All geek questions in one place

LInkedIn oAuth2 400 Bad Request Request Token

I am afraid the second day with the LinkedIN API, every time I try to get a token, I get 400 Bad Request.

Here is my code, maybe someone can help with this?

public void RequestAuthentication(System.Web.HttpContextBase context, System.Uri returnUrl) { string url = String.Format("https://www.linkedin.com/uas/oauth2/authorization?response_type=code" + "&client_id={0}" + "&scope={1}" + "&state={3}" + "&redirect_uri={2}",this._consumerKey,_scope,HttpUtility.UrlEncode(returnUrl.ToString()),Guid.NewGuid().ToString()); context.Response.Redirect(url); } public AuthenticationResult VerifyAuthentication(System.Web.HttpContextBase context) { //TODO: check CSRF string code = context.Request.QueryString["code"]; string rawUrl = context.Request.Url.OriginalString; //From this we need to remove code portion rawUrl = Regex.Replace(rawUrl, "&code=[^&]*", ""); string authUrl = "https://www.linkedin.com/uas/oauth2/accessToken"; string postData = String.Format("grant_type=authorization_code&code={0}&redirect_uri={1}&client_id={2}&client_secret={3}", code,HttpUtility.UrlEncode(context.Request.QueryString["ReturnUrl"]), _consumerKey, _consumerSecret); //WebClient client = new WebClient(); //var getReq = client.DownloadString(authUrl + "?" + postData); HttpWebRequest webRequest = WebRequest.Create(authUrl + "?" + postData) as HttpWebRequest; webRequest.Method = "POST"; //This "application/x-www-form-urlencoded"; line is important webRequest.ContentType = "application/x-www-form-urlencoded"; webRequest.ContentLength = postData.Length; StreamWriter requestWriter = new StreamWriter(webRequest.GetRequestStream()); requestWriter.Write(postData); requestWriter.Close(); StreamReader responseReader = new StreamReader(webRequest.GetResponse().GetResponseStream()); }

Any thought? Maybe someone decided this in the past?

+4
source share
2 answers

You must use the same redirect_uri as in

 public void RequestAuthentication(System.Web.HttpContextBase context, System.Uri returnUrl)

AND

 public AuthenticationResult VerifyAuthentication(System.Web.HttpContextBase context)

function. But in your redirect_uri code, the first HttpUtility.UrlEncode function (returnUrl.ToString ()) and the second HttpUtility.UrlEncode function (context.Request.QueryString ["ReturnUrl"]) are not the same (I think). So make sure you solve this problem. The code may work.

0
source

I just debugged this, here are some of the things I tried before it was successful. I'm not sure which of them did it right, so I’ll omit them all just in case you need to start somewhere:

  • HTTP 1.1 protocol
  • Add content-type: application/x-www-form-urlencoded header content-type: application/x-www-form-urlencoded
  • Do not update the response from the authorization code return page; the code in the URL parameter ( $_GET['code'] in PHP) apparently cannot be reused ( another answer says it expires every 20 seconds)
    • In other words, do not try to reuse or cache the authorization code, pass it directly to the request for access to ASAP tokens
  • Try using another application (e.g. SoapUI or Fiddlr) to get to the endpoint, to show that it is working, and to see some headers more clearly
    • If we say that the response headers (and not just the response code) can be useful
  • Sending data as POST content not as a URL parameter

Note that a 400 error indicates an invalid request ( 400 BAD request, an HTTP error code meaning? ), And not a missing resource ( 404 ), which can also happen if you think too fast.

0
source

Source: https://habr.com/ru/post/1485461/

More articles:


All Articles