New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(providers): Include client_id
and client_secret
in LinkedIn token request
#5236
fix(providers): Include client_id
and client_secret
in LinkedIn token request
#5236
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎ 1 Ignored Deployment
|
Linkedin now requires client_id and client_secret to be sent in the oauth callback. Fixes nextauthjs#5220
33f66ed
to
b6d332e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thanks for the PR
I'll merge this once I verified the fix 🙏
client_id
and client_secret
in LinkedIn token request
token: { | ||
url: "https://www.linkedin.com/oauth/v2/accessToken", | ||
async request({ | ||
client, | ||
params, | ||
checks, | ||
provider | ||
}) { | ||
const response = await client.oauthCallback(provider.callbackUrl, params, checks, { | ||
exchangeBody: { | ||
client_id: options.clientId, | ||
client_secret: options.clientSecret, | ||
} | ||
}); | ||
return { | ||
tokens: response | ||
}; | ||
} | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not necessary, you can just add the following config:
client: {
token_endpoint_auth_method: "client_secret_post",
},
Read more here: https://next-auth.js.org/configuration/providers/oauth#client-option
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the solution from @balazsorban44 works for me as well, thanks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR! Could you please address my review so we can merge this? 🙏
I had the same comment on your other PR here: #5225 (review)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I applied the changes, so we can merge this quicker. Thanks for the PR!
Linkedin now requires client_id and client_secret to be
sent in the oauth callback. Fixes #5220
Edit: related: https://docs.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin%2Fcontext&view=li-lms-2022-08&tabs=HTTPS#step-3-exchange-authorization-code-for-an-access-token
☕️ Reasoning
Linkedin now requires client_id and client_secret to be
sent in the oauth callback. This PR adds them. Fixes #5220
🧢 Checklist
🎫 Affected issues
Please scout and link issues that might be solved by this PR.
Fixes: #5220
📌 Resources