/in/***************">> provider="linkedin" uid="************">

It doesn't contain any full profile fields as given in https://developer.linkedin.com/documents/profile-fields#profile

anyone having Authentication failure?

(linkedin) Callback phase initiated.
(linkedin) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, OmniAuth::Strategies::OAuth2::CallbackError

/auth/linkedin took me directly to /auth/failure in dev environment. Not seeing linkedin login page.

A required parameter "client_secret" is missing

I am getting an error message indicating that a required parameter, client_secret, is missing in the API request that I am making but I already have a LINKEDIN_SECRET in my .env file with the correct value.

Non-default scopes

Hi all,

I just got the email below from LinkedIn, and was wondering whether 'default' means something different in their context than it does in the context of your Readme. Ie, if we haven't configured the scope option in our Rails project, will the project still work come September?

LinkedIn email:

Dear LinkedIn Developers, 

What's happening?

As of September 15, 2019, we will no longer be supporting default scopes. Default scopes allow apps to make calls to /oauth/v2/authorization without explicitly requesting scopes in the scope parameter. If your apps rely on default scopes, they must now request scopes explicitly in their OAuth flow

Additionally, requests to v1 specific scopes will not be permitted after September 15, 2019. The set of v1 scopes includes:

  • r_basicprofile (only permitted if your app has been granted v2 Basic Profile)
  • w_share
  • rw_company_admin

What you'll need to do:

  1. Determine if your app is using default scopes by inspecting your code. If your call to request an authorization code includes a scope parameter explicitly requesting permissions, your app is not using default scopes and you do not need to take any action. Important: If your call does not include a scope parameter, proceed with the rest of the steps below.
  2. Initiate OAuth flow from your app as a user.
  3. Proceed to the LinkedIn authentication screen describing what access is being requested
  4. Map the access request descriptions to their corresponding scopes using the table in our migration guide.

Timeframe:

You will need to complete the migration steps above by September 15, in order to prevent any interruption of your access. Requests to obtain an access token while using default scopes after this date will return an HTTP 400 error from our API.

Resources:

For further assistance, please reference our migration guide.

If you need additional support while migrating your default scopes, or have general questions regarding these updates you can open a support ticket here.

Thank you,
LinkedIn Developers Program Team

--

Not found. Authentication passthru.

Hi, I have had the gem set up for months, and have it working for months too.

I just upgraded to Ruby 1.9.3, and now on my development server it's working, but on my production server it's broken, and showing me this Not found. Authentication passthru. whenever I go to the path.

Please help!

Status of this project?

What is the status of this project? There are 5 open pull requests, at least one of which will stop people from using this gem in Rails 5.

No longer works with oauth2 gem v2.0+

Looks like the latest oauth2 changes broke this gem. After upgrading I'm seeing the following error in the callback phase:

Request phase initiated.
Started GET "/users/auth/linkedin/callback?code=...&state=..." for 127.0.0.1 at 2022-09-14 20:50:20 +0200
D, [2022-09-14T20:50:20.537126 #37240] DEBUG -- omniauth: (linkedin) Callback phase initiated.
E, [2022-09-14T20:50:21.021252 #37240] ERROR -- omniauth: (linkedin) Authentication failure! invalid_credentials: OAuth2::Error, invalid_request: A required parameter "client_secret" is missing
{"error":"invalid_request","error_description":"A required parameter \"client_secret\" is missing"}
Processing by Users::OmniauthCallbacksController#failure as HTML

I have omniauth configured at Devise as:

  config.omniauth :linkedin, ENV.fetch('LINKEDIN_KEY'), ENV.fetch('LINKEDIN_SECRET')

(both ENV keys are present).

And my omniauth initializer looks like this:

OmniAuth.config.full_host = Settings.protocol + Settings.host
OmniAuth.config.allowed_request_methods = %i[get post]
OmniAuth.config.silence_get_warning = true

It works if I downgrade back to oauth2 v1.4.10.

Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired

I'm getting this error in Development. Is there a problem with setting localhost:3000 as the domain of the callback? Because it works with facebook and google. I'm having trouble with linkedin and twitter.

This is what I'm getting

{"error_description":"missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired","error":"invalid_request"}

My devise.rb has this line:

config.omniauth :linkedin, setup: true

And in the setup method, in a controller, I have these lines

env['omniauth.strategy'].options[:client_id] = id
env['omniauth.strategy'].options[:client_secret] = token

The variables "id" and "token" correctly matches my Linkedin application's credentials.

I'm not setting, though, a "redirect_uri" param. I have only one callback defined in my Linkedin App's dashboard.

I tried setting, though, but got the same error. This was the line I used:

env['omniauth.strategy'].options[:redirect_uri] = "http://localhost:3000/api/v1/users/auth/linkedin/callback

Getting timeout from Faraday when requesting access_token, email_addrees or profile info

Suddenly requests for getting access token or email address or profile info started to raise timeout error 504 from Faraday gem, here is a stacktrace

Faraday::ConnectionFailed: execution expired
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/net/http.rb:880:in `initialize'
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/net/http.rb:880:in `open'
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/net/http.rb:880:in `block in connect'
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/timeout.rb:101:in `timeout'
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/net/http.rb:878:in `connect'
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/net/http.rb:852:in `start'
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/net/http.rb:1398:in `request'
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/net/http.rb:1156:in `get'
/opt/api/shared/bundle/ruby/2.3.0/gems/faraday-0.12.2/lib/faraday/adapter/net_http.rb:78:in `perform_request'
/opt/api/shared/bundle/ruby/2.3.0/gems/faraday-0.12.2/lib/faraday/adapter/net_http.rb:38:in `block in call'
/opt/api/shared/bundle/ruby/2.3.0/gems/faraday-0.12.2/lib/faraday/adapter/net_http.rb:85:in `with_net_http_connection'
/opt/api/shared/bundle/ruby/2.3.0/gems/faraday-0.12.2/lib/faraday/adapter/net_http.rb:33:in `call'
/opt/api/shared/bundle/ruby/2.3.0/gems/faraday-0.12.2/lib/faraday/request/url_encoded.rb:15:in `call'
/opt/api/shared/bundle/ruby/2.3.0/gems/faraday-0.12.2/lib/faraday/rack_builder.rb:141:in `build_response'
/opt/api/shared/bundle/ruby/2.3.0/gems/faraday-0.12.2/lib/faraday/connection.rb:386:in `run_request'
/opt/api/shared/bundle/ruby/2.3.0/gems/oauth2-1.4.0/lib/oauth2/client.rb:99:in `request'
/opt/api/shared/bundle/ruby/2.3.0/gems/oauth2-1.4.0/lib/oauth2/access_token.rb:107:in `request'
/opt/api/shared/bundle/ruby/2.3.0/gems/oauth2-1.4.0/lib/oauth2/access_token.rb:114:in `get'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-linkedin-oauth2-1.0.0/lib/omniauth/strategies/linkedin.rb:63:in `fetch_email_address'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-linkedin-oauth2-1.0.0/lib/omniauth/strategies/linkedin.rb:57:in `email_address'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-linkedin-oauth2-1.0.0/lib/omniauth/strategies/linkedin.rb:23:in `block in <class:LinkedIn>'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:109:in `instance_eval'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:109:in `block in compile_stack'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:108:in `each'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:108:in `inject'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:108:in `compile_stack'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:102:in `info_stack'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:336:in `info'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:349:in `auth_hash'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:372:in `callback_phase'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-oauth2-1.5.0/lib/omniauth/strategies/oauth2.rb:75:in `callback_phase'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:238:in `callback_call'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:189:in `call!'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/builder.rb:64:in `call'

License missing from gemspec

RubyGems.org doesn't report a license for your gem. This is because it is not specified in the gemspec of your last release.

via e.g.

spec.license = 'MIT'
# or
spec.licenses = ['MIT', 'GPL-2']

Including a license in your gemspec is an easy way for rubygems.org and other tools to check how your gem is licensed. As you can image, scanning your repository for a LICENSE file or parsing the README, and then attempting to identify the license or licenses is much more difficult and more error prone. So, even for projects that already specify a license, including a license in your gemspec is a good practice. See, for example, how rubygems.org uses the gemspec to display the rails gem license.

There is even a License Finder gem to help companies/individuals ensure all gems they use meet their licensing needs. This tool depends on license information being available in the gemspec. This is an important enough issue that even Bundler now generates gems with a default 'MIT' license.

I hope you'll consider specifying a license in your gemspec. If not, please just close the issue with a nice message. In either case, I'll follow up. Thanks for your time!

Appendix:

If you need help choosing a license (sorry, I haven't checked your readme or looked for a license file), GitHub has created a license picker tool. Code without a license specified defaults to 'All rights reserved'-- denying others all rights to use of the code.
Here's a list of the license names I've found and their frequencies

p.s. In case you're wondering how I found you and why I made this issue, it's because I'm collecting stats on gems (I was originally looking for download data) and decided to collect license metadata,too, and make issues for gemspecs not specifying a license as a public service :). See the previous link or my blog post aobut this project for more information.

How to get it working in 2024

I had to do Monkey Patching like this:

module OmniAuth
  module Strategies
    class LinkedIn < OmniAuth::Strategies::OAuth2
      uid do
        raw_info["sub"]
      end

      info do
        {
          :name => raw_info["given_name"],
          :family_name => raw_info["family_name"],
          :email => raw_info["email"],
          :image => raw_info["picture"]
        }
      end

      extra do
        {
          "info" => raw_info
        }
      end

      def profile_endpoint
        "/v2/userinfo"
      end
    end
  end
end

And the button this way:

<%= button_to "/auth/linkedin", data: { turbo: false }, class: "px-4 py-2 border flex gap-2 border-dark rounded-lg text-dark hover:shadow transition duration-150"  do %>
  <span class="size-6">
    <%= render "icons/linkedin" %>
  </span>
  <span><%= t("pages.sign_up.sign_up_with_linkedin") %></span>
<% end %>

Add support for LinkedIn v2 API.

The current implementation breaks when it fetches the additional raw_info because it hits a v1 endpoint to do so. Unfortunately LinkedIn disables the v1 API when they upgrade clients to v2, so authentication with this gem will stop working if/when LinkedIn does this.

v1.0.1 breaks existing integration

Heads-Up: I'll provide more information later.

Issue

We've upgraded omniauth-linkedin-oauth2 to v1.0.1. yesterday and since then have not received successful sign-ins/sign-ups anymore via LinkedIn.

Relevant Stacktrace

OAuth2::Error: invalid_request: Duplicate values defined for "client_secret" parameter
{"error":"invalid_request","error_description":"Duplicate values defined for \"client_secret\" parameter"}

File "/app/vendor/bundle/ruby/3.2.0/gems/oauth2-1.4.11/lib/oauth2/client.rb" line 139 in request
File "/app/vendor/bundle/ruby/3.2.0/gems/oauth2-1.4.11/lib/oauth2/client.rb" line 177 in get_token
File "/app/vendor/bundle/ruby/3.2.0/gems/oauth2-1.4.11/lib/oauth2/strategy/auth_code.rb" line 32 in get_token
File "/app/vendor/bundle/ruby/3.2.0/gems/omniauth-oauth2-1.7.3/lib/omniauth/strategies/oauth2.rb" line 126 in build_access_token
File "/app/vendor/bundle/ruby/3.2.0/gems/omniauth-oauth2-1.7.3/lib/omniauth/strategies/oauth2.rb" line 91 in callback_phase
File "/app/vendor/bundle/ruby/3.2.0/gems/omniauth-2.1.1/lib/omniauth/strategy.rb" line 272 in callback_call
File "/app/vendor/bundle/ruby/3.2.0/gems/omniauth-2.1.1/lib/omniauth/strategy.rb" line 194 in call!
File "/app/vendor/bundle/ruby/3.2.0/gems/omniauth-2.1.1/lib/omniauth/strategy.rb" line 169 in call
File "/app/vendor/bundle/ruby/3.2.0/gems/omniauth-2.1.1/lib/omniauth/builder.rb" line 44 in call
File "/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.0.7/lib/action_dispatch/middleware/stack.rb" line 61 in block in call
# ... lots of rails logs
File "/app/vendor/bundle/ruby/3.2.0/gems/railties-7.0.7/lib/rails/engine.rb" line 530 in call
File "/app/vendor/bundle/ruby/3.2.0/gems/puma-6.3.1/lib/puma/configuration.rb" line 270 in call
File "/app/vendor/bundle/ruby/3.2.0/gems/puma-6.3.1/lib/puma/request.rb" line 100 in block in handle_request
File "/app/vendor/bundle/ruby/3.2.0/gems/puma-6.3.1/lib/puma/thread_pool.rb" line 344 in with_force_shutdown
File "/app/vendor/bundle/ruby/3.2.0/gems/puma-6.3.1/lib/puma/request.rb" line 99 in handle_request
File "/app/vendor/bundle/ruby/3.2.0/gems/puma-6.3.1/lib/puma/server.rb" line 443 in process_client
File "/app/vendor/bundle/ruby/3.2.0/gems/puma-6.3.1/lib/puma/server.rb" line 245 in block in run
File "/app/vendor/bundle/ruby/3.2.0/gems/puma-6.3.1/lib/puma/thread_pool.rb" line 151 in block in spawn_thread
AbstractController::ActionNotFound: Could not find devise mapping for path "/users/auth/linkedin/callback?code=<REDACTED>&state=<REDACTED>".
This may happen for two reasons:

1) You forgot to wrap your route inside the scope block. For example:

devise_scope :user do
get "/some/route" => "some_devise_controller"
end

2) You are testing a Devise controller bypassing the router.
If so, you can explicitly tell Devise which mapping to use:

@request.env["devise.mapping"] = Devise.mappings[:user]

Links

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.