Summary
We encountered an issue where “Sign in with LinkedIn” failed with a generic error message:
“Bummer, something went wrong.”
The redirect to the application worked correctly, but authentication failed during the callback phase.
Root Cause
The application code was using deprecated LinkedIn OAuth scopes, while the LinkedIn Developer App was configured for OpenID Connect (OIDC).
Deprecated OAuth scopes (legacy):
| r_liteprofile r_emailaddress |
Modern OpenID Connect scopes:
| Openid | profile | email |
LinkedIn does not allow mixing legacy OAuth scopes with OpenID Connect. This mismatch causes token exchange or user-info retrieval to fail.
How to Identify If Your App Uses Old Scopes
You can quickly confirm this by checking the following:
1. Authorization URL
If the login URL contains:
| scope=r_liteprofile%20r_emailaddress |
The app is using legacy OAuth
If it contains:
| scope=openid%20profile%20email |
Then the app is using OpenID Connect
2. User Info API Calls
Check which LinkedIn APIs are called after login:
Legacy OAuth APIs (deprecated):
| GET /v2/me GET /v2/emailAddress |
OpenID Connect API (current):
| GET /v2/userinfo |
3. Token Response
- Legacy OAuth returns only an access_token
- OpenID Connect returns an id_token along with the access_token
If your code does not handle id_token, it is likely still using old OAuth logic.
Resolution
The application was updated to fully support LinkedIn OpenID Connect:
- Authorization scopes updated to openid profile email
- User data retrieved from /v2/userinfo
- Legacy OAuth endpoints removed
