Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

unauthorized_scope_error in LinkedIn oAuth2 authentication

Tags:

I am following the official Microsoft instructions in Sign in with Linkedin (there are also the Linkedin instructions here), which also link here for the authorization code flow. As instructed, I have set up a linkedin application and used the client id and secret to initiate an oAuth 2 flow, requesting the r_liteprofile and r_emailaddress scopes.

Instead of getting the login form, I am redirected to my callback url with the following params:

error: unauthorized_scope_error error_description: Scope "r_liteprofile" is not authorized for your application state: cfa970987c9a3c2178dddeda0d81dab3e00dce4c683098d6

This is the list of default scopes (which, as per the documentation, are the ones granted if you don't specify a list of scopes yourself), and the r_liteprofile is not in there.

enter image description here

Is the documentation out of date, or am I overlooking something?

like image 635
Markos Fragkakis Avatar asked Nov 26 '18 10:11

Markos Fragkakis


People also ask

Are you already using LinkedIn's new OAuth UI?

If your application has implemented LinkedIn's OAuth 2.0 UI within the past year, it is likely you are already using the new OAuth 2.0 UI and no further action is required. What's new?

How do I authenticate to LinkedIn API?

Authenticating with OAuth 2.0 Overview. The LinkedIn API uses OAuth 2.0 for user authorization and API authentication. Applications must be authorized and authenticated before they can fetch data from LinkedIn or get access to member data. Follow one of the two authorization flows in Permissions to get started.

What is an OAuth state and code for LinkedIn?

code — The OAuth 2.0 authorization code. state — A value used to test for possible CSRF attacks. The code is a value that you exchange with LinkedIn for an OAuth 2.0 access token in the next step of the authentication process. For security reasons, the authorization code has a 30-minute lifespan and must be used immediately.

Does the LinkedIn API support Application Authorization?

Not all APIs support Application Authorization. For example, Marketing APIs must use Member Authorization. Always request the minimal permission scopes necessary for your use case. You can explore the OAuth Sample Applications that enables you to try out RESTful OAuth calls to the LinkedIn Authentication server.


1 Answers

We have to enable "Sign In with LinkedIn" under the products tab, only then you can avail that scope (r_liteprofile and/or r_emailaddress) and services.

enter image description here

This goes for the review process(System takes max 60 mins to approve) and If your request has been approved, the relevant product will be moved to the "Added products" section.

enter image description here

like image 61
Bala.Raj Avatar answered Sep 23 '22 12:09

Bala.Raj