LinkedIn OAuth2 with spring-security-oauth2-client not working, client_id missing when requesting accessToken

1
votes

The spring-security-oauth2-client provides the means to easily integrate foreign services with my application. It has built-in support for authentication with Google, Facebook, Github & Okta, but also supports the registration of other oauth2 providers. In this case I'm trying to add LinkedIn as a provider, which works great up until my application tries to make the POST-request to https://www.linkedin.com/oauth/v2/accessToken .

For this request to succeed it requires the client_id & client_secret to be added as parameters. But this isn't the way spring-security-oauth2-client is built, because all of the other providers require the client_id & client_secret to be added as an encoded string in the request headers.

Because of this LinkedIn returns a 401 saying it's missing my client_id. You can view my configuration of the LinkedIn provider down below:

spring.security.oauth2.client.registration.linkedin.provider=linkedin
spring.security.oauth2.client.registration.linkedin.client-id=MYID
spring.security.oauth2.client.registration.linkedin.client-secret=MYSECRET
spring.security.oauth2.client.registration.linkedin.scope=MYSCOPES
spring.security.oauth2.client.registration.linkedin.client-name=linkedin login
spring.security.oauth2.client.registration.linkedin.redirect-uri-template=http://MYWEBSITE/login/oauth2/code/linkedin
spring.security.oauth2.client.registration.linkedin.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.linkedin.client-authentication-method=form

spring.security.oauth2.client.provider.linkedin.authorization-uri=https://www.linkedin.com/oauth/v2/authorization
spring.security.oauth2.client.provider.linkedin.token-uri=https://www.linkedin.com/oauth/v2/accessToken
spring.security.oauth2.client.provider.linkedin.user-info-uri=https://api.linkedin.com/v2/me

Trying this configuration with Github's credentials and url's resulted in my website successfully receiving an accessToken from Github.

Is there any way to configure this package to work with LinkedIn? Or is there any possibile way that LinkedIn might allow the client_id & client_secret in the headers of the POST-request to https://www.linkedin.com/oauth/v2/accessToken?

1
spring-bootauthenticationoauth-2.0linkedinspring-security-oauth2

1 Answers

0
votes

Due to the setting spring.security.oauth2.client.registration.linkedin.client-authentication-method=form, I was unable to make the correct request to LinkedIn. The setting form was not supported by my version of spring-security-oauth2-client (5.0.6.RELEASE). After changing it to post it worked like a charm, but then I encountered the next problem which I'm going to ask about in another question.

The question for my newly encountered troubles: LinkedIn OAuth2 /accessToken response not return a "token_type"