Linkedin API access token generation error

Question

i am trying to generate access token to collect linkedin data. I followed the instructions provided in the linkedin API documentaion. I created an app in developers page and got the following:

Application Details
•   Company:
Fresher
•   Application Name:
xxxxxxxxxx
•   API Key:
75pcum6zb2cael
•   Secret Key:
xxxxxxxxxxxxxxxx
•   OAuth User Token:
xxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
•   OAuth User Secret:
xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx

Using the API Key i generated the authorization_code with the URL:

https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=75pcum6zb2cael&state=DCEEFWF45453sdffef424&redirect_uri=https://www.google.com

but when i finally tried to generate the access token using the below URL, i got an error response :

https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=AUTHORIZATION_CODE&redirect_uri=https://www.google.com&client_id=75pcum6zb2cael&client_secret=xxxxxxxxxxxxxxxx

{"error_description":"missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired","error":"invalid_request"}

Even after multilple validations, the same error messages appears.

please help. thanks.

Not a programming question, but an issue with a vendor's API. — , Feb 14 '15 at 17:46
Can explain in detail, what was the bug? could you please post your answer, so that would be helpful — Prasanna, Sep 25 '18 at 05:04

score 28 · Accepted Answer · answered Sep 09 '14 at 07:53

28

finally, i got the access token. The authorization code expires in 20 seconds, so the access token URL must be called immediately after generating the authorization code.

answered Sep 09 '14 at 07:53

Ric K

598
1
4
15

1

I am getting accessToken but not getting secretToken value!! Any idea. – kb920 Aug 21 '15 at 10:12
I'm getting the same error. Unable to get the access token. Even before I can get 'code' from params it throws an exception. – Sooraj Jan 13 '17 at 22:37
In my case, code is generating at front-end side (angular), and I've set redirect_uri=http://192.168.1.133:9004/v1.0/jobSeeker/getSocialMediaUser AS a redirect url; But I'm getting Below error..When trying to generate access_token Unable to retrieve access token: appid/redirect uri/code verifier does not match authorization code. Or authorization code expired. Or external member binding exists – Ketav May 09 '18 at 14:07
Can anyone tell me What is going wrong with my code? – Ketav May 09 '18 at 14:09
@KetavChotaliya , how did you resolved your error? can you post your answer here please – Prasanna Sep 25 '18 at 05:02
@PrasannaSasne As mention in answer, a token will expire in 20 sec. We have to use LinkedIn's OAuth 2.0 for the authentication > Create an app in LinkedIn and generate secret keys > Do authenticate the user via LinkedIn (Generally in the frontend). It will return security token. that is valid till next 20 sec. > Generate AccessToken from security token (Generally from Backend), Here u've to mention security token, hostname, secret token and other stuff A hostname is must equal to frontend hostname (from where security token generate) > Now u've an access_token, Get the details from token – Ketav Sep 26 '18 at 05:19
@KetavChotaliya i'm following linkedin Doc only, i'm able to retrieve Auth token, but when i pass my authtoken code, client_secret, client_id etc params, like @Rick has made the call for access Token, still i'm unable to get that token, i've posted my question newly, can you try answering that please? ,` https://stackoverflow.com/questions/52501144/unable-to-get-access-token-linkedin-oauth` – Prasanna Sep 26 '18 at 05:39
But LinkedIn says "... the authorization code has a 30-minute lifespan ..." ??? https://docs.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin/context – Ε Г И І И О Oct 14 '19 at 05:29

score 9 · Answer 2 · answered May 05 '19 at 13:22

Well, I went through the same problem and here is the process which i went through to fix it.

STEP#1: Authentication:

Firstly, the authentication API is to be hit to fetch the authentication token.
For this, a URL with Encoded parameters is to be hit as a GET request.
Example: https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=[your_client_id]&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flinkedin%2Fcallback&scope=r_emailaddress
Please note that here, the parameters are to be encoded programatically.
My non-encoded callback URL is: http://localhost:8080/linkedin/callback
Therefore, my encoded URL is: http%3A%2F%2Flocalhost%3A8080%2Flinkedin%2Fcallback

Once you hit this as a GET request, you will receive a callback with a code and an optional state parameter.

STEP#2: Getting Access Token:

There are three pre-requisites to this call:

The call must be POST
It must have a header Content-Type with value application/x-www-form-urlencoded
The data must be sent in request body.
The value of redirect_url MUST BE SAME as in the previous call.
In my case, it was: http://localhost:8080/linkedin/callback

Now the trick here is, that the call in (STEP#1 Authentication) was a GET request. Therefore, the redirect_url had to be programatically encoded.

Since the second call for is POST and is also application/x-www-form-urlencoded encoded, therefore the request body parameters do not have to be explicitly encoded. So, in this case, the redirect_uri would be sent as-is (http://localhost:8080/linkedin/callback)

Here is a snapshot of my Access Token API via postman:

The snapshot and the details about "encoded" or "non-encoded" URL solved my problems — Cpalitzyne, Nov 24 '19 at 23:24

score 5 · Answer 3 · edited Jul 09 '18 at 01:39

My problem was in redirect_uri which contained url with query parameters (like redirect_uri=encodeURIComponent(http://example.com/callback?query=string)).

If redirect url is completely different linkedin will show you an error before showing you login form, but if redirect_url matches what you specified in linkedin app and contains extra query parameters, you'll not get an error, so once login form is submitted you'll get an invalid code and as a result error as above.

score 1 · Answer 4 · answered Feb 17 '15 at 12:50

1

This error may be scopes related.

On the details of your application when selecting scopes there is this message:

enter image description here

Selecting both r_basicprofile and r_fullprofile is redundant. r_basicprofile will be selected if neither r_basicprofile nor r_fullprofile is checked.

If you are selecting both r_basicprofile and r_fullprofile just uncheck r_basicprofile or remove it from your Authorization Code Request.

answered Feb 17 '15 at 12:50

Francisco Costa

5,577
5
32
42

can you please help me, as i'm facing same problem. I tried many ways. sharing my question link `https://stackoverflow.com/questions/52501144/unable-to-get-access-token-linkedin-oauth` – Prasanna Sep 26 '18 at 10:35
Are these permissions still valid? I only see r_emailaddress` and r_liteprofile and everything else seems to have been removed by linkedin. – Pacerier Jul 29 '20 at 06:37

score 1 · Answer 5 · answered Jul 23 '20 at 14:03

I had the same problem, in my case I was using different redirect_uri for authorization and for access token. I had "proxy": "localhost:3001" in my package.json, and it overriden my request_uri.

So my suggestion: make sure the hosts and redirect_uri are all the same for two requests (both backend and server side).

Linkedin API access token generation error

5 Answers5

Linked