fix: remove openid/profile scopes and use /v2/me for member URN

csharpfritz · Copilot · csharpfritz · commit 5e981d002625 · 2026-02-19T14:33:13.000-05:00
LinkedIn OAuth was failing because openid and profile scopes require
the 'Sign In with LinkedIn' product. Community Management API only
provides r_member_social and w_member_social.

Also switch ResolveMemberUrn from /v2/userinfo (OpenID) to /v2/me
(LinkedIn REST API) which works with r_member_social scope.

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/src/TagzApp.Blazor/Service_LinkedInOAuth.cs b/src/TagzApp.Blazor/Service_LinkedInOAuth.cs
@@ -14,7 +14,7 @@ public static class Service_LinkedInOAuth
 	private const string LinkedInTokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken";
 
 	// Required scopes: r_member_social reads posts (needs Community Management API product)
-	private static readonly string[] RequiredScopes = ["openid", "profile", "w_member_social", "r_member_social"];
+	private static readonly string[] RequiredScopes = ["r_member_social", "w_member_social"];
 
 	public static void MapLinkedInOAuthEndpoints(this WebApplication app)
 	{
diff --git a/src/TagzApp.Providers.LinkedIn/LinkedInProvider.cs b/src/TagzApp.Providers.LinkedIn/LinkedInProvider.cs
@@ -249,22 +249,24 @@ public Task StopAsync()
 				return null;
 			}
 
-			using var request = new HttpRequestMessage(HttpMethod.Get, $"{LinkedInApiBase}/v2/userinfo");
+			using var request = new HttpRequestMessage(HttpMethod.Get, $"{LinkedInApiBase}/v2/me");
 			request.Headers.Add("Authorization", $"Bearer {_configuration.AccessToken}");
+			request.Headers.Add("LinkedIn-Version", "202401");
+			request.Headers.Add("X-Restli-Protocol-Version", "2.0.0");
 
 			var response = await _httpClient.SendAsync(request);
 			Interlocked.Increment(ref _dailyCallCount);
 
 			if (!response.IsSuccessStatusCode)
 			{
-				_logger.LogError("LinkedIn userinfo call failed: {StatusCode} {Reason}", (int)response.StatusCode, response.ReasonPhrase);
+				_logger.LogError("LinkedIn me call failed: {StatusCode} {Reason}", (int)response.StatusCode, response.ReasonPhrase);
 				return null;
 			}
 
-			var userInfo = await response.Content.ReadFromJsonAsync<JsonElement>();
-			if (userInfo.TryGetProperty("sub", out var sub))
+			var meResponse = await response.Content.ReadFromJsonAsync<JsonElement>();
+			if (meResponse.TryGetProperty("id", out var id))
 			{
-				var memberId = sub.GetString();
+				var memberId = id.GetString();
 				if (!string.IsNullOrEmpty(memberId))
 				{
 					var urn = $"urn:li:person:{memberId}";
@@ -273,7 +275,7 @@ public Task StopAsync()
 				}
 			}
 
-			_logger.LogError("LinkedIn userinfo response missing 'sub' field");
+			_logger.LogError("LinkedIn me response missing 'id' field");
 			return null;
 		}
 		catch (Exception ex)

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@ public static class Service_LinkedInOAuth`
`14`	`14`	`private const string LinkedInTokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken";`
`15`	`15`
`16`	`16`	`// Required scopes: r_member_social reads posts (needs Community Management API product)`
`17`		`- private static readonly string[] RequiredScopes = ["openid", "profile", "w_member_social", "r_member_social"];`
	`17`	`+ private static readonly string[] RequiredScopes = ["r_member_social", "w_member_social"];`
`18`	`18`
`19`	`19`	`public static void MapLinkedInOAuthEndpoints(this WebApplication app)`
`20`	`20`	`{`
Original file line number	Diff line number	Diff line change
`@@ -249,22 +249,24 @@ public Task StopAsync()`
`249`	`249`	`return null;`
`250`	`250`	`}`
`251`	`251`
`252`		`- using var request = new HttpRequestMessage(HttpMethod.Get, $"{LinkedInApiBase}/v2/userinfo");`
	`252`	`+ using var request = new HttpRequestMessage(HttpMethod.Get, $"{LinkedInApiBase}/v2/me");`
`253`	`253`	`request.Headers.Add("Authorization", $"Bearer {_configuration.AccessToken}");`
	`254`	`+ request.Headers.Add("LinkedIn-Version", "202401");`
	`255`	`+ request.Headers.Add("X-Restli-Protocol-Version", "2.0.0");`
`254`	`256`
`255`	`257`	`var response = await _httpClient.SendAsync(request);`
`256`	`258`	`Interlocked.Increment(ref _dailyCallCount);`
`257`	`259`
`258`	`260`	`if (!response.IsSuccessStatusCode)`
`259`	`261`	`{`
`260`		`- _logger.LogError("LinkedIn userinfo call failed: {StatusCode} {Reason}", (int)response.StatusCode, response.ReasonPhrase);`
	`262`	`+ _logger.LogError("LinkedIn me call failed: {StatusCode} {Reason}", (int)response.StatusCode, response.ReasonPhrase);`
`261`	`263`	`return null;`
`262`	`264`	`}`
`263`	`265`
`264`		`- var userInfo = await response.Content.ReadFromJsonAsync<JsonElement>();`
`265`		`- if (userInfo.TryGetProperty("sub", out var sub))`
	`266`	`+ var meResponse = await response.Content.ReadFromJsonAsync<JsonElement>();`
	`267`	`+ if (meResponse.TryGetProperty("id", out var id))`
`266`	`268`	`{`
`267`		`- var memberId = sub.GetString();`
	`269`	`+ var memberId = id.GetString();`
`268`	`270`	`if (!string.IsNullOrEmpty(memberId))`
`269`	`271`	`{`
`270`	`272`	`var urn = $"urn:li:person:{memberId}";`
`@@ -273,7 +275,7 @@ public Task StopAsync()`
`273`	`275`	`}`
`274`	`276`	`}`
`275`	`277`
`276`		`- _logger.LogError("LinkedIn userinfo response missing 'sub' field");`
	`278`	`+ _logger.LogError("LinkedIn me response missing 'id' field");`
`277`	`279`	`return null;`
`278`	`280`	`}`
`279`	`281`	`catch (Exception ex)`