Overview
Available since 1.23.0
Adding a Sign in with LinkedIn button to FusionAuth is simple, and this guide will walk you through the steps necessary to collect the credentials from LinkedIn in order to enable this Social login.
Once you have completed this configuration you will be able to enable the LinkedIn login button for one or more FusionAuth Applications. Below is an example login page with the LinkedIn Identity Provider enabled.
First, log in to LinkedIn and navigate to the developer portal.
Optionally Create a LinkedIn App
If you have an existing LinkedIn app which you are going to use, skip this step.
If you don’t have an existing LinkedIn app, navigate to the new application form and fill it out. In the following example I will create my first application before I can create credentials. I will call the application Pied Piper.
Grant Your App Required Permissions
In the LinkedIn developer portal, ensure you are viewing the correct LinkedIn application by navigating to My apps -> Your Application.
If you don’t see the Products tab for your application, navigate to Products in the top level menu. This may occur if this is your first LinkedIn application.
Navigate to My apps -> Your Application -> Products. Select Sign In With LinkedIn and accept the terms.
Your application may not be immediately available. It may be reviewed for a time by the LinkedIn platform team.
Set Up Your LinkedIn App Client Credentials
In the LinkedIn developer portal, ensure you are viewing the correct LinkedIn app by navigating to My apps -> Your Application.
View the application credentials by going to Auth -> Application credentials. Record both the Client ID and the Client Secret values.
Add your redirect URL. This value will be your FusionAuth installation hostname with the string /oauth2/callback appended. For example, if you are going to access FusionAuth at https://login.piedpiper.com then you will add https://login.piedpiper.com/oauth2/callback to the Authorized redirect URLs for your app list.
Save the setting.
You should see the following scopes in the Oauth 2.0 Scopes section:
r_emailaddressr_liteprofile
If you do not see these scopes, you may not have added the LinkedIn product to your LinkedIn app correctly. You may also need to reload the app page or log out of LinkedIn and log in again to make sure your application has the proper permissions.
Now you have completed creating a LinkedIn App with the appropriate permissions.
Create a LinkedIn Identity Provider
The last step will be to create a LinkedIn Identity Provider in FusionAuth. Log in to the FusionAuth administrative user interface. Create an Identity Provider by navigating to Settings -> Identity Providers and click on the menu on the upper right and select Add LinkedIn.
This will take you to the Add LinkedIn screen, and you’ll fill out the Client Id and Client secret required fields with the values previously recorded. The button text is also required, but it will be defaulted to Sign in with LinkedIn. You may optionally modify this value.
To enable this identity provider for an application, find your application name in the Applications configuration section at the bottom of this panel. You will always see the FusionAuth application, this application represents the FusionAuth administrative user interface. If you wish to be able to log into FusionAuth with this provider, you may enable this application.
In the following screenshot you will see that we have enabled this login provider for the Pied Piper application and enabled Create registration. Enabling create registration means that a user does not need to be manually registered for the application prior to using this login provider.
For example, when a new user attempts to log into Pied Piper using LinkedIn, if their user does not exist in FusionAuth it will be created dynamically, and if the Create registration toggle has been enabled, the user will also be registered for Pied Piper and assigned any default roles assigned by the application.
If you do not wish to automatically provision a user for this application when logging in with LinkedIn, leave Create registration off. You will need to manually register a user for this application before they may Sign in with LinkedIn.
That's it, now the Sign in with LinkedIn button will show up on the login page for the Pied Piper application.
Form Fields
The LinkedIn Client Id found in your LinkedIn credentials settings in the Client ID field.
The LinkedIn Client Secret found in your LinkedIn credentials settings in the Client secret field.
The text to be displayed in the button on the login form. This value defaults to Sign in with LinkedIn but it may be modified to your preference.
This optional field defines the scope you’re requesting from the user during login The default scopes are the suggested values. See the LinkedIn documentation for further information.
The linking strategy for LinkedIn. See Linking Strategies for more.
A lambda may be utilized to map custom claims returned from LinkedIn. See the LinkedIn Reconcile lambda documentation for more details.
To configure a lambda, navigate to Customizations -> Lambdas.
Enable debug to create an event log to assist you in debugging integration errors.
Building Your Own Integration
If you are building your own login experience, you'll want to start the identity provider flow yourself and then complete the login.
You might do this if you are using the Login API rather than using the hosted FusionAuth login pages.
Completing the login is documented further in the API.
If you require a refresh token after completing the login, ensure Enable JWT Refresh is true in the application configuration. This is found in the administrative user interface by navigating to Applications -> Your Application -> Security -> Login API settings.