LinkedIn OAuth2 Authorization server encountered an unexpected condition

Question

We're getting this weird error for some of our users who are trying to authenticate via linked in OAuth2 API from mobile within a webview.

https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=XXX&state=XXX&redirect_uri=XXX&scope=r_emailaddress%20r_basicprofile

After the submit ( https://www.linkedin.com/uas/oauth2/authorizedialog/submit ), there is a redirect to our redirect uri with the following params.

?error=server_error&error_description=XXX&state=the+authorization+server+encountered+an+unexpected+condition

I went through this => http://chriskief.com/2014/04/23/linkedin-api-unable-to-retrieve-access-token/ .

Creating a new application or generating fresh keys is a problem as it would break the linked in login for already installed apps. We have never use OAuth1 before.

Answer 1

We were able to reproduce this error when a space character is added before or after the user's email address on the LinkedIn authorization form. LinkedIn doesn't do any trimming of extraneous whitespace on this field.

My hypothesis is that this happens on mobile when people use the space bar as a way to accept an autocompletion recommendation on the email address. So the user starts typing their email address, the OS recommends a known email address and, generally, mobile OSs will use the recommendation when the space bar is pressed.