Linkedin API access token generation error

12
votes

i am trying to generate access token to collect linkedin data. I followed the instructions provided in the linkedin API documentaion. I created an app in developers page and got the following:

Application Details
•   Company:
Fresher
•   Application Name:
xxxxxxxxxx
•   API Key:
75pcum6zb2cael
•   Secret Key:
xxxxxxxxxxxxxxxx
•   OAuth User Token:
xxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
•   OAuth User Secret:
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx

Using the API Key i generated the authorization_code with the URL:

https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=75pcum6zb2cael&state=DCEEFWF45453sdffef424&redirect_uri=https://www.google.com

but when i finally tried to generate the access token using the below URL, i got an error response :

https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=AUTHORIZATION_CODE&redirect_uri=https://www.google.com&client_id=75pcum6zb2cael&client_secret=xxxxxxxxxxxxxxxx

{"error_description":"missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired","error":"invalid_request"}

Even after multilple validations, the same error messages appears.

please help. thanks.

5
linkedin
Not a programming question, but an issue with a vendor's API.user559633
Can explain in detail, what was the bug? could you please post your answer, so that would be helpfulPrasanna

5 Answers

29
votes

finally, i got the access token. The authorization code expires in 20 seconds, so the access token URL must be called immediately after generating the authorization code.

10
votes

Well, I went through the same problem and here is the process which i went through to fix it.

STEP#1: Authentication:

  1. Firstly, the authentication API is to be hit to fetch the authentication token.
  2. For this, a URL with Encoded parameters is to be hit as a GET request.
  3. Example: https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=[your_client_id]&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flinkedin%2Fcallback&scope=r_emailaddress
  4. Please note that here, the parameters are to be encoded programatically.
  5. My non-encoded callback URL is: http://localhost:8080/linkedin/callback
  6. Therefore, my encoded URL is: http%3A%2F%2Flocalhost%3A8080%2Flinkedin%2Fcallback

Once you hit this as a GET request, you will receive a callback with a code and an optional state parameter.

STEP#2: Getting Access Token:

There are three pre-requisites to this call:

  1. The call must be POST
  2. It must have a header Content-Type with value application/x-www-form-urlencoded
  3. The data must be sent in request body.
  4. The value of redirect_url MUST BE SAME as in the previous call.
  5. In my case, it was: http://localhost:8080/linkedin/callback

Now the trick here is, that the call in (STEP#1 Authentication) was a GET request. Therefore, the redirect_url had to be programatically encoded.

Since the second call for is POST and is also application/x-www-form-urlencoded encoded, therefore the request body parameters do not have to be explicitly encoded. So, in this case, the redirect_uri would be sent as-is (http://localhost:8080/linkedin/callback)

Here is a snapshot of my Access Token API via postman: enter image description here

5
votes

My problem was in redirect_uri which contained url with query parameters (like redirect_uri=encodeURIComponent(http://example.com/callback?query=string)).

If redirect url is completely different linkedin will show you an error before showing you login form, but if redirect_url matches what you specified in linkedin app and contains extra query parameters, you'll not get an error, so once login form is submitted you'll get an invalid code and as a result error as above.

1
votes

This error may be scopes related.

On the details of your application when selecting scopes there is this message:

enter image description here

Selecting both r_basicprofile and r_fullprofile is redundant. r_basicprofile will be selected if neither r_basicprofile nor r_fullprofile is checked.

If you are selecting both r_basicprofile and r_fullprofile just uncheck r_basicprofile or remove it from your Authorization Code Request.

1
votes

I had the same problem, in my case I was using different redirect_uri for authorization and for access token. I had "proxy": "localhost:3001" in my package.json, and it overriden my request_uri.

So my suggestion: make sure the hosts and redirect_uri are all the same for two requests (both backend and server side).