Forum Discussion
Entra External Identities - Sign In with LinkedIn using OpenID Connect error
Hi there,
I would like to add LinkedIn as an identity provider in my Entra External Identities tenant.
We have proceeded according to the following instructions (https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin-v2) and used the LinkedIn Well-Known Config Endpoint (https://www.linkedin.com/oauth/.well-known/openid-configuration).
When saving the configuration I get the following error message in the EntraId portal:
Custom OIDC well-known endpoint validation error: Error when deserializing response Required property 'token_endpoint_auth_methods_supported' not found in JSON. Path '', line 12, position 1.
In the JSON provided by the LinkedIn Well-Known Config Endpoint the field 'token_endpoint_auth_methods_supported' is missing. However, according to the OpenId Connect specification, the field is optional.
Currently I cannot add LinkedIn as an identity provider via OIDC in EntraID.
Has anyone here already solved a similar problem?
Thanks!
Would suggest take a look at this:
- Manually Add the Missing Field
If possible, you can create a custom well-known configuration file that includes the token_endpoint_auth_methods_supported field. Host this file on a secure endpoint and use it as the configuration URL in Entra External Identities.
- Contact LinkedIn Support
Reach out to LinkedIn's support team to report the missing field in their Well-Known Config Endpoint. They may be able to update their configuration or provide guidance on how to proceed.
- Workaround Using Custom OIDC Configuration
Instead of relying on the automatic validation, you can manually configure the OIDC settings in Entra External Identities:
- Specify the required endpoints (e.g., authorization, token, and user info endpoints) directly.
- Ensure all other required fields are correctly mapped.
3 Replies
Would suggest take a look at this:
- Manually Add the Missing Field
If possible, you can create a custom well-known configuration file that includes the token_endpoint_auth_methods_supported field. Host this file on a secure endpoint and use it as the configuration URL in Entra External Identities.
- Contact LinkedIn Support
Reach out to LinkedIn's support team to report the missing field in their Well-Known Config Endpoint. They may be able to update their configuration or provide guidance on how to proceed.
- Workaround Using Custom OIDC Configuration
Instead of relying on the automatic validation, you can manually configure the OIDC settings in Entra External Identities:
- Specify the required endpoints (e.g., authorization, token, and user info endpoints) directly.
- Ensure all other required fields are correctly mapped.
Thank you,
Option 1 worked for me.
Option 2 is currently still open. I will report back as soon as I receive further information from LinkedIn support.I'm experiencing the exact same issue. I have tried self hosting the well known config, and even though portal does seem to save the config, I keep getting an error (AADSTS40015) when running "user flow" just before the token exchange. has there been any updates from LinkedIn support or any hints on resolving the issue?
