1

I am using Google Cloud Identity Platform and trying to configure LinkedIn as a provider. I went through all the steps to register the app and have a client id and secret. I also configured the proper redirect uri.

The issue seems to be with the issuer.

The guidance for the issuer (https://firebase.google.com/docs/auth/ios/openid-connect) is that it appends "/.well-known/openid-configuration" to the issuer URL.

According to the discovery endpoint, I should set it to "https://www.linkedin.com".

But if I go to "https://www.linkedin.com/.well-known/openid-configuration", I get a 404.

Through some digging, I found that the discovery is actually under this url instead: https://www.linkedin.com/oauth/.well-known/openid-configuration

{
  "issuer" : "https://www.linkedin.com",
  "authorization_endpoint" : "https://www.linkedin.com/oauth/v2/authorization",
  "token_endpoint" : "https://www.linkedin.com/oauth/v2/accessToken",
  "userinfo_endpoint" : "https://api.linkedin.com/v2/userinfo",
  "jwks_uri" : "https://www.linkedin.com/oauth/openid/jwks",
  "response_types_supported" : [ "code" ],
  "subject_types_supported" : [ "pairwise" ],
  "id_token_signing_alg_values_supported" : [ "RS256" ],
  "scopes_supported" : [ "openid", "profile", "email" ],
  "claims_supported" : [ "iss", "aud", "iat", "exp", "sub", "name", "given_name", "family_name", "picture", "email", "email_verified", "locale" ]
}

I get an error if the issuer url does not match the issuer url contained in the discovery. Is there something that I'm missing? Or is LinkedIn not following the spec?

It would work if they set the issuer as "https://www.linkedin.com/oauth".

kevex91
  • 134
  • 1
  • 6
  • I know OAuth well, but not the details of your problem with the Firebase reference. Edit your post and show what you configured. LinkedIn is so popular that if there were a problem with .well-known/openid-configuration that would be discovered quickly. My guess is there is a configuration issue with your setup. – John Hanley Aug 08 '23 at 21:06
  • 1
    @JohnHanley, thanks for your suggestion to edit the post. It helped me figure out that the Flutter Firebase Auth package (https://firebase.google.com/docs/auth/flutter/federated-auth) combined with Identity Platform doesn't work with custom providers that don't 100% follow OIDC out of the box. I just went with a pure OAuth2 implementation instead of using Identity Platform. This way I could manually set the parameters instead and managed to get access. – kevex91 Aug 10 '23 at 07:58
  • 1
    If we could provide a custom discovery endpoint in Identity Platform that is nested within the issuer domain, it would help. Ex: issuer = https://example.com, discovery = https://example.com/oauth – kevex91 Aug 10 '23 at 08:01
  • Which OAuth2 implementation/library did you select? I want to do some testing myself based on your post. – John Hanley Aug 10 '23 at 17:04

0 Answers0