linked oauth /accessToken endpoint is not including client_id and secret

[ITsolution-git]

Environment

System:
OS: Linux 5.15 Ubuntu 20.04.4 LTS (Focal Fossa)
CPU: (4) x64 Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz
Memory: 168.41 MB / 15.54 GB
Container: Yes
Shell: 5.0.17 - /bin/bash
Binaries:
Node: 16.13.1 - ~/.nvm/versions/node/v16.13.1/bin/node
Yarn: 1.22.17 - ~/.nvm/versions/node/v16.13.1/bin/yarn
npm: 8.1.2 - ~/.nvm/versions/node/v16.13.1/bin/npm
Browsers:
Chrome: 101.0.4951.64
Chromium: 104.0.5112.101
Firefox: 104.0
npmPackages:
next: ^12.2.2 => 12.2.2
next-auth: ^4.10.2 => 4.10.3
react: ^17.0.2 => 17.0.2

Reproduction URL

dbnews.vercel.app

Describe the issue

My linkedin provider

 LinkedInProvider({
    clientId: process.env.LINKEDIN_CLIENT_ID,
    clientSecret: process.env.LINKEDIN_CLIENT_SECRET,
    authorization: {
      url: 'https://www.linkedin.com/oauth/v2/authorization',
      params: { scope: 'r_liteprofile r_emailaddress' },
    },
  }),

Linkedin documentation to exchange the token from code.

curl -X POST https://www.linkedin.com/oauth/v2/accessToken?grant_type=authorization_code&code={authorization_code_from_step2_response}&redirect_uri={your_callback_url}&client_id={your_client_id}&client_secret={your_client_secret}' \
-H 'Content-Type: application/x-www-form-urlencoded'

Actual request

Issue I found
The linkedin's /accessToken endpoint requires to provide the client_id and secret. But actual request did not send the client keys.
Thus I am getting

Is this the next-auth issue or openid issue? Please help. Thank you

How to reproduce

Go to dbnews.vercel.app and click login.
And click "Linkedin" button.

Expected behavior

Actual request to https://www.linkedin.com/oauth/v2/accessToken should include client_id and client_secret in its body.
Like this one is successful.

[aurelianzaha]

I had the exact same issue

[aurelianzaha]

@ITsolution-git
here is the solution how to fix this from configuration
#5236 (comment)

[ITsolution-git]

Thank you @aurelianzaha

The solution is so easy.

However, I ended up writing custom function to fetch token and it worked anyway.

    LinkedInProvider({
      clientId: process.env.LINKEDIN_CLIENT_ID,
      clientSecret: process.env.LINKEDIN_CLIENT_SECRET,
      authorization: {
        url: 'https://www.linkedin.com/oauth/v2/authorization',
        params: { scope: 'r_liteprofile r_emailaddress' },
      },
      token: {
        url: 'https://www.linkedin.com/oauth/v2/accessToken',
        async request(context) {
          const { provider, params: parameters, checks, client } = context
          const { callbackUrl } = provider

          const tokenset = await client.grant({
            grant_type: 'authorization_code',
            code: parameters.code,
            redirect_uri: callbackUrl,
            code_verifier: checks.code_verifier,
            client_id: process.env.LINKEDIN_CLIENT_ID,
            client_secret: process.env.LINKEDIN_CLIENT_SECRET,
          })
          return { tokens: tokenset }
        },
      },
    }),