LinkedIn Identity Provider

Overview

Available since 1.23.0

Adding a Sign in with LinkedIn button to FusionAuth is simple, and this guide will walk you through the steps necessary to collect the credentials from LinkedIn in order to enable this Social login.


Once you have completed this configuration you will be able to enable the LinkedIn login button for one or more FusionAuth Applications. Below is an example login page with the LinkedIn Identity Provider enabled.

LinkedIn Login

First, log in to LinkedIn and navigate to the developer portal.

Optionally Create a LinkedIn App

If you have an existing LinkedIn app which you are going to use, skip this step.

If you don’t have an existing LinkedIn app, navigate to the new application form and fill it out. In the following example I will create my first application before I can create credentials. I will call the application Pied Piper.

Create LinkedIn App

Grant Your App Required Permissions

In the LinkedIn developer portal, ensure you are viewing the correct LinkedIn application by navigating to My apps → Your Application.

If you don’t see the Products tab for your application, navigate to Products in the top level menu. This may occur if this is your first LinkedIn application.

Navigate to My apps → Your Application → Products. Select Sign In With LinkedIn and accept the terms.

Adding the Sign In With LinkedIn product

Set Up Your LinkedIn App Client Credentials

In the LinkedIn developer portal, ensure you are viewing the correct LinkedIn app by navigating to My apps → Your Application.

View the application credentials by going to Auth → Application credentials. Record both the Client ID and the Client Secret values.

Retrieve LinkedIn Credentials

Add your redirect URL. This value will be your FusionAuth installation hostname with the string /oauth2/callback appended. For example, if you are going to access FusionAuth at https://login.piedpiper.com then you will add https://login.piedpiper.com/oauth2/callback to the Authorized redirect URLs for your app list.

Save the setting.

You should see the following scopes in the Oauth 2.0 Scopes section:

  • r_emailaddress

  • r_liteprofile

If you do not see these scopes, you may not have added the LinkedIn product to your LinkedIn app correctly. You may also need to reload the app page or log out of LinkedIn and log in again to make sure your application has the proper permissions.

Now you have completed creating a LinkedIn App with the appropriate permissions.

Create a LinkedIn Identity Provider

The last step will be to create a LinkedIn Identity Provider in FusionAuth. Log in to the FusionAuth administrative user interface. Create an Identity Provider by navigating to Settings → Identity Providers and click Add provider and select LinkedIn from the dialog.

This will take you to the Add LinkedIn panel, and you’ll fill out the Client Id and Client secret required fields with the values previously recorded. The button text is also required but it will be defaulted to Sign in with LinkedIn. You may optionally modify this value.

To enable this identity provider for an application, find your application name in the Applications configuration section at the bottom of this panel. You will always see the FusionAuth application, this application represents the FusionAuth administrative user interface. If you wish to be able to log into FusionAuth with this provider, you may enable this application.

In the following screenshot you will see that we have enabled this login provider for the Pied Piper application and enabled Create registration. Enabling create registration means that a user does not need to be manually registered for the application prior to using this login provider.

For example, when a new user attempts to log into Pied Piper using LinkedIn, if their user does not exist in FusionAuth it will be created dynamically, and if the Create registration toggle has been enabled, the user will also be registered for Pied Piper and assigned any default roles assigned by the application.

If you do not wish to automatically provision a user for this Application when logging in with LinkedIn, leave Create registration off. You will need to manually register a user for this application before they may Sign in with LinkedIn.

That’s it, now the Sign in with LinkedIn button will show up on the login page for the Pied Piper application.

Add the LinkedIn Identity Provider

Form Fields

Client Id Required

The LinkedIn Client Id found in your LinkedIn credentials settings in the Client ID field.

Client secret Required

The LinkedIn Client Secret found in your LinkedIn credentials settings in the Client secret field.

Button text Required

The text to be displayed in the button on the login form. This value defaults to Sign in with LinkedIn but it may be modified to your preference.

Scope Optional

This optional field defines the scope you’re requesting from the user during login The default scopes are the suggested values. See the LinkedIn documentation for further information.

Reconcile lambda Optional

A lambda may be utilized to map custom claims returned from LinkedIn. See the the LinkedIn Reconcile lambda documentation for more details.

To configure a lambda, navigate to Settings → Lambdas.

Debug enabled Optional defaults to false

Enable debug to create an event log to assist you in debugging integration errors.

Building Your Own Integration

If you are building your own login experience, you’ll want to start the identity provider flow yourself and then complete the login.

You might do this if you are using the Login API rather than using the hosted FusionAuth login pages.

Completing the login is documented further in the API.

Feedback

How helpful was this page?

See a problem?

File an issue in our docs repo