I am applying connect with linkedin
. I'm following the step by step guide. To authenticate users, I took help from this.
When the user clicks the connect with linkedin
button the user is taken to the linkedin login page. After the user has given access to the account the user is redirected to:
https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=1ba8ogpm9e05&scope=r_basicprofile%20r_emailaddress&state=STATE&redirect_uri=http://127.0.0.1:8088/sandbox/linkedin/test.php
Through this, I get the authorization code. And pass it in the following url
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=AUTHORIZATION_CODE&redirect_uri=http://127.0.0.1:8088/sandbox/linkedin/final.php&client_id=1ba8ogpm9e05&client_secret=n7GN09I3F2L3IJD1
Here, the error comes i.e.
"error":"invalid_request","error_description":"missing required parameters, includes an invalid parameter value, parameter more then once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired"
Where am I going wrong? I have double checked my api key and secret key.
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=AUTHORIZATION_CODE&redirect_uri=http://127.0.0.1:8088/sandbox/linkedin/final.php&client_id=1ba8ogpm9e05&client_secret=n7GN09I3F2L3IJD1
https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=1ba8ogpm9e05&scope=r_basicprofile%20r_emailaddress&state=STATE&redirect_uri=http://127.0.0.1:8088/sandbox/linkedin/test.php
This both should contain same redirect_uri
according to the LinkedIn authentication guide:
Parameter: redirect_uri
Description: Required. Same redirect_uri
that you passed in the previous step.
Possible Errors:
- Different
redirect_uri
than used during authorization code generation
- Passed an invalid value
- Passed an empty or blank value
- Missing the parameter
I got the same error as you. I also met the following conditions:
- My request was a
POST
request.
- My
redirect_uri
's were the same in /authorization
and /accessToken
calls.
- The
/accessToken
call was executed immediately after receiving the authorization code, so
it wouldn't expire.
What finally did the trick for me was revoking the access token generated on the application details page on https://www.linkedin.com/secure/developer.
This is an access token for oAuth 1.a and is not compatible with oAuth 2.0 on which the linkedIn api is currently running.
After revoking this access token I was able to get a new one with the /authorization
and /accessToken
calls.
You may also want to make sure you are sending the access token request as a 'POST'
Fissh