LinkedIn Reconcile Lambda

When a LinkedIn identity provider is used to complete a federated login request, FusionAuth will use the configured linking strategy to reconcile the user. FusionAuth will attempt to match the user information returned from the LinkedIn identity provider to an existing user account or create a new one.

You may optionally utilize a lambda to customize the user and user registration during the authentication event.

When you create a new lambda using the FusionAuth adminstrative user interface, you will be provided an empty function to implement.

Lambda Structure

If you are using the API to create the lambda you will need to ensure your function has the following signature:

function reconcile(user, registration, linkedInUser) {
  // Lambda code goes here

This lambda must contain a function named reconcile that takes three parameters. The parameters that the lambda is passed are:

  • user - the FusionAuth User object. You can modify this, except the email or username attribute may not be modified after the user has been linked.
  • registration - the FusionAuth UserRegistration object. You can modify this.
  • linkedInUser - the JSON payload returned by the LinkedIn Email and Me APIs. This is read-only.

The two FusionAuth objects are well documented here in the User API and Registration API documentation. The linkedInUser may contain various user claims depending upon the user’s LinkedIn configuration and the scopes requested in the LinkedIn configuration.

Assigning The Lambda

Once a lambda is created, you may assign it to the LinkedIn identity provider in the IdP configuration.

Navigate to Settings -> Identity Providers and select your existing LinkedIn configuration or click Add provider and select LinkedIn if it has not yet been configured.

Default Lambda

A default LinkedIn reconcile lambda is available in FusionAuth that may be used or modified. The default LinkedIn lambda function is documented below.

Note that in this lambda we handle two different response objects depending on what type of integration with LinkedIn your application is using. See Set Up Your LinkedIn App Client Credentials for more information.

The best way to know which format your user’s data is being return in is to use the console.log statement and print the linkedInUser field to the event log.

// This is the default LinkedIn reconcile, modify this to your liking.
function reconcile(user, registration, linkedInUser) {
  // Un-comment this line to see the linkedInUser object printed to the event log
  //, null, ' '));

  // Depending on how and when you have set up your LinkedIn application you may get a different response back in the linkedInUser.
  // The first checks apply if you are using the "Sign In with LinkedIn using OpenID Connect" with the "openid", "email", and "profile" scopes.
  // If so FusionAuth will call the LinkedIn UserInfo API.
  // See
  // The second checks apply if you are using the legacy program and Profile API with the "r_liteprofile" or "r_basicprofile" scopes.
  // See

  if (linkedInUser.given_name) {
    user.firstName = linkedInUser.given_name;
  } else if (linkedInUser.localizedFirstName) {
    user.firstName = linkedInUser.localizedFirstName;

  if (linkedInUser.family_name) {
    user.lastName = linkedInUser.family_name;
  } else if (linkedInUser.localizedLastName) {
    user.lastName = linkedInUser.localizedLastName;

  if (linkedInUser.picture) {
    // UserInfo will only supply one image size
    user.imageUrl = linkedInUser.picture;
  } else if (linkedInUser.profilePicture){
    // LinkedIn may return several images sizes.
    // See
    // We'll sort the array by descending size and then grab the largest one.
    var images = linkedInUser.profilePicture['displayImage~'].elements || [];
    images.sort(function(a, b) {
      return["com.linkedin.digitalmedia.mediaartifact.StillImage"].displaySize.width -["com.linkedin.digitalmedia.mediaartifact.StillImage"].displaySize.width;
    if (images.length > 0) {
      user.imageUrl = images[0].identifiers[0].identifier;