Add LinkedIn Sign-In to Your App
Enable "Sign in with LinkedIn" for your application's users through OAuth42's social authentication feature.
What You'll Build
In this tutorial, you'll configure LinkedIn as a social identity provider for your OAuth42 application. Your users will be able to click "Sign in with LinkedIn" and authenticate using their LinkedIn account.
How it works:
- User clicks "Sign in with LinkedIn" in your app
- OAuth42 redirects to LinkedIn for authentication
- LinkedIn authenticates the user and returns to OAuth42
- OAuth42 creates/links the user account and issues tokens to your app
- Your app receives the tokens and the user is logged in
LinkedIn provides verified emails: Unlike some other social providers, LinkedIn provides verified email addresses through its OpenID Connect implementation, making account linking reliable and secure.
Prerequisites
- An OAuth42 account with an existing application
- A LinkedIn account (to access the Developer Portal)
- Your application already integrated with OAuth42 (see Getting Started with Hosted Auth)
Step 1: Create a LinkedIn App
- Go to the LinkedIn Developer Portal - My Apps
- Click Create app
- Fill in the required fields:
- App name: Your application name (shown to users during authorization)
- LinkedIn Page: Select or create a LinkedIn Company Page for your app
- Privacy policy URL: Your app's privacy policy
- App logo: Upload a logo for your app
- Check the box to agree to the Legal Agreement
- Click Create app
LinkedIn Page Required: LinkedIn requires a Company Page to be associated with your app. If you don't have one, you can create a Company Page during the app creation process.
Step 2: Add "Sign In with LinkedIn using OpenID Connect" Product
- In your app's dashboard, go to the Products tab
- Find "Sign In with LinkedIn using OpenID Connect"
- Click Request access
- Review and accept the legal agreement
- The product should be approved immediately for most apps
Why OpenID Connect? This product provides standardized OAuth 2.0 + OpenID Connect authentication, giving you access to user profile information and verified email addresses.
Step 3: Configure OAuth 2.0 Settings
- In your app's dashboard, go to the Auth tab
- Under OAuth 2.0 settings, click the pencil icon to edit
- Add the OAuth42 callback URL as an Authorized redirect URL:
- Production:
https://api.oauth42.com/api/social-auth/callback - Development:
https://localhost:8443/api/social-auth/callback
- Production:
- Click Update to save
Step 4: Get Client Credentials
- In your app's dashboard, go to the Auth tab
- Find the Application credentials section
- Copy the Client ID
- Click Generate a new client secret if you don't have one
- Copy the Client secret (you won't be able to see it again)
Keep your Client Secret safe! Never expose it in frontend code or commit it to version control. Store it securely.
Step 5: Configure LinkedIn in OAuth42 Portal
Now configure LinkedIn as a social provider in your OAuth42 application:
- Log in to the OAuth42 Portal
- Navigate to Applications and select your application
- Click the Social Providers tab
- Click Add Provider
- Select LinkedIn from the dropdown
- Enter the Client ID you copied from LinkedIn
- Enter the Client Secret you copied from LinkedIn
- Click Add Provider to save
Secure Storage: Your LinkedIn Client Secret is automatically encrypted with AES-256 before being stored. It's never logged or exposed in plain text.
Step 6: Add LinkedIn Sign-In Button to Your App
If you're using OAuth42's hosted auth pages, the LinkedIn Sign-In button appears automatically when you enable the provider. No code changes needed!
For custom login pages, add a LinkedIn Sign-In button that initiates the social auth flow:
"use client"
import { useState } from 'react'
export default function LoginPage() {
const [isLoading, setIsLoading] = useState(false)
const handleLinkedInSignIn = async () => {
setIsLoading(true)
// Call OAuth42's social auth init endpoint
const response = await fetch('/api/auth/social/linkedin', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
provider: 'linkedin',
client_id: process.env.NEXT_PUBLIC_OAUTH42_CLIENT_ID,
is_signup: true, // Allow account creation
}),
})
const data = await response.json()
if (data.authorization_url) {
// Redirect to LinkedIn
window.location.href = data.authorization_url
}
}
return (
<div className="min-h-screen flex items-center justify-center bg-gray-100">
<div className="max-w-md w-full space-y-6 p-8 bg-white rounded-lg shadow">
<h1 className="text-2xl font-bold text-center">Sign In</h1>
<button
onClick={handleLinkedInSignIn}
disabled={isLoading}
className="w-full flex items-center justify-center gap-3 py-3 px-4 bg-[#0A66C2] text-white rounded-lg hover:bg-[#004182] transition-colors"
>
<svg className="w-5 h-5" fill="currentColor" viewBox="0 0 24 24">
<path d="M20.447 20.452h-3.554v-5.569c0-1.328-.027-3.037-1.852-3.037-1.853 0-2.136 1.445-2.136 2.939v5.667H9.351V9h3.414v1.561h.046c.477-.9 1.637-1.85 3.37-1.85 3.601 0 4.267 2.37 4.267 5.455v6.286zM5.337 7.433c-1.144 0-2.063-.926-2.063-2.065 0-1.138.92-2.063 2.063-2.063 1.14 0 2.064.925 2.064 2.063 0 1.139-.925 2.065-2.064 2.065zm1.782 13.019H3.555V9h3.564v11.452zM22.225 0H1.771C.792 0 0 .774 0 1.729v20.542C0 23.227.792 24 1.771 24h20.451C23.2 24 24 23.227 24 22.271V1.729C24 .774 23.2 0 22.222 0h.003z"/>
</svg>
{isLoading ? 'Redirecting...' : 'Continue with LinkedIn'}
</button>
<div className="relative">
<div className="absolute inset-0 flex items-center">
<div className="w-full border-t border-gray-300" />
</div>
<div className="relative flex justify-center text-sm">
<span className="px-2 bg-white text-gray-500">or</span>
</div>
</div>
{/* Your regular email/password login form */}
<form className="space-y-4">
<input
type="email"
placeholder="Email"
className="w-full px-4 py-3 border border-gray-300 rounded-lg"
/>
<input
type="password"
placeholder="Password"
className="w-full px-4 py-3 border border-gray-300 rounded-lg"
/>
<button
type="submit"
className="w-full py-3 px-4 bg-indigo-600 text-white rounded-lg hover:bg-indigo-700"
>
Sign In
</button>
</form>
</div>
</div>
)
}Step 7: Create API Route for Social Auth (Custom Login Only)
If using a custom login page, create an API route to initiate the social auth flow:
mkdir -p app/api/auth/social/linkedin
touch app/api/auth/social/linkedin/route.tsAdd the following code to app/api/auth/social/linkedin/route.ts:
import { NextRequest, NextResponse } from 'next/server'
const API_BASE_URL = process.env.OAUTH42_ISSUER || 'https://api.oauth42.com'
export async function POST(request: NextRequest) {
try {
const body = await request.json()
const response = await fetch(`${API_BASE_URL}/api/social-auth/init`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
provider: 'linkedin',
client_id: body.client_id,
is_signup: body.is_signup || true,
state: body.state,
}),
})
const data = await response.json()
if (!response.ok) {
return NextResponse.json(data, { status: response.status })
}
return NextResponse.json(data)
} catch (error) {
console.error('[Social Auth] Error:', error)
return NextResponse.json(
{ error: 'Failed to initiate social auth' },
{ status: 500 }
)
}
}Using Hosted Auth? Skip this step! OAuth42's hosted auth pages automatically include the LinkedIn Sign-In button when you enable the provider.
Step 8: Test LinkedIn Sign-In
- Start your application
- Navigate to your login page
- Click "Continue with LinkedIn"
- You'll be redirected to LinkedIn's authorization page
- Sign in and authorize the application
- LinkedIn redirects back to OAuth42
- OAuth42 creates/links your user and redirects to your app
- You're now logged in!
Success! Your users can now sign in with their LinkedIn accounts.
How Account Linking Works
LinkedIn provides verified email addresses, making account linking straightforward:
New User (Signup)
A new user account is created with their LinkedIn profile info (name, email, profile picture). The email is typically already verified.
Existing LinkedIn User (Login)
If the LinkedIn account ID is already linked to a user, they're logged into that existing account.
Existing Email User
If a user with the same email already exists (from email/password signup or another provider), the LinkedIn account is linked to that existing account.
Multiple Social Providers
Users can link multiple social providers (Google, Apple, LinkedIn, X) to the same account, giving them flexibility in how they sign in.
Security Considerations
- OpenID Connect: LinkedIn uses standard OAuth 2.0 + OpenID Connect, providing secure and standardized authentication
- State Parameter: CSRF protection via cryptographically random state tokens
- Encrypted Storage: LinkedIn client secrets are encrypted at rest using AES-256
- Verified Emails: LinkedIn provides verified email addresses, reducing the risk of account takeover
- HTTPS Required: LinkedIn requires HTTPS for redirect URIs (except localhost for development)
Troubleshooting
"Redirect URI mismatch" error
The redirect URI doesn't match. Make sure you've added the exact OAuth42 callback URL in LinkedIn's app settings: https://api.oauth42.com/api/social-auth/callback
"LinkedIn social login not configured" error
The LinkedIn OAuth credentials are not configured for this application. Go to the OAuth42 Portal → Applications → Your App → Social Providers tab and verify that LinkedIn is configured with valid credentials.
"Failed to authenticate with LinkedIn" error
This usually means the Client ID or Client Secret is incorrect. Double-check your credentials in both the LinkedIn Developer Portal and OAuth42 Portal.
"OpenID Connect product not enabled"
Make sure you've added the "Sign In with LinkedIn using OpenID Connect" product to your LinkedIn app. Go to your app's Products tab and request access.
Next Steps
- Add Google Sign-In - Enable Sign in with Google
- Add Apple Sign-In - Enable Sign in with Apple for webapp and iOS
- Add X (Twitter) Sign-In - Enable Sign in with X
- Add MFA for extra security
- Security best practices
Need Help?
Having trouble with LinkedIn Sign-In? Check our documentation or reach out to support.