{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 男人必须洒脱 的问题《Azure AD B2C Linkedin claims provider》','https://www.manongdao.com/q-707055.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am implementing the Linkedin sign-up/sign-in via custom policies but when I click on the LinkedinExchange button, I get the following exception from the User Journey Player:
An exception was caught when making a request to URL "https://api.linkedin.com/v1/people/~:(id,first-name,last-name,formatted-name,email-address)" using method "Get". The exception status code was "ProtocolError" with the following message: The remote server returned an error: (401) Unauthorized.. The remote server returned an error: (401) Unauthorized.
Here is the ClaimsProvider for Linkedin I added:
<ClaimsProvider>
<Domain>linkedin.com</Domain>
<DisplayName>Linkedin</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="Linkedin-OAUTH">
<DisplayName>Linkedin</DisplayName>
<Protocol Name="OAuth2" />
<Metadata>
<Item Key="ProviderName">linkedin</Item>
<Item Key="authorization_endpoint">https://www.linkedin.com/oauth/v2/authorization</Item>
<Item Key="AccessTokenEndpoint">https://www.linkedin.com/oauth/v2/accessToken</Item>
<Item Key="AccessTokenResponseFormat">json</Item>
<Item Key="ClaimsEndpoint">https://api.linkedin.com/v1/people/~:(id,first-name,last-name,formatted-name,email-address)?format=json</Item>
<Item Key="HttpBinding">POST</Item>
<Item Key="UsePolicyInRedirectUri">0</Item>
<Item Key="client_id">XXXXXXXXXXXX</Item>
</Metadata>
<CryptographicKeys>
<Key Id="client_secret" StorageReferenceId="B2C_1A_LinkedinSecret" />
</CryptographicKeys>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="socialIdpUserId" PartnerClaimType="id" />
<OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="emailAddress" />
<OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="firstName" />
<OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="lastName" />
<OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="formattedName" />
<OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="Linkedin" />
<OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="Linkedin" />
</OutputClaims>
<OutputClaimsTransformations>
<OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName" />
<OutputClaimsTransformation ReferenceId="CreateUserPrincipalName" />
<OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId" />
<OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId" />
</OutputClaimsTransformations>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-SocialLogin" />
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
Does someone see what I am doing wrong ?
In order to add LinkedIn as an Identity Provider in Azure AD B2C via custom policies, make sure you have the following entry in the ClaimsProvider's
<Metadata>section:<Item Key="ClaimsEndpointAccessTokenName">oauth2_access_token</Item>