Login/Register
unauthorized_scope_error in LinkedIn oAuth2 authentication
Asked Answered
oauth-2.0linkedin-api
G

9

29

I am following the official Microsoft instructions in Sign in with Linkedin (there are also the Linkedin instructions here), which also link here for the authorization code flow. As instructed, I have set up a linkedin application and used the client id and secret to initiate an oAuth 2 flow, requesting the r_liteprofile and r_emailaddress scopes.

Instead of getting the login form, I am redirected to my callback url with the following params:

error: unauthorized_scope_error error_description: Scope "r_liteprofile" is not authorized for your application state: cfa970987c9a3c2178dddeda0d81dab3e00dce4c683098d6

This is the list of default scopes (which, as per the documentation, are the ones granted if you don't specify a list of scopes yourself), and the r_liteprofile is not in there.

enter image description here

Is the documentation out of date, or am I overlooking something?

Gove answered 26/11, 2018 at 10:27 Comment(0)
P
44

We have to enable "Sign In with LinkedIn" under the products tab, only then you can avail that scope (r_liteprofile and/or r_emailaddress) and services.

enter image description here

This goes for the review process(System takes max 60 mins to approve) and If your request has been approved, the relevant product will be moved to the "Added products" section.

enter image description here

Product answered 27/9, 2020 at 12:35 Comment(2)
omg thank you so much. They like never mentioned this in their docs.Fitzhugh
Yeah, I too wasted my time lot, glad this helped you.Product
T
9

This happened to me the other day but somehow I was able to get around the issue. The new Microsoft API docs for LinkedIn are up to date. The docs on LinkedIn Developers portal will soon be outdated:

Important update: All developers need to migrate to Version 2.0 of our APIs and OAuth 2.0 by March 1, 2019.

A few things to try:

  • Register a new LinkedIn OAuth 2.0 developer application - newly registered applications have access to the new V2 API
  • Try removing the r_liteprofile scope or revert back to r_basicprofile
Terena answered 18/12, 2018 at 12:26 Comment(1)
Yeah, I changed the scopes to ["r_basicprofile"] and it bypassed the error.Tref
F
6

Post August 2023:

For those wondering, LinkedIn changed their oauth scopes again, see https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin-v2

Scope names are now "email"/etc, not "r_emailaddress" any more.

Flavius answered 23/10, 2023 at 3:6 Comment(0)
I
5

My little contribution in 2021.

It seems like Linkedin keeps changing the value for scopes.

On the Linkedin developer portal looking under OAuth 2.0 scopes section in the Auth tab, I found the values that finally worked for me.

PS: Make sure to enable Sign-in from the product Tab. Linkedin API scope

Invigorate answered 1/2, 2021 at 8:38 Comment(2)
Thanks, 2023 scope for my app is : "openid%20profile%20email" , just simple profile & email no more prefixes!Orchestrion
Yah sure. @Invigorate this correct as at 2024 AprilGervase
K
1

Navigate to Products in the LinkedIn Developer Console and select Sign in with LinkedIn.

The verification process takes a few moments and then r_emailaddress and r_liteprofile should appear under your permissions.

Kerwon answered 5/12, 2020 at 14:27 Comment(0)
E
1

the solution is to include the following scope in your OAuth2 authentication request: scope: 'openid email profile'

Equiponderate answered 7/11, 2023 at 11:14 Comment(1)
Thank you for your interest in contributing to the Stack Overflow community. This question already has quite a few answers—including one that has been extensively validated by the community. Are you certain your approach hasn’t been given previously? If so, it would be useful to explain how your approach is different, under what circumstances your approach might be preferred, and/or why you think the previous answers aren’t sufficient. Can you kindly edit your answer to offer an explanation?Fina
C
1

If you're encountering an "invalid_scope_error" while working with LinkedIn API in Python, it typically means that the requested scope in your authentication request is not valid or not allowed for your application.

For 2023 and further the scope has been changed from r_liteprofile, r_emailaddress and w_member_social to profile, email and w_member_social

you can try with below code

import requests

client_id = 'your_client_id'
redirect_uri = 'your_redirect_uri'
scope = 'profile email w_member_social'  # Modify this based on your required scopes

authorization_url = f'https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id={client_id}&redirect_uri={redirect_uri}&scope={scope}'

print(f'Please go to the following URL to reauthorized your application: {authorization_url}')

:)

Contributor answered 4/12, 2023 at 13:1 Comment(0)
F
0

Solution for me was to click "select" next to "Sign In with LinkedIn" on the LinkedIn developers console for my app.

Ferreira answered 5/9, 2020 at 23:4 Comment(0)
T
0

We must add a product with Sign In with LinkedIn (click on select): Product menu with "Sign in with linkedin" selected.png. Then, in the auth menu: OAuth 2.0 scopes, we get this : Auth menu scope.png

Trinitrotoluene answered 20/4, 2021 at 8:33 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.