LinkedIn launched a new Signin product and removed the old one.
The new one is called Sign In with LinkedIn using OpenID Connect

The scopes in the new product are completely different from the old ones:

These changes break this gem. Are there any plans to support new changes?

We got an email from linkedin that they will deprecate unversioned api by 30th June, 2023 and as per their docs following endpoints will be available

Unversioned

Versioned

Do we have any plans to upgrade this gem or do we have any alternate gem for versioned api. We are using following products in our application.

Hi! Could you please release a new version of the gem including Fix the oauth 1.4 issuex commit (that seems to be merged to master already).

I can't find a way to get the page URL from which the user clicked the linkedin button, is there an easy way to do it ?

Thanks !

I'm getting the following error when I'm using this gem.

OAuth2::Error at /auth/linkedin/callback
: { "errorCode": 0, "message": "The token used in the request is expired.", "requestId": "5LVAAP7YZ2", "status": 401, "timestamp": 1392084765723 }
file: client.rb location: request line: 110

So it actually looks like a problem with LinkedIn. I was seeing it intermittently, so I surmised it was a timing issue. Low and behold if I put a 10 second sleep in there it works every time.

  def raw_info
    @raw_info ||= begin
      sleep 10
      access_token.get("/v1/people/~:(#{options.fields.join(',')})?format=json").parsed
    end
  end

I'm wondering if anyone else has seen this behavior?

Hi,
I am using this gem.
I faced an issue, I send callback URL as https://.... but it gets converted to http://....
I cannot get a hold of the issue.
Anybody facing same problem ?

I added the credentials and the provider into my Omniauth configuration and when I try to access '/auth/linkedin' I get redirected to the linkedin website with this message: There was an unexpected problem that prevented us from completing your request.

Here's my code for it:

OmniAuth.config.logger = Rails.logger

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'],
             :scope => 'user_about_me,email,publish_actions,user_location,publish_stream,offline_access,user_interests,user_likes,user_hometown,user_birthday',
             :display => 'popup',
             :auth_type => 'reauthenticate'

    provider :linkedin, ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'],
             :scope => 'r_fullprofile r_emailaddress'

    OmniAuth.config.on_failure = Proc.new { |env|
        OmniAuth::FailureEndpoint.new(env).redirect_to_failure
    }
end

I already setup my ENV variables inside development.rb and it works great for Facebook but I keep getting this error for LinkedIn.

I am getting unauthorized_scope_error | Scope "r_liteprofile" is not authorized for your application very sporadically with linkedin oauth-2. This is very weird as there's no r_liteprofile in the linkedin developer's console. It only has basicprofile, r_emailaddress, rw_company_admin and w_share. Is this a pre-known issue ? Not getting any footprint online.
Linkedin is pushing the control to https://www.linkedin.com/oauth/v2/authorization?client_id=817pm189a9zxnp&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Flinkedin%2Fcallback&response_type=code&scope=r_basicprofile&state=cea1676704da0832326304c1da6ee80eabc79463da80ac1d which has r_liteprofile while on linkedin console I'm clearly only requesting r_basicprofile .

Hi!
Since today, when I try to authenticate in LinkedIn, I get an error page from LinkedIn
with the following error:

Invalid redirect_uri. This value must match a URL registered with the API Key.

It seems that from now on the redirect_uri has to be sent also in the request, as specified here:

https://developer.linkedin.com/documents/authentication#oauth2-redirect-uri

Is this happening to anyone else? It's been working like a charm until this morning...
Thanks in advance.

Im using this gem to authenticate Linkedin users.

Step 3. Make the API calls
https://developer.linkedin.com/documents/authentication
Im able to access my connections with this token
ttps://api.linkedin.com/v1/people/~?oauth2_access_token=AQXdSP_W41_UPs5ioT_t8HESyODB4FqbkJ8LrV_5mff4gPODzOYR

Is there any way i can post message to my connections.

This is small code

require "rest-client"
require 'json'
require 'multi_json'
require 'hashie'

def send_message(subject, body, recipient_paths)
path = "http://api.linkedin.com/v1/people/~/mailbox?oauth2_access_token=AQXdSP_W41_UPs5ioT_t8HESyODB4FqbkJ8LrV_5mff4gPODzOYR"

message = {
    'content_type' => "application/json",
    'subject' => subject,
    'body' => body,
    'recipients' => {
        'values' => recipient_paths.map do |profile_path|
        { 'person' => { '_path' => "/people/#{profile_path}" } }
        end
    }
}
puts message.to_json
RestClient.post(path, message.to_json, :accept => :json)

end

send_message("Welcome to mvi","Hi testing for new message", ["wEoHBvlFX0"])

HERE IS MY OUTPUT.
{"content_type":"application/json","subject":"Welcome to mvi","body":"Hi testing for new message","recipients":{"values":[{"person":{"_path":"/people/wEoHBvlFX0"}}]}}
/home/localadmin/.rvm/gems/ruby-1.9.3-p392/gems/rest-client-1.6.7/lib/restclient/abstract_response.rb:48:in `return!': 401 Unauthorized (RestClient::Unauthorized)

Started POST "/auth/linkedin" for ::1 at 2021-05-25 18:08:07 +0530
D, [2021-05-25T18:08:07.525231 #36353] DEBUG -- omniauth: (linkedin) Request phase initiated.
W, [2021-05-25T18:08:07.525652 #36353] WARN -- omniauth: Attack prevented by OmniAuth::AuthenticityTokenProtection
E, [2021-05-25T18:08:07.525704 #36353] ERROR -- omniauth: (linkedin) Authentication failure! authenticity_error: OmniAuth::AuthenticityError, Forbidden
E, [2021-05-25T18:08:07.525806 #36353] ERROR -- omniauth: (linkedin) Authentication failure! Forbidden: OmniAuth::AuthenticityError, Forbidden

OmniAuth::AuthenticityError (Forbidden):

getting this error.

Hi there,

we have error on the callback with the omniauth-oauth2 gem in version 1.4 so we lock it in our rails application.

$> Gemfile

 52 group :auth do
 53   gem 'devise',                   '~> 4.2'
 54   gem 'devise-i18n'               # Only yaml files
 55   gem 'omniauth',                 '~> 1.3'
 56   gem 'omniauth-facebook',        '~> 4.0'
 57   gem 'linkedin'
 58   gem 'omniauth-linkedin-oauth2', branch: 'master'
 59   gem 'omniauth-oauth',           '1.1'
 60   gem 'omniauth-oauth2',          '=1.2'
 61 end

$> config/initializers/devise.rb

264   config.omniauth :linkedin,
265     Gaston.providers.linkedin.api_key, Gaston.providers.linkedin.secret_key,
266     scope: 'r_emailaddress r_basicprofile'

With omniauth-oauth2 1.4 we have this error in application server logs

E, [2016-08-04T10:50:15.569508 #32664] ERROR -- omniauth: (linkedin) Authentication failure! invalid_credentials: OAuth2::Error, invalid_request: missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired
{"error_description":"missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired","error":"invalid_request"}

Missing something ?

I'm seeing the "Allow/Deny" prompt on the linkedin side, even when I have previously authenticated, and am currently logged into linkedin.

I notice this is happening only with an older linkedin app (4 years old?), and is NOT happening with a freshly created linkedin app.

I've seen similar issues with other oauth2 circles. Google, for example has an option to force the dialog prompt, as well as a way to pass a "allow_prompt=auto" param/value to bypass it if the user has previously authenticated and is logged in.

After looking at the linkedin api info, I haven't come across a param for this.

This issue is more so on Linkedin's side (not this gem), as I'm assuming our older linkedin app is maybe some sort of "legacy" app.

Has anyone dealt with this?

I'm trying to upgrade an app to use v2 of LinkedIn's Api. I found this gem, which I hope should replace the omniauth-linkedin gem. I changed the provider method to something like:

provider :linkedin, 'key', 'secret', scope: 'r_liteprofile r_emailaddress w_member_social'

However, after going through the oauth connection process and trying to post as the user I get an error:

LinkedIn::Errors::UnauthorizedError ((401): [unauthorized]. The token used in the OAuth request is not valid.

I believe the cause of this issue is I never obtain a secret for the user, the oauth hash is incompete. After the user accepts connecting an account, the request.env['omniauth.auth'] hash looks something like:

#<OmniAuth::AuthHash credentials=#<OmniAuth::AuthHash expires=true expires_at=1555966761 token="verylongtoken"> extra=#<OmniAuth::AuthHash raw_info=#<OmniAuth::AuthHash firstName=#<OmniAuth::AuthHash localized=#<OmniAuth::AuthHash en_US="me"> preferredLocale=#<OmniAuth::AuthHash country="US" language="en">> id="id" lastName=#<OmniAuth::AuthHash localized=#<OmniAuth::AuthHash en_US="me"> preferredLocale=#<OmniAuth::AuthHash country="US" language="en">>>> info=#<OmniAuth::AuthHash::InfoHash email="[email protected]" first_name="me" last_name="me" picture_url=nil> provider="linkedin" uid="uid">

Notice that there is no secret.

I tried changing the requested permissions. I've looked at the app in LinkedIn and looks to be setup correctly. LinkedIn was working yesterday, but they must have forced v2 on the app today. I tried using different versions of omniauth-oauth2 gem. Please let me know if you have any suggestions. Thanks.

Can we use decioferreira/omniauth-linkedin-oauth2 and hexgnu/linkedin together?
I can't see both "access_token", "access_token_secret" anywhere in request.env["omniauth.auth"] because there is only token as far as i see.

Do I need to use https://github.com/skorks/omniauth-linkedin only?

While oauth2_access_token.expires_at and oauth2_access_token.expires_in have valid token expiration informations (here https://github.com/decioferreira/omniauth-linkedin-oauth2/blob/master/lib/omniauth/strategies/linkedin.rb#L49), I can't see expiration date in auth hash in omniauth. There is also expires marked as false in token part.

{"provider"=>"linkedin",
 "uid"=>"abcd",
 "info"=>
  {"name"=>"Šlukas McPrásk",
   "email"=>"[email protected]",
   "nickname"=>"Šlukas McPrásk",
   "first_name"=>"Šlukas",
   "last_name"=>"McPrásk",
   "location"=>{"country"=>{"code"=>"cz"}, "name"=>"Czech Republic"},
   "description"=>"deli clerk",
   "image"=>nil,
   "urls"=>
    {"public_profile"=>
      "url"}},
 "credentials"=>
  {"token"=>
    "token",
   "expires"=>false},
 "extra"=>
  {"raw_info"=>
    {"emailAddress"=>"[email protected]",
     "firstName"=>"Jimmy",
     "headline"=>"deli clerk",
     "id"=>"abcd",
     "industry"=>"Computer Software",
     "lastName"=>"McPrásk",
     "location"=>{"country"=>{"code"=>"cz"}, "name"=>"Czech Republic"},
     "publicProfileUrl"=>
      "http://www.linkedin.com/pub/url"}}}

Hi.

Since google is retiring Google+ APIs on March 7, 2019, some users need to upgrade omniauth-google-oauth2 gem to v0.5.4 or higher (v0.6.0). Problem is that Google's gem depends on omniauth-oauth2 to be v1.5 or higher. I'm aware of the problem v1.4 caused and a lot of people have set it to v1.3.1 to get around callback_url problem. Now that Google is making changes, this problem needs to be addressed (I believe it has been addressed in the master branch) and new release is needed.

Having an issue implementing this gem for OAuth2 authentication. I've been getting errors when redirecting to LinkedIn's auth site. Upon investigating further, it seems that the state param is required[1] to be present in the URL.

I've gone through the source of this gem and see no reference to state. Using this PR #6 fixes the problem (when I pass in the state), but I'm confused about the implementation of it. The wording of it makes it seem like state is optional, but it says that it is required in LinkedIn's documentation. Am I missing something? How is this gem working for anybody in its current implementation?

Thanks!

[1]http://developer.linkedin.com/documents/authentication

@decioferreira The gem doesn't seem to return the refresh token, which I believe I need it to get a new token when the token is expired.

I debugged my app to see what the omniauth response provides me and I do not see a refresh token returned just the token and the expiry date.

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :linkedin, ENV['LINKEDIN_CONSUMER_KEY'], ENV['LINKEDIN_CONSUMER_SECRET'], {
    :scope => ENV['LINKEDIN_SCOPES'],
    :fields => ['id', 'first-name', 'last-name', 'picture-url']
  }
end

I'd like to find out if the gem's supposed to return the refresh token? Or does the gem issue me a new token? Or does it extend the expiry date for an existing token?

I have an application running with successful Google and Facebook omniauthentication running. I want to add Linkedin Login too with omniauth. All seems to fine until I request the email address by adding :scope => 'r_emailaddress' to the line

devise.rb

config.omniauth :linkedin, ENV['LINKEDIN_CLIENT_ID'], ENV['LINKEDIN_CLIENT_SECRET'], :scope => 'r_emailaddress', :fields => ['email', 'id', 'first-name', 'last-name']

All seems to be correct if I removed the r_emailaddress and add any other scope like r_liteprofile as

config.omniauth :linkedin, ENV['LINKEDIN_CLIENT_ID'], ENV['LINKEDIN_CLIENT_SECRET'], :scope => 'r_liteprofile', :fields => ['email', 'id', 'first-name', 'last-name']

The error is coming up in the backend and in the front end after successfully putting all the credentials on the Linkedin page, the app is redirecting to the home page and not giving any error in the UI.

The error it's throwing in the logs is

ERROR -- omniauth: (linkedin) Authentication failure! invalid_credentials: OAuth2::Error, : {"serviceErrorCode":100,"message":"Not enough permissions to access: GET /me","status":403}

It would be great if anyone can help me in this matter.

Getting this error: You need to pass the "client_id" parameter when I add the client_id manually to the url and hit return it works fine?
screenshot:http://snap.recruiterswebsites.com/3d7a462fdf68

I'm trying to set up an authentication via LinkedIn in the rails 5.2 application, for the same I'm referring to the documentation given by devise but I am getting the following error:

D, [2021-05-31T05:35:53.970669 #6] DEBUG -- omniauth: (linkedin) Request phase initiated.
Started GET "/users/auth/linkedin/callback?code=[FILTERED]&state=9e349ee89f75a4549e047dcb67da2c9a6a9b484fa8820480" for 172.19.0.1 at 2021-05-31 05:36:09 +0000
D, [2021-05-31T05:36:09.697959 #6] DEBUG -- omniauth: (linkedin) Callback phase initiated.
E, [2021-05-31T05:36:09.870838 #6] ERROR -- omniauth: (linkedin) Authentication failure! Connection reset by peer: Faraday::SSLError, Connection reset by peer

I have added these using the following gems for the configuration

1. devise ~> 4.8.0
2. omniauth-linkedin-oauth2 ~> 1.0.0
3. omniauth ~> 2.0.4

I even tried running on the active domain in the production server which contains the valid SSL certificate but still, the same error is thrown. How should I fix this?

Problem
When trying to sign_up/login from an Iphone it opens the linkedin app and do nothing else. Same thing using Chrome and Safari. On the contrary, it works perfectly:

• When on desktop
• If the linkedin app is not installed in the iphone
• If we use an incognito browser in the iphone (either Safari or Chrome)

Context

• In my logs I see Started POST "/users/auth/linkedin" for IP. DEBUG -- omniauth: (linkedin) Request phase initiated. and nothing else.
• I've disabled Turbo and even javascript but the issue remains.
• Same thing is happening in development, staging and production.
• I tried debugging in safari to see if I saw a clue in network or even console logs, but nothing. Any ideas?
• and Ruby 3.0.1

More context

• I tried using rails redirection to the url https://www.linkedin.com/oauth/v2/authorization?all_the_needed parameters and works as expected.
• The Gem is actually creating the Rack response correctly.
• I tried changing the status of the rack response to 303 or 302 but the issue remains.

Stack

• Rails (6.1.3.2)
• Ruby (3.0.1)
• Rack (2.2.3)
• omniauth (2.0.4)
• oauth2 (1.4.7)
• omniauth-linkedin-oauth2 (1.0.0)
• Devise (4.8.0)

Any Idea? I looked very hard trying to find people reporting this issue but without any luck. I start to think that may be related to my ruby or rails version but haven't check. Both apps use same stack...

FYI:

gem 'omniauth-oauth2', '~>1.4.0' 
+
gem 'omniauth-linkedin-oauth2', '~>0.1.5'

Causes omni auth to fail. Linkedin reply with this:

Started GET "/auth/linkedin?logon=linkedin" for 127.0.0.1 at 2017-05-24 18:28:51 +0200
(linkedin) Callback phase initiated.
(linkedin) Authentication failure! invalid_credentials: OAuth2::Error, invalid_request: missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired
{"error_description":"missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired","error":"invalid_request"}

Using gem 'omniauth-oauth2', '~>1.3.1' works...

Hi, I'm getting the following response from LinkedIn Oauth:
{"error_description":"missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired","error":"invalid_request"}

The problem seems to happen at Step 3 — Exchange Authorization Code for a Request Token (https://developer.linkedin.com/docs/oauth2).

When I look at the request made by omniauth (lib/oauth2/client.rb)...

{:raise_errors=>true, :parse=>nil, :body=>{"grant_type"=>"authorization_code", "code"=>"AQRXa3pON-Dz2PeQiHesH0k0ENLI1M_NdcUY2Y5Gae7EpiRnBrwLcEBHqF5E9opvNqtqP5kRaXXweTJwyp8oJfv5yXEMUlotjuMTt2L80D6mTp8-cGw", "client_id"=>"XXX", "client_secret"=>"XXX", :redirect_uri=>"http://localhost:3000/auth/linkedin/callback?code=AQRXa3pON-Dz2PeQiHesH0k0ENLI1M_NdcUY2Y5Gae7EpiRnBrwLcEBHqF5E9opvNqtqP5kRaXXweTJwyp8oJfv5yXEMUlotjuMTt2L80D6mTp8-cGw&state=16ae401bac5b0c55eba2089cd964a9590d587e81545a226f"}, :headers=>{"Content-Type"=>"application/x-www-form-urlencoded"}}

...and compare with LinkedIn requirements for Step 3, the only difference I see is the redirect_uri encoding.

Could that be the problem? Can it be fixed? Has anyone else had that type of issue?

Thanks for helping!

I, [2019-04-18T15:01:00.068558 #3923] INFO -- omniauth: (linkedin) Callback phase initiated.
E, [2019-04-18T15:01:01.774531 #3923] ERROR -- omniauth: (linkedin) Authentication failure! invalid_credentials: OAuth2::Error, :
{
"errorCode": 0,
"message": "This resource is no longer available under v1 APIs",
"requestId": "4RZES38RSZ",
"status": 410,
"timestamp": 1555579861698
}

I am getting above issue. Can someone help?

I have been using this gem quite a long time. I have never tweaked around the :scope. But now I wanted to get certifications from linkedin and tired the steps given in read me though its not working.

#config/initializers/omniauth.rb
provider :linkedin, '**************' , *******************', :scope => 'r_fullprofile'

the auth hash returned from linkedin

<OmniAuth::AuthHash credentials=#<OmniAuth::AuthHash expires=true expires_at=1401539399 token="AQVSUdXiNCHUMHlG0hV_Fp8uSJ0W6-kU4XB5JeWS8kO6ksPirijaF9sb5qH*************************************************************************"> extra=#<OmniAuth::AuthHash raw_info=#<OmniAuth::AuthHash firstName="*******************r" headline="************************" id="************" industry="Computer Software" lastName="**********" location=#<OmniAuth::AuthHash country=#<OmniAuth::AuthHash code="in"> name="Chennai Area, India"> pictureUrl="http://m.c.lnkd.licdn.com/mpr/mprx/********************************" publicProfileUrl="http://www.linkedin.com/in/****************************">> info=#<OmniAuth::AuthHash::InfoHash description="********************" email=nil first_name="**********************r" image="http://m.c.lnkd.licdn.com/mpr/mprx/**********************************************************************" last_name="*******" location=#<OmniAuth::AuthHash country=#<OmniAuth::AuthHash code="in"> name="Chennai Area, India"> name="Shivakumaar MGS" nickname="Shivakumaar MGS" urls=#<OmniAuth::AuthHash public_profile="http://www.linkedin.com/in/***************">> provider="linkedin" uid="************">

It doesn't contain any full profile fields as given in https://developer.linkedin.com/documents/profile-fields#profile

(linkedin) Callback phase initiated.
(linkedin) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, OmniAuth::Strategies::OAuth2::CallbackError

/auth/linkedin took me directly to /auth/failure in dev environment. Not seeing linkedin login page.

Is it possible. The photo is pretty terrible. Thanks

I am getting an error message indicating that a required parameter, client_secret, is missing in the API request that I am making but I already have a LINKEDIN_SECRET in my .env file with the correct value.

Hi all,

I just got the email below from LinkedIn, and was wondering whether 'default' means something different in their context than it does in the context of your Readme. Ie, if we haven't configured the scope option in our Rails project, will the project still work come September?

LinkedIn email:

Dear LinkedIn Developers, 

What's happening?

As of September 15, 2019, we will no longer be supporting default scopes. Default scopes allow apps to make calls to /oauth/v2/authorization without explicitly requesting scopes in the scope parameter. If your apps rely on default scopes, they must now request scopes explicitly in their OAuth flow. 

Additionally, requests to v1 specific scopes will not be permitted after September 15, 2019. The set of v1 scopes includes:

• r_basicprofile (only permitted if your app has been granted v2 Basic Profile)
• w_share
• rw_company_admin

What you'll need to do:

1. Determine if your app is using default scopes by inspecting your code. If your call to request an authorization code includes a scope parameter explicitly requesting permissions, your app is not using default scopes and you do not need to take any action. Important: If your call does not include a scope parameter, proceed with the rest of the steps below.
2. Initiate OAuth flow from your app as a user.
3. Proceed to the LinkedIn authentication screen describing what access is being requested
4. Map the access request descriptions to their corresponding scopes using the table in our migration guide.

Timeframe:

You will need to complete the migration steps above by September 15, in order to prevent any interruption of your access. Requests to obtain an access token while using default scopes after this date will return an HTTP 400 error from our API.

Resources:

For further assistance, please reference our migration guide.

If you need additional support while migrating your default scopes, or have general questions regarding these updates you can open a support ticket here.

Thank you,
LinkedIn Developers Program Team

--

Hi, I have had the gem set up for months, and have it working for months too.

I just upgraded to Ruby 1.9.3, and now on my development server it's working, but on my production server it's broken, and showing me this Not found. Authentication passthru. whenever I go to the path.

Please help!

What is the status of this project? There are 5 open pull requests, at least one of which will stop people from using this gem in Rails 5.

Looks like the latest oauth2 changes broke this gem. After upgrading I'm seeing the following error in the callback phase:

Request phase initiated.
Started GET "/users/auth/linkedin/callback?code=...&state=..." for 127.0.0.1 at 2022-09-14 20:50:20 +0200
D, [2022-09-14T20:50:20.537126 #37240] DEBUG -- omniauth: (linkedin) Callback phase initiated.
E, [2022-09-14T20:50:21.021252 #37240] ERROR -- omniauth: (linkedin) Authentication failure! invalid_credentials: OAuth2::Error, invalid_request: A required parameter "client_secret" is missing
{"error":"invalid_request","error_description":"A required parameter \"client_secret\" is missing"}
Processing by Users::OmniauthCallbacksController#failure as HTML

I have omniauth configured at Devise as:

  config.omniauth :linkedin, ENV.fetch('LINKEDIN_KEY'), ENV.fetch('LINKEDIN_SECRET')

(both ENV keys are present).

And my omniauth initializer looks like this:

OmniAuth.config.full_host = Settings.protocol + Settings.host
OmniAuth.config.allowed_request_methods = %i[get post]
OmniAuth.config.silence_get_warning = true

It works if I downgrade back to oauth2 v1.4.10.

I'm getting this error in Development. Is there a problem with setting localhost:3000 as the domain of the callback? Because it works with facebook and google. I'm having trouble with linkedin and twitter.

This is what I'm getting

{"error_description":"missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired","error":"invalid_request"}

My devise.rb has this line:

config.omniauth :linkedin, setup: true

And in the setup method, in a controller, I have these lines

env['omniauth.strategy'].options[:client_id] = id
env['omniauth.strategy'].options[:client_secret] = token

The variables "id" and "token" correctly matches my Linkedin application's credentials.

I'm not setting, though, a "redirect_uri" param. I have only one callback defined in my Linkedin App's dashboard.

I tried setting, though, but got the same error. This was the line I used:

env['omniauth.strategy'].options[:redirect_uri] = "http://localhost:3000/api/v1/users/auth/linkedin/callback

Suddenly requests for getting access token or email address or profile info started to raise timeout error 504 from Faraday gem, here is a stacktrace

Faraday::ConnectionFailed: execution expired
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/net/http.rb:880:in `initialize'
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/net/http.rb:880:in `open'
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/net/http.rb:880:in `block in connect'
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/timeout.rb:101:in `timeout'
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/net/http.rb:878:in `connect'
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/net/http.rb:852:in `start'
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/net/http.rb:1398:in `request'
/home/api/.rvm/rubies/ruby-2.3.1/lib/ruby/2.3.0/net/http.rb:1156:in `get'
/opt/api/shared/bundle/ruby/2.3.0/gems/faraday-0.12.2/lib/faraday/adapter/net_http.rb:78:in `perform_request'
/opt/api/shared/bundle/ruby/2.3.0/gems/faraday-0.12.2/lib/faraday/adapter/net_http.rb:38:in `block in call'
/opt/api/shared/bundle/ruby/2.3.0/gems/faraday-0.12.2/lib/faraday/adapter/net_http.rb:85:in `with_net_http_connection'
/opt/api/shared/bundle/ruby/2.3.0/gems/faraday-0.12.2/lib/faraday/adapter/net_http.rb:33:in `call'
/opt/api/shared/bundle/ruby/2.3.0/gems/faraday-0.12.2/lib/faraday/request/url_encoded.rb:15:in `call'
/opt/api/shared/bundle/ruby/2.3.0/gems/faraday-0.12.2/lib/faraday/rack_builder.rb:141:in `build_response'
/opt/api/shared/bundle/ruby/2.3.0/gems/faraday-0.12.2/lib/faraday/connection.rb:386:in `run_request'
/opt/api/shared/bundle/ruby/2.3.0/gems/oauth2-1.4.0/lib/oauth2/client.rb:99:in `request'
/opt/api/shared/bundle/ruby/2.3.0/gems/oauth2-1.4.0/lib/oauth2/access_token.rb:107:in `request'
/opt/api/shared/bundle/ruby/2.3.0/gems/oauth2-1.4.0/lib/oauth2/access_token.rb:114:in `get'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-linkedin-oauth2-1.0.0/lib/omniauth/strategies/linkedin.rb:63:in `fetch_email_address'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-linkedin-oauth2-1.0.0/lib/omniauth/strategies/linkedin.rb:57:in `email_address'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-linkedin-oauth2-1.0.0/lib/omniauth/strategies/linkedin.rb:23:in `block in <class:LinkedIn>'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:109:in `instance_eval'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:109:in `block in compile_stack'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:108:in `each'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:108:in `inject'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:108:in `compile_stack'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:102:in `info_stack'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:336:in `info'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:349:in `auth_hash'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:372:in `callback_phase'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-oauth2-1.5.0/lib/omniauth/strategies/oauth2.rb:75:in `callback_phase'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:238:in `callback_call'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:189:in `call!'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/strategy.rb:169:in `call'
/opt/api/shared/bundle/ruby/2.3.0/gems/omniauth-1.9.0/lib/omniauth/builder.rb:64:in `call'

Does this support POST request for access_token and request_token? I am kinda new at this but only saw access_token.get call in linkedin.rb.
LinkedIn will start returning 400 errors on the GET /accessToken endpoint after June 30, 2023.
Ref link: https://www.linkedin.com/pulse/linkedin-marketing-api-release-april-2023-hakan-cengiz/

RubyGems.org doesn't report a license for your gem. This is because it is not specified in the gemspec of your last release.

via e.g.

spec.license = 'MIT'
# or
spec.licenses = ['MIT', 'GPL-2']

Including a license in your gemspec is an easy way for rubygems.org and other tools to check how your gem is licensed. As you can image, scanning your repository for a LICENSE file or parsing the README, and then attempting to identify the license or licenses is much more difficult and more error prone. So, even for projects that already specify a license, including a license in your gemspec is a good practice. See, for example, how rubygems.org uses the gemspec to display the rails gem license.

There is even a License Finder gem to help companies/individuals ensure all gems they use meet their licensing needs. This tool depends on license information being available in the gemspec. This is an important enough issue that even Bundler now generates gems with a default 'MIT' license.

I hope you'll consider specifying a license in your gemspec. If not, please just close the issue with a nice message. In either case, I'll follow up. Thanks for your time!

Appendix:

If you need help choosing a license (sorry, I haven't checked your readme or looked for a license file), GitHub has created a license picker tool. Code without a license specified defaults to 'All rights reserved'-- denying others all rights to use of the code.
Here's a list of the license names I've found and their frequencies

p.s. In case you're wondering how I found you and why I made this issue, it's because I'm collecting stats on gems (I was originally looking for download data) and decided to collect license metadata,too, and make issues for gemspecs not specifying a license as a public service :). See the previous link or my blog post aobut this project for more information.

I had to do Monkey Patching like this:

module OmniAuth
  module Strategies
    class LinkedIn < OmniAuth::Strategies::OAuth2
      uid do
        raw_info["sub"]
      end

      info do
        {
          :name => raw_info["given_name"],
          :family_name => raw_info["family_name"],
          :email => raw_info["email"],
          :image => raw_info["picture"]
        }
      end

      extra do
        {
          "info" => raw_info
        }
      end

      def profile_endpoint
        "/v2/userinfo"
      end
    end
  end
end

And the button this way:

<%= button_to "/auth/linkedin", data: { turbo: false }, class: "px-4 py-2 border flex gap-2 border-dark rounded-lg text-dark hover:shadow transition duration-150"  do %>
  <span class="size-6">
    <%= render "icons/linkedin" %>
  </span>
  <span><%= t("pages.sign_up.sign_up_with_linkedin") %></span>
<% end %>

The current implementation breaks when it fetches the additional raw_info because it hits a v1 endpoint to do so. Unfortunately LinkedIn disables the v1 API when they upgrade clients to v2, so authentication with this gem will stop working if/when LinkedIn does this.

Heads-Up: I'll provide more information later.

Issue

We've upgraded omniauth-linkedin-oauth2 to v1.0.1. yesterday and since then have not received successful sign-ins/sign-ups anymore via LinkedIn.

Relevant Stacktrace

OAuth2::Error: invalid_request: Duplicate values defined for "client_secret" parameter
{"error":"invalid_request","error_description":"Duplicate values defined for \"client_secret\" parameter"}

File "/app/vendor/bundle/ruby/3.2.0/gems/oauth2-1.4.11/lib/oauth2/client.rb" line 139 in request
File "/app/vendor/bundle/ruby/3.2.0/gems/oauth2-1.4.11/lib/oauth2/client.rb" line 177 in get_token
File "/app/vendor/bundle/ruby/3.2.0/gems/oauth2-1.4.11/lib/oauth2/strategy/auth_code.rb" line 32 in get_token
File "/app/vendor/bundle/ruby/3.2.0/gems/omniauth-oauth2-1.7.3/lib/omniauth/strategies/oauth2.rb" line 126 in build_access_token
File "/app/vendor/bundle/ruby/3.2.0/gems/omniauth-oauth2-1.7.3/lib/omniauth/strategies/oauth2.rb" line 91 in callback_phase
File "/app/vendor/bundle/ruby/3.2.0/gems/omniauth-2.1.1/lib/omniauth/strategy.rb" line 272 in callback_call
File "/app/vendor/bundle/ruby/3.2.0/gems/omniauth-2.1.1/lib/omniauth/strategy.rb" line 194 in call!
File "/app/vendor/bundle/ruby/3.2.0/gems/omniauth-2.1.1/lib/omniauth/strategy.rb" line 169 in call
File "/app/vendor/bundle/ruby/3.2.0/gems/omniauth-2.1.1/lib/omniauth/builder.rb" line 44 in call
File "/app/vendor/bundle/ruby/3.2.0/gems/actionpack-7.0.7/lib/action_dispatch/middleware/stack.rb" line 61 in block in call
# ... lots of rails logs
File "/app/vendor/bundle/ruby/3.2.0/gems/railties-7.0.7/lib/rails/engine.rb" line 530 in call
File "/app/vendor/bundle/ruby/3.2.0/gems/puma-6.3.1/lib/puma/configuration.rb" line 270 in call
File "/app/vendor/bundle/ruby/3.2.0/gems/puma-6.3.1/lib/puma/request.rb" line 100 in block in handle_request
File "/app/vendor/bundle/ruby/3.2.0/gems/puma-6.3.1/lib/puma/thread_pool.rb" line 344 in with_force_shutdown
File "/app/vendor/bundle/ruby/3.2.0/gems/puma-6.3.1/lib/puma/request.rb" line 99 in handle_request
File "/app/vendor/bundle/ruby/3.2.0/gems/puma-6.3.1/lib/puma/server.rb" line 443 in process_client
File "/app/vendor/bundle/ruby/3.2.0/gems/puma-6.3.1/lib/puma/server.rb" line 245 in block in run
File "/app/vendor/bundle/ruby/3.2.0/gems/puma-6.3.1/lib/puma/thread_pool.rb" line 151 in block in spawn_thread
AbstractController::ActionNotFound: Could not find devise mapping for path "/users/auth/linkedin/callback?code=<REDACTED>&state=<REDACTED>".
This may happen for two reasons:

1) You forgot to wrap your route inside the scope block. For example:

devise_scope :user do
get "/some/route" => "some_devise_controller"
end

2) You are testing a Devise controller bypassing the router.
If so, you can explicitly tell Devise which mapping to use:

@request.env["devise.mapping"] = Devise.mappings[:user]

Links

• GitHub: Related PR
• GitHub: Related commit