After LinkedIn changed his API to v2 my users cannot login on my website anymore. The error message is
Multiple access token provided
With LinkedIn v1 API everything was good. For development purpose I added a second app in my LinkedIn account with a subdomain of the original domain. With the "subdomain"-app I received the error message that v1 is not supported anymore. The "original" domain app still worked with v1 until a couple of days ago. I adjusted the request to v2 and I received the error message "Multiple access token provided". I deleted the subdomain app, but the error still occurred.
With:
https://api.linkedin.com/v2/me?projection=(id,firstName,lastName,profilePicture(displayImage~:playableStreams))&format=json&access_token=xxxx
I receive:
"serviceErrorCode":100,"message":"Unpermitted fields present in PARAMETER: Data Processing Exception while processing fields [/access_token, /format]","status":403
I changed the access token name to oauth2_access_token:
https://api.linkedin.com/v2/me?projection=(id,firstName,lastName,profilePicture(displayImage~:playableStreams))&format=json&oauth2_access_token=xxxxx
I receive:
serviceErrorCode":65603,"message":"Multiple access token provided","status":401
What do I have to do, to provide just one (the right) access token?
Your access token needs to be included in the Authorization: Bearer {token} header of your request. You do not need to append the format=json query parameter as all API responses are returned in JSON format.
Related
I have seen many posts for this error and all of them said to add my URL under both the API key that's generated by Firebase and the OAuth 2.0 Client IDs.
My domain is lyricsandquotes.org so I added the URL in both of these.
The screenshot from the API Key:
The screenshot from the OAuth:
However, I am still getting this error. What am I doing wrong?
I noticed I had to change the redirect URI under the Client ID credentials to the one specified in the error message:
I'm wondering if someone can explain the overlap between Firebase AppCheck and Recaptchav3. I have a public web application with AppCheck enabled and configured to use the Recaptchav3 provider. An integral part of using Recaptcha however is verifying the client's score to determine whether or not to deny the request. AppCheck does it's job in my Firebase function by providing attestation based on referrer, however, I haven't found a way to retrieve the Recaptcha score.
I've tried retrieving the AppCheck token from the X-Firebase-AppCheck header and submitting it to the Recaptcha service for verification, but that returns an invalid user response error.
So my question is: is it possible to retrieve the Recaptcha score from the callable function context? If not, how is this case normally addressed?
I've manually included the Recaptcha script and retrieved the token on the client side which works, but that amounts to Recaptcha being added twice (first with AppCheck and second from a manual inclusion), which doesn't feel right.
I've spoken to Firebase support and it seems that it is not possible to retrieve the Recaptchav3 score from AppCheck. So the only solution is to retrieve it on the client-side as you would in a typical Recaptcha config, and submit it along with the request to your backend. The process to verify the Recaptcha token and retrieve the score once received at the backend remains the same.
So at the moment, the only value AppCheck on the web provides is automatic referrer verification.
I want to implement an Actions for Google app that links to user account in a Firebase project and query's their data. I have a website that is set up using Firebase UI that logs them in and redirects them to a dummy page that basically just says "You have been logged in." I cannot see any documentation anywhere that shows how to return this auth token to google so the assistant can use it to query things on their account. Does anybody know how to accomplish this? I am using this documentation https://developers.google.com/actions/identity/google-sign-in-oauth?creation=no. This is the specific text I am not understanding.
"Your service creates an access token and returns it to Google by redirecting the user's browser back to Google with the access token attached to the request."
This basically means that, instead of returning a new page, you issue an HTTP redirect to a URL that they have sent you as part of the request. You will need to add some parameters to this URL that include the auth info, and this is how Google will get the information - via the redirect handled by the user's browser.
They provide some details further down in step 4 on that page, which reads
Send an HTTP response that redirects the user's browser to the URL
specified by the redirect_uri parameter. Include all of the following
parameters in the URL fragment:
access_token: the access token you just generated
token_type: the string bearer
state: the unmodified state value from the original request
The following is an example of the resulting URL:
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID#access_token=ACCESS_TOKEN&token_type=bearer&state=STATE_STRING
I have a web application and it can successfully obtain access tokens from LinkedIn's API with the token's length equals to 350 characters, but when I am using the obtained access token to request data from LinkedIn, LinkedIn API now throws me an error like this:
Access Token is too long (maximum is 255 characters)
The web application has been working well for many years and this error only happens recently, is there any change LinkedIn made that I am not aware of?
Are you sending the access token in a URL parameter or in a header? I believe there is no length restriction if it's in a header.
See Step 4 here: https://developer.linkedin.com/docs/oauth2
The header will be:
Authorization: Bearer your_access_token
Currently I have both Facebook and LinkedIn Oauth2 flow working fine. Because in some cases I don't want the user to redirect to another page, I use the Facebook JS SDK that works fine, retrieving the access token and sending it to the server where I retrieve user data with REST calls.
Unfortunately, I'm not having success in doing the same with the LinkedIn JS SDK. The official documentation isn't helpful at all in that regard: https://developer.linkedin.com/docs/getting-started-js-sdk.
I retrieve user data in the server because it's easy to forge fake data in the client side and send it to the server, so a client side solution for that is not an option.
If I try to use the token that I get in js in the REST API I get Invalid access token. (401)
There are several opened questions that doesn't have any response (or a helpful response) here in SO:
2015-08-03 - No response:
Javascript: Linkedin Access TOken
2016-05-29 - No response:
can I get access token through LinknedIn JS SDK?
2016-08-31 - No helpful response (data is retrieved in the front-end):
How to Get Access Token Using LinkedIn API JavaScript SDK
2017-06-30 - No helpful response:
LinkedIn OAuth token with Javascript SDK
In the below question, there is a comment that says what I'm already guessing:
[...] Honestly I think the JS API is completely useless like this
because if you can't verify/use the token server-side you basically
cannot trust any of the information.
2015-07-22 - No helpful response (data is retrieved in the front-end):
get linkedin Access Token with JavaScript SDK
There's some information about exchanging the Javascript API tokens with a REST API OAuth token, but in the references I've found the links are broken (and it would be impractical to do this, depending on the complexity, instead of using the token directly, like in the Facebook JS SDK):
http://developer.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens
https://developer-programs.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens
So, I would like to know if there is some way to login with LinkedIn using the JS SDK and retrieve the user data in the back-end using REST calls (like I do in the Oauth2 flow), hopefully with official docs.
I've had the same problem and the only way I found to use the JS token was to add the header oauth_token instead of an Authorization Bearer header:
POST https://api.linkedin.com/v1/people/~:(id,firstName,lastName,picture-url,email-address)?format=json
Headers {
'oauth_token': JS_TOKEN
}
The JS_TOKEN I'm reading on frontend from IN.ENV.auth.oauth_token.
I've been struggling with the same issue for some time, this is the way I solved it (not using the JS SDK):
Step 1: you send your user to the LinkedIn login page, in the redirect_uri param use an endpoint to handle all the logic related to LinkedIn.
Step 2: When the user finishes login in, Linkedin is going to send a GET request to that endpoint, this request will have an "Authorization Token", this token is just a temporal token and it won't allow you to get your user's data.
Step 3: Use the Authorization Token you just received and send a post request to Linkedin
Step 4: Linkedin will send you back an Access Token (this is the one you are looking for), now you can request all the information you want
Step 5: Redirect your user back to your web app.
The structure of the request as well of the anchor tag params are available here: https://developer.linkedin.com/docs/oauth2