Linkedin Oauth Issue - oauth_verifier

1
votes

Having some problems trying to exchange my JSAPI tokens for REST Oauth Tokens (https://developer.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens)

I'm using this library - http://code.google.com/p/oauth-php/ - As opposed to the PECL extension as I'm unable to install extensions onto the server.

There seem to be plenty of similar questions, but none which actually answer the question - How to use the above library to authenticate with Linkedin.

My code is as follows:

    $cookie_name        = "linkedin_oauth_" . $this->_c->linkedin_api_key;
    $credentials_json   = stripslashes($_COOKIE[$cookie_name]);
    $credentials        = json_decode($credentials_json);

    // Get the Access Token + Secret
    $access_token_url = 'https://api.linkedin.com/uas/oauth/accessToken';

    OAuthStore::instance("2Leg", array(
        'consumer_key'      => $this->_c->linkedin_api_key,
        'consumer_secret'   => $this->_c->linkedin_api_secret
    ));

    try {

        $request = new OAuthRequester($access_token_url, 'POST', array(
            'xoauth_oauth2_access_token' => $credentials->access_token
        ));

        $result = $request->doRequest();

    } catch(OAuthException2 $e) {

        print_r($e->getMessage());

    }

The catch statement outputs:

Request failed with code 400: oauth_problem=parameter_absent&oauth_parameters_absent=oauth_verifier

How do I get this oauth_verifier? It was my understanding that I shouldn't need it if I was passing the xoauth_oauth2_access_token already?

I've checked all of the variables I.E. $credentials and $this->_c and all of the variables are passing through correctly.

1
phpoauthlinkedin

1 Answers

2
votes

This is actually a bug in the oauth-php library. The library is incorrectly handling parameters which are prefixed with xoauth_* and treating them the same way it handles oauth_* parameters. This is in violation of the OAuth spec and most (all?) other OAuth libraries don't have this issue. The fix is to do the following:

Inside the file OAuthRequestSigner.php, find the following:

1) inside the getAuthorizationHeader function, find the line which reads:

if (strncmp($name, 'oauth_', 6) == 0 || strncmp($name, 'xoauth_', 7) == 0)

and change it to be:

if (strncmp($name, 'oauth_', 6) == 0)

2) Inside the function getQueryString, find the line which reads:

||  (strncmp($name, 'oauth_', 6) != 0 && strncmp($name, 'xoauth_', 7) != 0))

and change it to be:

||  (strncmp($name, 'oauth_', 6) != 0)

After that, all you need to do is essentially the same as you were already doing, which is the following:

try {

    $request = new OAuthRequester($access_token_url, "POST", array('xoauth_oauth2_access_token' => $access_token));

    $result = $request->doRequest();

    var_dump($result);

} catch(OAuthException2 $e) {

    print_r($e->getMessage());

}

And you should be all set. If you have any further issues, please do not hesitate to reach out on our developer forums and either myself or someone else on the team would be happy to help.

Enjoy!

-Jeremy