Linkedin 3-legged OAuth throws 'Not enough permissions to access: GET /userinfo'

Question

I was trying to integrate social login for my Django application using linkedin OAuth2. I have followed steps described in their official page here. In step2, I have given 'profile' value for scope parameter, given below are the allowed scopes in my app. The scopes listed in my linkedin app page. I have successfully completed up to step3, and I got access_token successfully. But when I tried an authenticated request using that access token for example, curl -X GET https://api.linkedin.com/v2/userinfo, I am getting an error like b'{"serviceErrorCode":100,"message":"Not enough permissions to access: GET /userinfo","status":403}'. I have tried v2/me, getting the same permission error.

Given bellow are the code snippets.

def login(request):
    return render(request, 'login.html')

def authenticate(request):
    redirect_url = f'https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id={settings.SOCIAL_AUTH_LINKEDIN_OAUTH2_KEY}&redirect_uri={settings.LOGIN_REDIRECT_URL}&state={settings.STATE}&scope=profile'
    return redirect(redirect_url)

def complete(request):
    code = request.GET.get('code', None)
    state = request.GET.get('state', None)

    url = "https://www.linkedin.com/oauth/v2/accessToken"
    headers = {"Content-Type": "application/x-www-form-urlencoded"}
    payload = {
                'grant_type': 'authorization_code',
                'code': code,
                'client_id': settings.SOCIAL_AUTH_LINKEDIN_OAUTH2_KEY,
                'client_secret': settings.SOCIAL_AUTH_LINKEDIN_OAUTH2_SECRET,
                'redirect_uri': settings.LOGIN_REDIRECT_URL
               }

    response = requests.post(url, headers=headers, data=payload)
    if response.status_code == 200:
        access_token = json.loads(response.content)['access_token']
        print(access_token)
        info_url = 'https://api.linkedin.com/v2/userinfo'
        headers = {'Authorization': f'Bearer {access_token}'}
        info_response = requests.get(info_url, headers=headers)
        print(info_response.content)
        # getting error here like b'{"serviceErrorCode":100,"message":"Not enough permissions to access: GET /userinfo","status":403}'

How do I get permission for the scope 'profile'? As per their documentation here 'profile' has open permission. I don't understand what is missing in my code. Is there any constraints for the redirect url, like whether it should be https?

Answer 1

To be able to access /userinfo, you need to ask both scopes: profile and openid with escaped space %20 between.

If you ask only openid, you will get this error:

"error":"openid_insufficient_scope_error",
"error_description":"Include valid openId scopes like profile, email."

If only profile

Not enough permissions to access: GET /userinfo

While /me is still unavailable

Also mentioned here: https://learn.microsoft.com/en-us/answers/questions/1365684/linkedin-api-error-insufficient-permissions-for-ge

Answer 2

enter image description here

https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id= &redirect_uri=https://www.linkedin.com/developers/tools/oauth/redirect&state=foobar&scope=openid profile email https://www.linkedin.com/oauth/v2/accessToken?grant_type=authorization_code&code= code of autorization &client_id=&client_secret=&redirect_uri=https://www.linkedin.com/developers/tools/oauth/redirect https://api.linkedin.com/v2/userinfo and add acces toke