Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LinkedIn SSO not working #23645

Open
mahendraHegde opened this issue Sep 12, 2024 · 2 comments
Open

LinkedIn SSO not working #23645

mahendraHegde opened this issue Sep 12, 2024 · 2 comments

Comments

@mahendraHegde
Copy link
Contributor

Describe the Bug

I'm trying to implement linkedIn oauth, but i get below error on auth callback, i tried both hosted and localhost no luck

http://localhost:8088/auth/login/linkedin/callback?code=xxxxx&state=yyyyy

error

{
    "errors": [
        {
            "message": "Service \"oauth2\" is unavailable. Service returned unexpected response: A required parameter \"client_id\" is missing.",
            "extensions": {
                "service": "oauth2",
                "reason": "Service returned unexpected response: A required parameter \"client_id\" is missing",
                "code": "SERVICE_UNAVAILABLE"
            }
        }
    ]
}

here's the .env

AUTH_LINKEDIN_DRIVER="oauth2"
AUTH_LINKEDIN_CLIENT_ID="xxx"
AUTH_LINKEDIN_CLIENT_SECRET="xxx"
AUTH_LINKEDIN_AUTHORIZE_URL="https://www.linkedin.com/oauth/v2/authorization"
AUTH_LINKEDIN_ACCESS_URL="https://www.linkedin.com/oauth/v2/accessToken"
AUTH_LINKEDIN_PROFILE_URL="https://api.linkedin.com/v2/me"
AUTH_LINKEDIN_ALLOW_PUBLIC_REGISTRATION=true
AUTH_LINKEDIN_DEFAULT_ROLE_ID=xxxx
AUTH_LINKEDIN_REDIRECT_ALLOW_LIST=https://client.domain.com/auth/callback/,http://localhost:3000/auth/callback/

Upon investigating further it seems like accessToken api called from openid-client isnt passing client_id and client_secret as request body, I made below change to /api/auth/drivers/oauth2/.js and it seems to work, but I dint investigate how this change would impact other providers.

from

tokenSet = await this.client.oauthCallback(this.redirectUrl, { code: payload['code'], state: payload['state'] }, { code_verifier: payload['codeVerifier'], state: codeChallenge });

to

tokenSet = await this.client.oauthCallback(this.redirectUrl, { code: payload['code'], state: payload['state'] }, {  state: codeChallenge},{exchangeBody:{client_id:this.fulConf.clientId,client_secret:this.fulConf.clientSecret}});

I'd be happy to send a fix if you agree with the change or have any suggestions.

To Reproduce

use above config and and try to login using linkedIn

Directus Version

v11.1.0

Hosting Strategy

Self-Hosted (Docker Image)

Database

sqlite
@paescuj
Copy link
Member

paescuj commented Sep 12, 2024

Can you check whether #9521 (comment) helps?
Cause it might be the same problem as in the linked issue, where the value of AUTH_LINKEDIN_CLIENT_ID is mistakenly interpreted as a number and thus ignored by the openid-client library.

@mahendraHegde
Copy link
Contributor Author

@paescuj thanks for the response, but linkedIn clientId is not in numeric format, I anyway tried casting to string in .env still no luck!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@paescuj @mahendraHegde