I get a 500 Internal Server Error status code from the LinkedIn Oauth API when requesting an access token through the https://www.linkedin.com/oauth/v2/accessToken endpoint. I sent the request through Postman:
Some of the response headers are:
X-FS-UUID: e55c91c29d42be1500c2b829062b0000
X-Frame-Options: sameorigin
X-LI-UUID: 5VyRwp1CvhUAwrgpBisAAA==
X-Li-Fabric: prod-lor1
X-Li-Pop: afd-prod-esv5
X-Li-Proto: http/1.1
The LinkedIn API docs explain that this 500 Internal Server Error status code means that LinkedIn is experiencing an internal error.
How can I troubleshoot this?
All the key values should be sent as query params, and also remove code_verifer.
I am using the following request to fetch access Token
https://www.linkedin.com/oauth/v2/accessToken?grant_type=authorization_code&code=[CODE]&redirect_uri=https://getpostman.com/oauth2/callback&client_id=[CLIENT_ID]&client_secret=[CLIENT_SECRET]
Related
I'm making an auth POST request to the https://example.my.workfront.com/integrations/oauth2/api/v1/jwt/exchange (note: actual request has 'example.my' subdomain replaced with the real Workfront subdomain for my org) endpoint with the required client_id, client_secret, and jwt_token values but receiving the following 404 response and error message in the Response:
{"statusCode":404,"error":true,"type":"Not Found","message":"Invalid Host"}
I searched the API docs and Workfront forum for any additional information on what could cause the error but had no luck. Does anyone know what is causing this error?
For context, this request seems to work fine from Postman on my local machine (i.e. auth token is returned) but fails on the server that is being used for this machine to machine application.
The issue was that the request to the Workfront API was including the port in the host Header value, i.e. example.my.workfront.com:443.
Excluding the port so the host Header value is in the format example.my.workfront.com resolved the issue and provided the expected 200 response with auth token.
Specifically for requests with an expired JWT (say, a password reset), what should the HTTP status code be?
Would 410 Gone, be the most appropriate?
401 Unauthorized - most appropriate for your case.
I am trying to get a user's email address from their Linked In.
I complete the whole OAuth 2.0 Authorization Code Flow and get an access token but when I make a GET request to the endpoint https://api.linkedin.com/v2/me?projection=(email-address), it returns a 403 (Forbidden) HTTP status code.
Here is what happens:
When I specify r_liteprofile r_email-address as the permission in the scope parameter when making a request for an authorization code, and when asking for data, as the fields, the parameter projection=(localizedFirstName, localizedLastName, email-address), I get a 200 HTTP Status code but in the result JSON, I get only the localizedFirstName and localizedLastName values.
If I specify just the r_emailaddress permission in the scope parameter and projection=(email-address) when asking for data, I receive a 403 (Forbidden) Status Code.
If I specify just r_emailaddress in the scope field and leave out specifying any fields, i.e. I hit the https://api.linkedin.com/v2/me endpoint without any parameters (but the access token sent appropriately in the Authorization header as a Bearer scheme token), I get a 403 (Forbidden) HTTP Status Code.
My application does have permission for r_emailaddress as that is a basic permission that is granted to all applications upon creation and does not need approval.
Am I hitting the right endpoint for getting the email address? Everything seems to be alright but I still get a 403. What's going on?
The request to retrieve the email address is:
GET https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))
You need to request the r_emailaddress scope to use this endpoint.
See https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin?context=linkedin/consumer/context for reference.
We have an error in authentication requests.
When our application was receive code and try to exchange them with access token by calling to https://www.linkedin.com/oauth/v2/accessToken, the LinkedIn API return: errorCode=0, message=Internal API server error, requestId=KIEGT2ADK7, status=500, timestamp=1518791169197
Please, help us with this issue. This erroneous response is stable.
Have you correctly add this Header
Content-Type: application/x-www-form-urlencoded
Hi guys : What should the correct http response code be for an request which, although well-formed, is includes an invalid oauth token ?
The error code 400 seems misleading, since an invalid oauth is, I believe, not malformed request.
Strangely, it is the case that facebook oauth tokens (if invalid), cause an api return of result in the return if a 400 response code....
From http://oauth.net/core/1.0a/#http_codes
HTTP 400 Bad Request
Unsupported parameter
Unsupported signature method
Missing required parameter
Duplicated OAuth Protocol Parameter
HTTP 401 Unauthorized
Invalid Consumer Key
Invalid / expired Token
Invalid signature
Invalid / used nonce
So the 401 is right.
Correct.
401 Unauthorized should be the primary choice for response status code in your example.
EDIT:
I spent some time browsing the OAuth2 draft, and it looks like they specify the following when client authentication fails:
normally MUST respond with 400 Bad Request, but
MAY respond with 401 Unauthorized, and
MUST respond with 401 Unauthorized if authentication was attempted using the Authorization request header. If so it must also include a WWW-Authenticate in the response.