LinkedIn deprecated OAuth login in favour of OIDC

markbates / goth

Package goth provides a simple, clean, and idiomatic way to write authentication packages for Go web applications.

https://blog.gobuffalo.io/goth-needs-a-new-maintainer-626cd47ca37b

MIT License

5.2k stars 566 forks source link

LinkedIn deprecated OAuth login in favour of OIDC #519

Open yktoo opened 10 months ago

yktoo commented 10 months ago

The deprecation notice:

This version of Sign In with LinkedIn has been deprecated as of August 1, 2023. For all Sign In with LinkedIn implementations going forward, please refer to Sign In with LinkedIn using OpenID Connect.

This leads to a change of scopes: instead of r_liteprofile, r_emailaddress only the following is now available:

oidc
profile
email

As a consequence, fetching profile in goth now fails with 403 Forbidden (here).

techknowlogick commented 9 months ago

Thanks for reporting this @yktoo

In this case, would changing the scopes in the code be sufficient, or would any API endpoints need to be updated?

yktoo commented 9 months ago

No, I tried with the above scopes and that's what results in a 403. I'm not sure what else needs to be changed.

trendamplifier commented 8 months ago

I have this issue too, can verify what @yktoo said. Please advise.