[LinkedIn] InternalOAuthError: failed to fetch user profile (status: 500)

dandrei commented 5 years ago

Hey everyone,

I have the following use case & issue.

What works

I have setup LinkedIn authentication for a web app and it's running smooth for most users. The flow is the following:

They click the "Log in with LinkedIn" button in Lock.
They are taken to the LinkedIn site to login to LinkedIn (https://www.linkedin.com/uas/login?session_redirect=%2Foauth%2Fv2%2Flogin-success%3Fapp_id ...).
They are redirected to back to the site, under /callback#access_token ... (the info is coded in the URL hash and it gets parsed by WebAuth from auth0-js (webAuth.parseHash((err, authResult) => { ...)).

All fine and good so far.

What fails

The problem is that for one particular user, the authentication started failing a few days ago, even though it worked before!

It fails at point 3, LinkedIn doesn't return the regular hash (#access_token ...), but returns an error: (/callback#error=invalid_request&error_description=InternalOAuthError%3A%20failed%20to%20fetch%20user%20profile%20(status%3A%20500%20data%3A%20%7B%0A%20%20%22errorCode ...).

 InternalOAuthError: failed to fetch user profile (status: 500)

What I tried to solve it:

Clearing cookies & Local Storage
User de-authorized the app from his LinkedIn Permitted Services page (https://www.linkedin.com/psettings/permitted-services) then authenticated again.
The same person signed in with another user / pass combination on the same browser. Worked fine.

What I haven't yet tried is deleting the user from the Auth0 dashboard, but I don't want to do that.

Speculation

I suspect it might be related to the upcoming changes in LinkedIn.

And it might or might not be related to discussions in another Auth0 repo, /auth0/passport-linkedin-oauth2, specifically:

Questions

What can I do to further address this? Should I just wait and hope LinkedIn solves it? Is there anything I can do on my side to makes sure this doesn't happen?

Thank you for using Lock!

Prerequisites

[x] I have read the Auth0 general contribution guidelines
[x] I have read the Auth0 Code of Conduct
[x] Did you check the documentation in the README or on our docs site?
[ ] Did you check the Auth0 Community?
[x] Are you reporting this to the correct repository?
[ ] Are there any related or duplicate Issues or PRs for this issue?

Environment

Please provide the following:

Lock version: 11.14.0
Browser version: Chrome 72.0.3626.96
OS: Win10, OS X
Additional extensions/libraries that might be affecting your instance:

Reproduction

 const options = {
     allowedConnections: ['linkedin'],
     languageDictionary: {
         title: "Welcome"
     },
     auth: {
         redirectUrl: AUTH0_CONFIG.callbackUrl,
         responseType: 'token id_token',
         params: {
             scope: 'openid profile email',
             audience: AUTH0_CONFIG.apiUrl,
         }
     },
     autoclose: true,
 };
 const lock = new Auth0Lock(AUTH0_CONFIG.clientId, AUTH0_CONFIG.domain, options);

luisrudge commented 5 years ago

Hi, this doesn't look like a bug in the SDK. Please reach out to our amazing support team at https://support.auth0.com so they can better assist you with your scenario.

dandrei commented 5 years ago

You're right, this is actually LinkedIn upgrading their APIs. Auth0 has released several updates about this and it looks like the problem just went away after I opted in to the new version of the LinkedIn API.

Thanks!

auth0 / lock