I have a web application and it can successfully obtain access tokens from LinkedIn's API with the token's length equals to 350 characters, but when I am using the obtained access token to request data from LinkedIn, LinkedIn API now throws me an error like this:
Access Token is too long (maximum is 255 characters)
The web application has been working well for many years and this error only happens recently, is there any change LinkedIn made that I am not aware of?
Are you sending the access token in a URL parameter or in a header? I believe there is no length restriction if it's in a header.
See Step 4 here: https://developer.linkedin.com/docs/oauth2
The header will be:
Authorization: Bearer your_access_token
Related
After LinkedIn changed his API to v2 my users cannot login on my website anymore. The error message is
Multiple access token provided
With LinkedIn v1 API everything was good. For development purpose I added a second app in my LinkedIn account with a subdomain of the original domain. With the "subdomain"-app I received the error message that v1 is not supported anymore. The "original" domain app still worked with v1 until a couple of days ago. I adjusted the request to v2 and I received the error message "Multiple access token provided". I deleted the subdomain app, but the error still occurred.
With:
https://api.linkedin.com/v2/me?projection=(id,firstName,lastName,profilePicture(displayImage~:playableStreams))&format=json&access_token=xxxx
I receive:
"serviceErrorCode":100,"message":"Unpermitted fields present in PARAMETER: Data Processing Exception while processing fields [/access_token, /format]","status":403
I changed the access token name to oauth2_access_token:
https://api.linkedin.com/v2/me?projection=(id,firstName,lastName,profilePicture(displayImage~:playableStreams))&format=json&oauth2_access_token=xxxxx
I receive:
serviceErrorCode":65603,"message":"Multiple access token provided","status":401
What do I have to do, to provide just one (the right) access token?
Your access token needs to be included in the Authorization: Bearer {token} header of your request. You do not need to append the format=json query parameter as all API responses are returned in JSON format.
Currently I have both Facebook and LinkedIn Oauth2 flow working fine. Because in some cases I don't want the user to redirect to another page, I use the Facebook JS SDK that works fine, retrieving the access token and sending it to the server where I retrieve user data with REST calls.
Unfortunately, I'm not having success in doing the same with the LinkedIn JS SDK. The official documentation isn't helpful at all in that regard: https://developer.linkedin.com/docs/getting-started-js-sdk.
I retrieve user data in the server because it's easy to forge fake data in the client side and send it to the server, so a client side solution for that is not an option.
If I try to use the token that I get in js in the REST API I get Invalid access token. (401)
There are several opened questions that doesn't have any response (or a helpful response) here in SO:
2015-08-03 - No response:
Javascript: Linkedin Access TOken
2016-05-29 - No response:
can I get access token through LinknedIn JS SDK?
2016-08-31 - No helpful response (data is retrieved in the front-end):
How to Get Access Token Using LinkedIn API JavaScript SDK
2017-06-30 - No helpful response:
LinkedIn OAuth token with Javascript SDK
In the below question, there is a comment that says what I'm already guessing:
[...] Honestly I think the JS API is completely useless like this
because if you can't verify/use the token server-side you basically
cannot trust any of the information.
2015-07-22 - No helpful response (data is retrieved in the front-end):
get linkedin Access Token with JavaScript SDK
There's some information about exchanging the Javascript API tokens with a REST API OAuth token, but in the references I've found the links are broken (and it would be impractical to do this, depending on the complexity, instead of using the token directly, like in the Facebook JS SDK):
http://developer.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens
https://developer-programs.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens
So, I would like to know if there is some way to login with LinkedIn using the JS SDK and retrieve the user data in the back-end using REST calls (like I do in the Oauth2 flow), hopefully with official docs.
I've had the same problem and the only way I found to use the JS token was to add the header oauth_token instead of an Authorization Bearer header:
POST https://api.linkedin.com/v1/people/~:(id,firstName,lastName,picture-url,email-address)?format=json
Headers {
'oauth_token': JS_TOKEN
}
The JS_TOKEN I'm reading on frontend from IN.ENV.auth.oauth_token.
I've been struggling with the same issue for some time, this is the way I solved it (not using the JS SDK):
Step 1: you send your user to the LinkedIn login page, in the redirect_uri param use an endpoint to handle all the logic related to LinkedIn.
Step 2: When the user finishes login in, Linkedin is going to send a GET request to that endpoint, this request will have an "Authorization Token", this token is just a temporal token and it won't allow you to get your user's data.
Step 3: Use the Authorization Token you just received and send a post request to Linkedin
Step 4: Linkedin will send you back an Access Token (this is the one you are looking for), now you can request all the information you want
Step 5: Redirect your user back to your web app.
The structure of the request as well of the anchor tag params are available here: https://developer.linkedin.com/docs/oauth2
Using the Paw app I would like to use the OAuth 2 "Get Access Token" functionality to automatically get or refresh token. I have no problem configuring it with the username and password and getting the proper response. However, the response is a JSON object, not just the access code, so Paw doesn't know what to do with it.
{"accessToken":"JWT content..."}
Error OAuth 2 Response 'Access Token' No access token found in the
response.
Is it possible to tell Paw what property to read in the response in order to get/refresh the access token? Or does it need to be configured with two separate requests (not utilizing the handy built-in OAuth 2 dialogue)?
If you return a JSON object then Paw expects it to be in the format
{"access_token": "....", ...}
which conforms to the OAuth2 standard https://www.rfc-editor.org/rfc/rfc6749#section-4.1.4
I have been unable to find any information on how you could configure Paw to look for a different key.
I am facing with strange issue from Facebook user access token.
In details, i wanna get long-lived access token from my Facebook Apps and it return me 88 chars access token instead of 177 chars of correct access token (like before I use this way to get it), so I use it in my Java app using Facebook SDK and it always got error "The access token could not be decrypted".
How to make it work, I am sure no typos or copy-paste missing in this case
I am looking to fetch degree of my particular connection without API using LinkedIn federator. For e.g. I have a first degree connection named "Vivek Joshi" working in company "ABC". So, I query LinkedIn federator to find the degree which is first("1st") in this case.
Query URL -- https://www.linkedin.com/ta/federator?query=Vivek,Joshi,ABC&types=mynetwork
and I get a JSON response containing degree information. The above URL works only if user is logged in to LinkedIn.
I have asp.net application in which I have "Sign in with LinkedIn" option as available too. But when I authorize any user to LinkedIn through my application and see the response headers of the LinkedIn authorization call, there is a header named as "Set-Cookie" but it doesn't have cookie I'm looking for which is "li_at"(LinkedIn Session Cookie).
The problem is that query url mentioned above expects a request header named as "cookie" with the value of "li_at" cookie.
How can I make the above URL work?
It is not possible to retrieve this information without using the API. Access to connection data is currently available to select LinkedIn partner developers. You can learn more about LinkedIn's partner programs here: https://developer.linkedin.com/partner-programs