OAuth LinkedIn sign in with Devise on Rails 7

Question

implementing oauth sign in with linkedin on my rails app with devise but when I clicked on sign in with linkedin, it redirects to a linkedin page saying:

Bummer, something went wrong.

Here's what I have done so far. I added those gems into my Gemfile

# OAuth LinkedIn
gem 'omniauth-linkedin-oauth2', '~> 1.0'
gem 'omniauth-rails_csrf_protection', '~> 1.0'

and run on my terminal bundle install

create a file app/controllers/users/omniauth_callbacks_controller.rb

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def linkedin
    @user = User.from_omniauth(request.env['omniauth.auth'])

    if @user.persisted?
      sign_in_and_redirect @user, event: :authentication
      set_flash_message(:notice, :success, kind: 'LinkedIn') if is_navigational_format?
    else
      session['devise.linkedin_data'] = request.env['omniauth.auth']
      redirect_to new_user_registration_url
    end
  end

  def failure
    redirect_to root_path
  end
end

added this line into my devise.rb

    config.omniauth :linkedin, ENV.fetch('LINKEDIN_KEY'), ENV.fetch('LINKEDIN_SECRET')

created a file in config/initializers/omniauth.rb

    OmniAuth.config.allowed_request_methods = [:get, :post]
        Rails.application.config.middleware.use OmniAuth::Builder do
       

   provider :linkedin, ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET']
    end

created a migration file with the commandline rails generate migration AddProviderAndUidToUsers provider:string uid:string

class AddProviderAndUidToUsers < ActiveRecord::Migration[7.0]
  def change
    add_column :users, :provider, :string
    add_column :users, :uid, :string
    add_index :users, [:provider, :uid], unique: true
  end
end

run on terminal run rails db:migrate

added this on my user model: user.rb

devise :database_authenticatable, :registerable, :recoverable, :rememberable, :validatable, :omniauthable, omniauth_providers: %i[linkedin]

  def self.from_omniauth(auth)
    where(provider: auth.provider, uid: auth.uid).first_or_create do |user|
      user.email = auth.info.email
      user.password = Devise.friendly_token[0, 20]
      user.name = auth.info.name
    end
  end

here's my routes.rb

devise_for :users, controllers: {
    sessions: 'users/sessions', registrations: 'users/registrations',
    omniauth_callbacks: 'users/omniauth_callbacks'
  }

also added my client id and client secret into my .env here's my callbacks on my linkedin developer page

Answer 1

Ah, I followed the request log in the browser's developer console, which led to this request:

https://example.ngrok.io/users/auth/linkedin/callback?error=unauthorized_scope_error&error_description=Scope+%26quot%3Br_liteprofile%26quot%3B+is+not+authorized+for+your+application&state=c8986b8aeb7e048b2474ec44f388b57d4da271f10a4b568e

So, it appears to be a non-permitted scope. I changed the scope to: ['openid profile email'], so:

provider :linkedin, ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'], :scope => 'openid profile email'

Make sure that your developer app in the LinkedIn developer portal shows which scopes are available to you:

If you don't see anything, you may need to request access to the OpenID product: