search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
748 stars 727 forks source link

Encountering 'Something Went Wrong' Error When Attempting Authentication Using LinkedIn Federated Authenticator" #19464

Closed melanisilva closed 8 months ago

melanisilva commented 8 months ago

Describe the issue: After configuring LinkedIn authenticator as a custom authenticator, unable to authenticate using it, resulting in redirection to an error page. No server errors are displayed.

Screenshot 2024-02-09 at 12 15 18

Special note: This behavior was found with the newly configured LinkedIn Apps. Tried the flow with the app configured around a year ago and the flow was working as expected.

https://github.com/wso2/product-is/assets/41188245/ca1099dc-fdb3-4ead-92f6-35f48f8db771

How to reproduce:

  1. Create an app
  2. Create a new Custom Authenticator
  3. Configure a Linked In App - > Doc
  4. Add the configurations to the custom connector -> linked in authenticator.
  5. add the connector to the created app sign-in flow
  6. try to sign in using linkedIn

Expected behavior:

Environment information (Please complete the following information; remove any unnecessary fields) :

Optional Fields

Related issues:

Suggested labels:

asha15 commented 8 months ago

The issue occurs due to the deprecation of Sign In with LinkedIn feature on August 1, 2023. Previously when an application is created the document instructed to configure the Sign in with LinkedIn feature and in result the application get following scopes assigned: r_emailaddress, r_liteprofile, w_member_social

During the federated authentication the scope will be passed and the authentication will be successful.

Sample URL

https://www.linkedin.com/oauth/v2/authorization?scope=r_liteprofile+r_emailaddress&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%3A9443%2Fcommonauth&state=0203b16e-2df4-4a03-8c2e-22f848c37eeb%2Clinkedin&client_id=866ubeuhkh9s62

However after the deprecation of Sign in with LinkedIn feature they have introduced a Sign In with LinkedIn using OpenID Connect and that assigns a new set of scopes. They as as follows:

Openid, profile, w_member_social, email

During the federated authentication instead of passing the new scopes (for the newly created apps) we’re currently passing the old scopes. Due to that scopes mismatch the federated authentication is getting failed.

I had an application with the r_emailaddress, r_liteprofile, w_member_social (the application was created two years ago) and i tried federated authentication with the latest pack and authentication is successful

Screencast from 15-02-24 21:25:27.webm

asha15 commented 8 months ago

Created a separate issue [1] to improve the LinkedIn connector to support Sign In with LinkedIn using OpenID Connect feature

[1] https://github.com/wso2/product-is/issues/19643

asha15 commented 8 months ago

Closing the issue since LinkedIn federated authentication work with the old LinkedIn application.