Android LinkedIn SDK produces unusable access tokens

Question

What I am trying to accomplish:

• Authenticate w/ LinkedIn via their Android SDK
• Fetch User's profile to obtain their userId
• Create new user against our internal service

So far I have been able to authenticate with LinkedIn, retrieve an access token, and use that against LinkedIn's service to obtain their user id.

The flow looks a bit like this

LISessionManager.getInstance(activity).init(this.activity.get(), permissionScope,
            authLinkedInCallback, showDialogIfAppMissing);

upon returning into my application I catch the Intent data using the code below

LISessionManager.getInstance(activity).onActivityResult(activity, requestCode, resultCode, data);

this part seems to be functional and yields an onAuthSuccess from the AuthListener setup in the LISessionManager initialization.

post success I am able to use the provided access token with the provided APIHelper to get the user's basic profile

String built = "https://api.linkedin.com/v1/people/~?format=json";
APIHelper.getInstance(activity.get()).getRequest(activity.get(), built, getProfileCallback);

this actually returns successfully with the basic user profile information.

this is where the problem beings I can only use this access token to make calls using the APIHelper. When trying to use the provided access token elsewhere (server side, testing in Postman/Apigee) it always returns this response.

{ 
"errorCode": 0,
"message": "Unable to verify access token",
"requestId": "M9J2NBQV9J",
"status": 401,
"timestamp": 1430922872474 
}

I have been using the LinkedIn resource for debugging 401 issues (https://developer.linkedin.com/docs/oauth2) Using the LISessionManager. to evaluate the current session tells me that the access token is

• still valid
• has not expired
• is still good for roughly 2 months from the time it is issued.

Checking my LinkedIn profile, it has not revoked access to the application and the permission scope is basic_profile, email_address, and w_share

I'm really confused why these generated accessTokens don't seem to be valid outside of the LinkedIn SDK, are they not valid across the entire service?

Any help appreciated.

Answer 1

As noted in LinkedIn's Android SDK authentication documentation (https://developer.linkedin.com/docs/android-sdk-auth),

Mobile vs. server-side access tokens

It is important to note that access tokens that are acquired via the Mobile SDK are only useable with the Mobile SDK, and cannot be used to make server-side REST API calls.

Similarly, access tokens that you already have stored from your users that authenticated using a server-side REST API call will not work with the Mobile SDK.

Answer 2

While LinkedIn states that it is not possible to use an access token provided by the Mobile SDK to make server-side API calls, I was able to make such calls just by adding x-li-src: msdk in the header of the request.

Answer 3

LISessionManager sessionManager = LISessionManager.getInstance(getApplicationContext());
LISession session = sessionManager.getSession();

boolean accessTokenValid = session.isValid();

String respon ="";

if(accessTokenValid) {
    String url = "https://api.linkedin.com/v1/people/~?format=json";
    //String url = "https://api.linkedin.com/v1/people/~:(id,first-name,last-name,picture-url)";
    APIHelper apiHelper = APIHelper.getInstance(getApplicationContext());
    apiHelper.getRequest("your activity", url, new ApiListener() {
        @Override
        public void onApiSuccess(ApiResponse apiResponse) {
            respon = apiResponse.toString();
            Log.e("Response ", respon);                         
        }

        @Override
        public void onApiError(LIApiError LIApiError) {
            Log.e("error", LIApiError.toString());
        }
    });
}