LInkedIn oAuth2 request token 400 Bad Request

Question

I am fighting second day with LinkedIN API , each time I am trying to get a token , I am getting 400 Bad Request.

Here is my code , maybe someone can help with this ?

public void RequestAuthentication(System.Web.HttpContextBase context, System.Uri returnUrl)
{
    string url = String.Format("https://www.linkedin.com/uas/oauth2/authorization?response_type=code" +
                 "&client_id={0}" +
                 "&scope={1}" +
                 "&state={3}" +
                 "&redirect_uri={2}",this._consumerKey,_scope,HttpUtility.UrlEncode(returnUrl.ToString()),Guid.NewGuid().ToString());
    context.Response.Redirect(url);
}

public AuthenticationResult VerifyAuthentication(System.Web.HttpContextBase context)
{
    //TODO: check CSRF
    string code = context.Request.QueryString["code"];

    string rawUrl = context.Request.Url.OriginalString;
    //From this we need to remove code portion
    rawUrl = Regex.Replace(rawUrl, "&code=[^&]*", "");

    string authUrl = "https://www.linkedin.com/uas/oauth2/accessToken";
    string postData = String.Format("grant_type=authorization_code&code={0}&redirect_uri={1}&client_id={2}&client_secret={3}", code,HttpUtility.UrlEncode(context.Request.QueryString["ReturnUrl"]), _consumerKey, _consumerSecret);

    //WebClient client = new WebClient();
    //var getReq =  client.DownloadString(authUrl + "?" + postData);

    HttpWebRequest webRequest = WebRequest.Create(authUrl + "?" + postData) as HttpWebRequest;
    webRequest.Method = "POST";

    //This "application/x-www-form-urlencoded"; line is important
    webRequest.ContentType = "application/x-www-form-urlencoded";

    webRequest.ContentLength = postData.Length;

    StreamWriter requestWriter = new StreamWriter(webRequest.GetRequestStream());
    requestWriter.Write(postData);
    requestWriter.Close();

    StreamReader responseReader = new StreamReader(webRequest.GetResponse().GetResponseStream());
}

Any thought ? Maybe someone solved similar in past ?

Answer 1

You have to use the same redirect_uri in both

public void RequestAuthentication(System.Web.HttpContextBase context, System.Uri returnUrl)

And

public AuthenticationResult VerifyAuthentication(System.Web.HttpContextBase context)

function. But in your code redirect_uri of first function HttpUtility.UrlEncode(returnUrl.ToString()) and second function HttpUtility.UrlEncode(context.Request.QueryString["ReturnUrl"]) are not same (I think). So make sure you have fix this problem. You code may be worked.

Answer 2

I just debugged this, here's some of the things I tried before it was successful. I'm not sure which one made it correct, so I'll put them all down just in case you need somewhere to start:

• HTTP protocol 1.1
• Add a content-type: application/x-www-form-urlencoded header
• Do not refresh the response from the authorization code return page; the code in the URL parameter ($_GET['code'] in PHP) apparently can't be re-used (another answer says it expires every 20 seconds)
  • To put it another way, don't try to re-use or cache the authorization code, flow it directly into the access token request ASAP
• Do try to use another application (like SoapUI or Fiddlr) to hit the endpoint to show it is working, and to see some headers more clearly
  • That being said, looking at the response headers (not just the response code) can be helpful
• Sending the data as POST content not as a URL parameter

Note that a 400 error indicates a malformed request (400 BAD request HTTP error code meaning?) not a missing resource (404) which can also be a gotcha if you're thinking too fast.