search

decioferreira / omniauth-linkedin-oauth2

A LinkedIn OAuth2 strategy for OmniAuth.
MIT License
117 stars 147 forks source link

LinkedIn launched a new SignIn product #74

Closed khier996 closed 8 months ago

khier996 commented 1 year ago

LinkedIn launched a new Signin product and removed the old one. The new one is called Sign In with LinkedIn using OpenID Connect

Screenshot at Aug 17 10-11-35

The scopes in the new product are completely different from the old ones:

Screenshot at Aug 17 10-11-45

These changes break this gem. Are there any plans to support new changes?

antonioJASR commented 1 year ago

Hello @khier996, I got the same problem, meanwhile I create a Pull Request to this gem you can use my custom code which works with the new Scopes.

Remove the gem omniauth-linkedin-oauth2 for now in your Gemfile and Add omniauth-oauth2:

# gem 'omniauth-linkedin-oauth2'
gem 'omniauth-oauth2'
gem 'omniauth-rails_csrf_protection' # Add this if need it

Create the file lib/strategies/linkedin.rb

require 'omniauth-oauth2'

module OmniAuth
  module Strategies
    class LinkedIn < OmniAuth::Strategies::OAuth2
      option :name, 'linkedin'

      option :client_options, {
        :site => 'https://api.linkedin.com',
        :authorize_url => 'https://www.linkedin.com/oauth/v2/authorization?response_type=code',
        :token_url => 'https://www.linkedin.com/oauth/v2/accessToken'
      }

      option :scope, 'openid profile email'
      option :fields, ['id', 'full-name', 'first-name', 'last-name', 'picture-url', 'email-address']
      option :redirect_url

      uid do
        raw_info['sub']
      end

      info do
        {:email => raw_info['email'],
         :first_name => raw_info['given_name'],
         :last_name => raw_info['family_name'],
         :picture_url => raw_info['picture']}
      end

      extra do
        {'raw_info' => raw_info}
      end

      def callback_url
        return options.redirect_url if options.redirect_url

        full_host + script_name + callback_path
      end

      alias :oauth2_access_token :access_token

      def access_token
        ::OAuth2::AccessToken.new(client, oauth2_access_token.token, {
          :expires_in => oauth2_access_token.expires_in,
          :expires_at => oauth2_access_token.expires_at,
          :refresh_token => oauth2_access_token.refresh_token
        })
      end

      def raw_info
        @raw_info ||= access_token.get(profile_endpoint).parsed
      end

      private

      def fields_mapping
        # Fields
        # https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin-v2?context=linkedin%2Fconsumer%2Fcontext#api-request-to-retreive-member-details
        {
          'id' => 'sub',
          'full-name' => 'name',
          'first-name' => 'given_name',
          'last-name' => 'family_name',
          'picture-url' => 'picture'
        }
      end

      def fields
        options.fields.each.with_object([]) do |field, result|
          result << fields_mapping[field] if fields_mapping.has_key? field
        end
      end

      def profile_endpoint
        "/v2/userinfo"
      end

      def token_params
        super.tap do |params|
          params.client_secret = options.client_secret
        end
      end
    end
  end
end

OmniAuth.config.add_camelization 'linkedin', 'LinkedIn'

Now, if you are using Devise like me:

In your config/initializers/devise.rb import the previous file:

require "strategies/linkedin"

Devise.setup do |config|
# bla bla bla

Lastly, Add the OmniAuth provider:

  config.omniauth :linkedin,
                  ENV.fetch('LINKEDIN_CLIENT_ID'),
                  ENV.fetch('LINKEDIN_CLIENT_SECRET')

Hope if helps

pjg commented 1 year ago

@antonioJASR perhaps this warrants its own gem, something called omniauth-linkedin-openid? I'm not sure it would be possible to support both "solutions" in this gem.

babilonczyk commented 1 year ago

Is the older sign in product supported as well or replaced by the new one?

jclusso commented 1 year ago

For anyone that needs this, I put @antonioJASR's work into a PR and updated the tests and docs.

khier996 commented 1 year ago

Thanks @antonioJASR ! Your code seems to work for other people, there is even a new gem with your code! But for me it returns this error: {"error":"invalid_request","error_description":"Duplicate values defined for \"client_secret\" parameter"} Do you know what might be causing it?

jclusso commented 1 year ago

@khier996 I think i would be best to track issues for the new gem on that tracker instead of here.

khier996 commented 1 year ago

@jclusso Ok, created a new issue

frenkel commented 11 months ago

Is the older sign in product supported as well or replaced by the new one?

It seems new LinkedIn Applications cannot add the old one, so I think it has been replaced.

decioferreira commented 8 months ago

I think this can now be closed given that a new gem jclusso/omniauth-linkedin-openid has been created.