==== LinkedIn

To enable login with LinkedIn you first have to create an application in https://www.linkedin.com/secure/developer[LinkedIn Developer Network].
Then you need to copy the client id and secret into the Keycloak Admin Console.

Let's see first how to create an application with LinkedIn.

. Log in to https://www.linkedin.com/secure/developer[LinkedIn Developer Network].
  Click the `Add New Application` link.
  Use any value for `Application Name`, `Website URL`, `Description`, `Developer Contact Email` and `Phone` you want.
  Select `r_basicprofile` and `r_emailaddress` in the `Default Scope` section.
  Click the `Add Application` button.
. Copy `Consumer Key / API Key` and `Consumer Secret / Secret Key` from the shown page.

Now that you have the client id and secret, you can proceed with the creation of a LinkedIn Identity Provider in Keycloak.
As follows:

. Select the `LinkedIn` identity provider from the drop-down box on the top right corner of the identity providers table in Keycloak's Admin Console.
  You should be presented with a specific page to configure the selected provided.
. Copy the client id and secret to their corresponding fields in the Keycloak Admin Console.
  Click `Save`.

Once you create the identity provider in Keycloak, you must update your LinkedIn application with the redirect url that was generated to your identity provider.

. Open the LinkedIn Developer Network and select your application.
  In `OAuth 2.0 Redirect URLs`                        insert the redirect uri created by Keycloak.
  The redirect uri usually have the following format: `http://{host}:{port}/auth/realms/{realm}/broker/{provider_alias}/endpoint`.

NOTE: You can always get the redirect url for a specific identity provider from the table presented when you click on the 'Identity Provider' tab in _Realm > Settings_.

That is it! This pretty much what you need to do in order to setup this identity provider.

The table below lists some additional configuration options you may use when configuring this provider.

.Configuration Options
[cols="1,1", options="header"]
|===
|
                                Configuration

|
                                Description

|
                                Default Scopes

|
                                Allows you to manually specify the scopes that users must authorize when authenticating with this provider.
                                For a complete list of scopes, please take a look at application configuration in LinkedIn Developer Network. By default, Keycloak uses the following scopes: r_basicprofile r_emailaddress

|===