"Sign In with LinkedIn" looks like a one-click login button on the outside. On the inside, it's an OAuth 2.0 + OpenID Connect (OIDC) flow that requires a properly configured LinkedIn developer app, the right product access, the right scopes, and correct ID token handling. Most integrations that get stuck do so at the product-access or scope-request step — not the code.
What "Sign In with LinkedIn using OpenID Connect" Actually Is
LinkedIn's current sign-in product is built on OpenID Connect, an identity layer on top of OAuth 2.0. It authenticates the member and returns an ID Token (a signed JWT) containing basic profile claims, removing the need for a separate profile API call in most cases. LinkedIn is explicit that this flow authenticates a member for your app — it does not verify a person's real-world identity and should not be marketed that way.
The Three Scopes That Matter
Required to indicate the app wants to use OIDC and receive an ID Token.
Returns the member's lite profile: id, name, and profile picture. Replaces the old r_liteprofile scope.
Returns the member's primary email address (and an email_verified flag). Replaces the old r_emailaddress scope. Both email and email_verified are optional in the response — your app has to handle their absence gracefully.
Why Apps Get Stuck Before Writing Any Code
- Product not requested. "Sign In with LinkedIn using OpenID Connect" is a Product that has to be explicitly added to the app in the LinkedIn Developer Portal (My Apps → your app → Products tab) — it is not enabled by default on a new app.
- Wrong OAuth redirect URI registered. LinkedIn validates the redirect URI at the authorization step; a mismatch (even a trailing slash) fails silently with a generic error.
- Confusing legacy scopes with OIDC scopes. Older integrations built on
r_liteprofile/r_emailaddressbreak when LinkedIn deprecates them for an app — the fix is migrating toopenid/profile/email, not just re-requesting the old ones. - ID Token not validated properly. Some integrations decode the JWT but skip signature verification against LinkedIn's published JWKS endpoint — a security gap, not just a compliance one.
- Assuming email is always present. Because
emailandemail_verifiedare optional fields in the response, apps that hard-require an email on every login can break for a subset of real users. - Rate limits hit during testing. LinkedIn enforces a 500 requests/day per-member and 100,000 requests/day per-application throttle — repeated test logins during development can burn through this faster than expected.
How the Setup Actually Works (High Level)
openid profile email scopes and your registered redirect URI, following the standard OAuth 2.0 authorization-code flow./v2/userinfo endpoint, and complete the login session in your app.Discovery Endpoint (For Reference)
| Endpoint | URL |
|---|---|
| Authorization | linkedin.com/oauth/v2/authorization |
| Token | linkedin.com/oauth/v2/accessToken |
| User Info | api.linkedin.com/v2/userinfo |
| JWKS (signature verification) | linkedin.com/oauth/openid/jwks |
FAQ
No. LinkedIn is explicit that this product authenticates a member for your application — it is not an identity verification service and should not be marketed as one.
No. The email and email_verified fields are optional in LinkedIn's response. Apps should have a fallback path when they're absent.
Only if the OpenID Connect product has been requested and approved for that app. Apps still using the older r_liteprofile/r_emailaddress scopes need a migration, not just a scope addition.
LinkedIn documents 500 requests/day per member and 100,000 requests/day per application (UTC) for this product.
Setting up Sign In with LinkedIn correctly — product access, scopes, redirect URI, and ID Token validation — is exactly the kind of configuration work covered under our LinkedIn API Setup Service. If your integration is also expanding into Community Management API or Advertising API Standard Tier access, these often get planned together.
Not affiliated with or endorsed by LinkedIn Corporation. Information based on LinkedIn's published OpenID Connect developer documentation. No outcome or approval timeline can be guaranteed — LinkedIn's product access and app review decisions are made solely by LinkedIn.