From d5a9712aaec7cd2ad2b16cd08384efde4b69b7c4 Mon Sep 17 00:00:00 2001
From: Pavel Borzenkov <pavel.borzenkov@gmail.com>
Date: Wed, 25 Oct 2017 01:12:37 +0300
Subject: [PATCH] Documentation: add LinkedIn connector documentation

Signed-off-by: Pavel Borzenkov <pavel.borzenkov@gmail.com>
---
 Documentation/linkedin-connector.md | 27 +++++++++++++++++++++++++++
 README.md                           |  1 +
 2 files changed, 28 insertions(+)
 create mode 100644 Documentation/linkedin-connector.md

diff --git a/Documentation/linkedin-connector.md b/Documentation/linkedin-connector.md
new file mode 100644
index 00000000..646ee243
--- /dev/null
+++ b/Documentation/linkedin-connector.md
@@ -0,0 +1,27 @@
+# Authentication through LinkedIn
+
+## Overview
+
+One of the login options for dex uses the LinkedIn OAuth2 flow to identify the end user through their LinkedIn account.
+
+When a client redeems a refresh token through dex, dex will re-query LinkedIn to update user information in the ID Token. To do this, __dex stores a readonly LinkedIn access token in its backing datastore.__ Users that reject dex's access through LinkedIn will also revoke all dex clients which authenticated them through LinkedIn.
+
+## Configuration
+
+Register a new application via `My Apps -> Create Application` ensuring the callback URL is `(dex issuer)/callback`. For example if dex is listening at the non-root path `https://auth.example.com/dex` the callback would be `https://auth.example.com/dex/callback`.
+
+The following is an example of a configuration for `examples/config-dev.yaml`:
+
+```yaml
+connectors:
+  - type: linkedin
+    # Required field for connector id.
+    id: linkedin
+    # Required field for connector name.
+    name: LinkedIn
+    config:
+      # Credentials can be string literals or pulled from the environment.
+      clientID: $LINKEDIN_APPLICATION_ID
+      clientSecret: $LINKEDIN_CLIENT_SECRET
+      redirectURI: http://127.0.0.1:5556/dex/callback
+```
diff --git a/README.md b/README.md
index 84b39725..61358c53 100644
--- a/README.md
+++ b/README.md
@@ -68,6 +68,7 @@ More docs for running dex as a Kubernetes authenticator can be found [here](Docu
   * [SAML 2.0](Documentation/saml-connector.md)
   * [OpenID Connect](Documentation/oidc-connector.md) (includes Google, Salesforce, Azure, etc.)
   * [authproxy](Documentation/authproxy.md) (Apache2 mod_auth, etc.)
+  * [LinkedIn](Documentation/linkedin-connector.md)
 * Client libraries
   * [Go][go-oidc]
 
-- 
GitLab