Setting up Sign in with LinkedIn using Keycloak

Hey everyone, in this blog we will be setting up the "Sign in with LinkedIn" option using Keycloak. We will be using a self-hosted Keycloak instance deployed on Elestio. So, to get started head over to Elestio Dashboard and deploy and login into the Keycloak instance to get started. To set up LinkedIn as an identity provider in Keycloak, follow these detailed steps. Keycloak’s integration with LinkedIn allows users to log in using their LinkedIn credentials, simplifying authentication and enhancing security.

Creating a New Realm

According to the Keycloak documentation

A realm manages a set of users, credentials, roles, and groups. A user belongs to and logs into a realm. Realms are isolated from one another and can only manage and authenticate the users that they control.

Once you are logged in, head over to the drop-down menu on the top left. Notice that there is a default realm, Keycloak master, which has higher privileges. To ensure a safer configuration, it’s recommended to create a new realm. Click on Create realm and add realm details, like the realm name. For example, here we’ll name it LinkedIn-Auth. After entering the details, click on Create to establish your new realm.

Initial Setup in Keycloak

With your new realm ready, navigate to the Identity Providers section. In the Social section, select LinkedIn to create a new LinkedIn identity provider integration. This action opens a configuration page where you’ll input the credentials needed to connect with LinkedIn.

On this page, you’ll find a Redirect URI specific to Keycloak. Copy this URI, as you’ll need to register it in LinkedIn’s application settings in the next step. The Redirect URI is crucial, as it ensures a seamless login flow by redirecting users back to Keycloak after authenticating through LinkedIn.

Register a New OAuth Application on LinkedIn

To enable LinkedIn login, you’ll need to register Keycloak as an OAuth application within your LinkedIn Developer Portal.

Fill in the required fields, including App Name and App Logo.

Since you have added a LinkedIn you will have to request the access to provide authentication. Once you request you will get a url that you can send to the page admin to verify and approve the request. Click on Request access in front of Sign In with LinkedIn using OpenID connect.

Under OAuth 2.0 Settings, add the Redirect URI you copied from Keycloak’s setup page. Ensure that this URI matches exactly, as any differences will prevent LinkedIn from completing the authentication flow

After filling out the form, click on the Create app to register it.

Obtain Client ID and Client Secret

Once the application is registered, LinkedIn will provide a Client ID and Client Secret. These credentials are essential for Keycloak to communicate securely with LinkedIn for user authentication. Copy both the Client ID and Client Secret; you’ll need them for the next step.

Enter LinkedIn Credentials in Keycloak

Go back to Keycloak’s LinkedIn identity provider configuration page and paste the Client ID and Client Secret into the respective fields. Save the configuration. Once saved, Keycloak will recognize LinkedIn as a valid identity provider, allowing users to authenticate using their LinkedIn accounts.

To ensure a smooth first-time login experience, scroll down in the LinkedIn provider settings until you find the First Login Flow option. If it’s not set to First Broker Login by default, change it to this option. This ensures that users logging in for the first time with LinkedIn will go through the appropriate login and account linking flow.

With everything configured, navigate to the login URL specific to your new realm. You should now see an option to Sign in with LinkedIn. Test the integration by logging in with your LinkedIn credentials to confirm that everything is working correctly.

Thanks for reading ❤️

Thank you so much for reading and do check out the resources provided to learn more about the Keycloak. You can click the button below to create your service on Elestio and implement this authentication method. See you in the next one👋