Guaranteed 100% Facebook, Instagram and WhatsApp Approvals & App Review
Quick Transfer Ready to use app available for Facebook, Instagram and WhatsApp
Guaranteed 100% Facebook, Instagram and WhatsApp Approvals & App Review
Quick Transfer Ready to use app available for Facebook, Instagram and WhatsApp
LinkedIn API

"Sign In with LinkedIn" looks like a one-click login button on the outside. On the inside, it's an OAuth 2.0 + OpenID Connect (OIDC) flow that requires a properly configured LinkedIn developer app, the right product access, the right scopes, and correct ID token handling. Most integrations that get stuck do so at the product-access or scope-request step — not the code.

What "Sign In with LinkedIn using OpenID Connect" Actually Is

LinkedIn's current sign-in product is built on OpenID Connect, an identity layer on top of OAuth 2.0. It authenticates the member and returns an ID Token (a signed JWT) containing basic profile claims, removing the need for a separate profile API call in most cases. LinkedIn is explicit that this flow authenticates a member for your app — it does not verify a person's real-world identity and should not be marketed that way.

The Three Scopes That Matter

openid

Required to indicate the app wants to use OIDC and receive an ID Token.

profile

Returns the member's lite profile: id, name, and profile picture. Replaces the old r_liteprofile scope.

email

Returns the member's primary email address (and an email_verified flag). Replaces the old r_emailaddress scope. Both email and email_verified are optional in the response — your app has to handle their absence gracefully.

Why Apps Get Stuck Before Writing Any Code

Common blockers we see on real projects:
  • Product not requested. "Sign In with LinkedIn using OpenID Connect" is a Product that has to be explicitly added to the app in the LinkedIn Developer Portal (My Apps → your app → Products tab) — it is not enabled by default on a new app.
  • Wrong OAuth redirect URI registered. LinkedIn validates the redirect URI at the authorization step; a mismatch (even a trailing slash) fails silently with a generic error.
  • Confusing legacy scopes with OIDC scopes. Older integrations built on r_liteprofile / r_emailaddress break when LinkedIn deprecates them for an app — the fix is migrating to openid / profile / email, not just re-requesting the old ones.
  • ID Token not validated properly. Some integrations decode the JWT but skip signature verification against LinkedIn's published JWKS endpoint — a security gap, not just a compliance one.
  • Assuming email is always present. Because email and email_verified are optional fields in the response, apps that hard-require an email on every login can break for a subset of real users.
  • Rate limits hit during testing. LinkedIn enforces a 500 requests/day per-member and 100,000 requests/day per-application throttle — repeated test logins during development can burn through this faster than expected.

How the Setup Actually Works (High Level)

1
App + Product setup. Create or open the app in the LinkedIn Developer Portal, verify the associated company Page, and request the "Sign In with LinkedIn using OpenID Connect" product under the Products tab.
2
Authorization request. Send the member to LinkedIn's authorization endpoint with the openid profile email scopes and your registered redirect URI, following the standard OAuth 2.0 authorization-code flow.
3
Token exchange + validation. Exchange the authorization code for an access token and ID token, then validate the ID Token's signature against LinkedIn's JWKS and check the standard claims (issuer, audience, expiry).
4
Profile retrieval. Read the member's basic profile directly from the decoded ID Token, or confirm it via the /v2/userinfo endpoint, and complete the login session in your app.

Discovery Endpoint (For Reference)

EndpointURL
Authorizationlinkedin.com/oauth/v2/authorization
Tokenlinkedin.com/oauth/v2/accessToken
User Infoapi.linkedin.com/v2/userinfo
JWKS (signature verification)linkedin.com/oauth/openid/jwks
What "done" looks like: a member clicks "Sign in with LinkedIn," authorizes your app once, and every return visit authenticates instantly via a valid ID Token — with no broken sessions when email is withheld, no silent redirect-URI failures, and no scope confusion when LinkedIn changes product requirements.

FAQ

Does Sign In with LinkedIn verify a user's real identity?

No. LinkedIn is explicit that this product authenticates a member for your application — it is not an identity verification service and should not be marketed as one.

Is email guaranteed on every login?

No. The email and email_verified fields are optional in LinkedIn's response. Apps should have a fallback path when they're absent.

Can an existing app just add the email/profile scopes?

Only if the OpenID Connect product has been requested and approved for that app. Apps still using the older r_liteprofile/r_emailaddress scopes need a migration, not just a scope addition.

What are the rate limits?

LinkedIn documents 500 requests/day per member and 100,000 requests/day per application (UTC) for this product.

Setting up Sign In with LinkedIn correctly — product access, scopes, redirect URI, and ID Token validation — is exactly the kind of configuration work covered under our LinkedIn API Setup Service. If your integration is also expanding into Community Management API or Advertising API Standard Tier access, these often get planned together.

Not affiliated with or endorsed by LinkedIn Corporation. Information based on LinkedIn's published OpenID Connect developer documentation. No outcome or approval timeline can be guaranteed — LinkedIn's product access and app review decisions are made solely by LinkedIn.