Menu
It works if and only if the user is signed into LinkedIn at the time of making the OAuth2 request.
If the user is not signed in then we encounter an error.
Sequence of our actions:
https://api.linkedin.com/v1/people/\~
After this we receive a 401 with the following content:
{
"errorCode": 0,
"message": "Unable to verify access token",
"requestId": "C0DUCX81SA",
"status": 401,
"timestamp": 1421946470523
}
Sometimes, after some time passed, a retry with the same Access Token gives a 200. Sometimes not.
If the user logs in to LinkedIn during this "401 period" then magically the previously fetched access token starts to work.
I am at a loss how to solve this, as it seems to be an issue at LinkedIn.
Has anybody any suggestions or did anybody see this behavior before?
We tried cookie settings, wait periods before our request etc.
We are adding LinkedIn OAuth2 authentication to Zotonic [1], but are now stuck with a non-working module.
[1] http://zotonic.com/
Edit:
Someone referred to two discussions at LinkedIn. His reply now regretfully disappeared from the discussion below.
These are the links:
https://developer.linkedin.com/forum/unable-verify-access-token
https://developer.linkedin.com/forum/unauthorized-invalid-or-expired-token-immediately-after-receiving-oauth2-token
I have tried all suggestions in these discussions, to no avail.
Edit #2:
Checking the first discussion at LinkedIn shows that I am not the only one having these consistency issues. Something at LinkedIn is going wrong if the user has cleared cookies or has to sign in to LinkedIn during the OAuth "dance" https://developer.linkedin.com/forum/unable-verify-access-token#comment-36950
Update
Solved, thanks to Matthijs Bierman, see answers below.
787
If the access token request is invalid, such as the redirect URL didn't match the one used during authorization, then the server needs to return an error response. Error responses are returned with an HTTP 400 status code (unless specified otherwise), with error and error_description parameters.
Let's start with the biggest reason why OAuth isn't authentication: access tokens are not intended for the client application. When an authorization server issues an access token, the intended audience is the protected resource. After all, this is what the token is providing access to.
Same here, every time I was getting new access_token I had to wait couple minutes until it was valid. This was unacceptable.
I took a look how different sites do the SignIn with LinkedIn and here is a solution that worked for me.
When exchanging AUTH_CODE in order to get ACCESS_TOKEN use GET method instead of POST, eg:
GET https://www.linkedin.com/oauth/v2/accessToken?client_id=yourClientId&client_secret=yourClientSecret&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2FlinkedInLogin&code=AQQGx11-p1uaQWz2YBWHBcskaGrVrEDeFUo4O2vjolFaKaQ89UhGlR27_yDACNLoxDmYi7AR5sCplwsHLD_ERAVsscFozo-qRl032aFnj2UcUoPjCfo
Grails integration with LinkedIn OAuth2 example: https://github.com/rgrebski/samples/tree/master/grails-linkedin-integration
99
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
