Share
ReportIntroduction
If you've encountered the error message "Unable to authenticate with the external account provider" while using LinkedIn as an identity provider in Power Pages Portal, you're not alone. This issue arises due to LinkedIn's recent transition to the OpenID Connect protocol, which is not yet fully supported by Power Pages' predefined LinkedIn identity provider.
In this guide, we’ll explore the cause of this problem and outline the steps needed to integrate LinkedIn authentication successfully.
- “ClientId”: Use the Client ID from your LinkedIn app.
- “Metadata Address”: `https://www.linkedin.com/oauth/.well-known/openid-configuration`
- “Scope”: `openid profile email`
- “Response Type”: `Code`
- “ClientSecret”: Use the Client Secret from your LinkedIn app.
- “ResponseMode”: `query`
In this guide, we’ll explore the cause of this problem and outline the steps needed to integrate LinkedIn authentication successfully.
Understanding the Issue
The error occurs because Power Pages Portals' default LinkedIn identity provider hasn’t been updated to support the OpenID Connect protocol. This protocol change creates an incompatibility, resulting in authentication failures when users attempt to log in via LinkedIn.
Resolution
Follow these steps to configure LinkedIn authentication in your Power Pages Portal:1. Register a LinkedIn Application
- Create a LinkedIn app and obtain your Client ID and Client Secret.
- Use the following URL for detailed instructions:
https://learn.microsoft.com/en-us/power-pages/security/authentication/oauth2-linkedin#create-an-app-registration-in-linkedin
- Use the following URL for detailed instructions:
https://learn.microsoft.com/en-us/power-pages/security/authentication/oauth2-linkedin#create-an-app-registration-in-linkedin
2. Request OpenID Connect Access
- Navigate to the “Products” tab in your LinkedIn app.
- Locate “Sign in with LinkedIn using OpenID Connect” and click “Request Access”.
- Locate “Sign in with LinkedIn using OpenID Connect” and click “Request Access”.
3. Enable OAuth Scopes
- Once access is granted, OAuth scopes such as `openid`, `email`, and `profile` will appear in the “Auth” section.
4. Set Up Identity Provider in Power Pages
- Open Power Pages Maker, edit your site’s settings, and navigate to “Set up > Identity providers”.
- Choose “Other” as the connection provider and “OpenIDConnect” as the protocol.
- Assign a custom name for the provider, if needed.
- Choose “Other” as the connection provider and “OpenIDConnect” as the protocol.
- Assign a custom name for the provider, if needed.
5. Configure Identity Provider Settings
- Fill in the following fields:
- “Authority”: `https://www.linkedin.com/oauth/v2/authorization/`
- “Authority”: `https://www.linkedin.com/oauth/v2/authorization/`
- “ClientId”: Use the Client ID from your LinkedIn app.
- “Metadata Address”: `https://www.linkedin.com/oauth/.well-known/openid-configuration`
- “Scope”: `openid profile email`
- “Response Type”: `Code`
- “ClientSecret”: Use the Client Secret from your LinkedIn app.
- “ResponseMode”: `query`
6. Add Redirect URI
- Update the OAuth 2.0 settings in the LinkedIn app by adding the Redirect URI for your portal.
7. Update Site Settings
- Create a new site setting:
- Name: `Authentication/OpenIdConnect/OpenId_2/NonceEnabled`
- Value: `False`
- Adjust the parameter name (`OpenId_1`, `OpenId_3`, etc.) based on your configuration. This parameter can be retrieved from the redirect URL (in this case we have "https://...../signin-openid_2").
- Name: `Authentication/OpenIdConnect/OpenId_2/NonceEnabled`
- Value: `False`
- Adjust the parameter name (`OpenId_1`, `OpenId_3`, etc.) based on your configuration. This parameter can be retrieved from the redirect URL (in this case we have "https://...../signin-openid_2").
8. Sync Changes and Test
- Synchronize your updates and test the LinkedIn authentication flow on your portal.Conclusion
By implementing the above steps, you’ll be able to integrate LinkedIn authentication into your Power Pages Portal seamlessly. This workaround ensures compatibility with LinkedIn’s OpenID Connect protocol until Microsoft updates the default identity provider.
Categories:
All responses (
Answers (
3
