Hi There,
Seems like a lot of other users have had problems w/ LinkedIn's oauth implementation too. I just rant in to the issue that many users have described at the following link. The LinkedIn engineer recommends the following workaround but I'm not sure how/if I can do that w/ PSA. Any pointers?
https://developer.linkedin.com/comment/28935#comment-28935
I wanted to give an update on this. I've narrowed down how to reproduce this every time on my end:
Not all users are affected. Only certain users who happen to hit a specific data center. If one of your users happens to be hitting this data center (we have certain logic that determines which DC to hit), and this user is authorizing your application for the FIRST TIME, they revoked your application but want to use it again, or their existing access token has expired and you're taking them through the auth flow again, you may run into this error if:
In the second step of your OAuth2 flow, when you make a POST call to the /accessToken endpoint, if you're passing the OAuth parameters in your request body (i.e. auth code, client id, client secret), when you get an access token back for that user your calls will continually fail with the 401 mentioned above. This will fail for about 5-10 minutes, then that same token should start to work again.
Now, in the step above, if you were to make a POST call to the /accessToken endpoint but pass the OAuth parameters as QUERY parameters (as mentioned in our docs: Authentication) instead of passing in the body of the message as described above, you should not run into the error.
We understand that most OAuth2 libraries will make a POST call to the /accessToken endpoint and pass the parameters in the body of the message. We're currently working on a fix on our end to not break this compatibility. As soon as I have an update I'll let everyone know. I just wanted to keep all of you in the loop that a fix has been identified and we're doing what we can to get it into production ASAP.
Thanks for working with us on this and providing details. It helped narrow it down.
Hi There,
Seems like a lot of other users have had problems w/ LinkedIn's oauth implementation too. I just rant in to the issue that many users have described at the following link. The LinkedIn engineer recommends the following workaround but I'm not sure how/if I can do that w/ PSA. Any pointers?
https://developer.linkedin.com/comment/28935#comment-28935
I wanted to give an update on this. I've narrowed down how to reproduce this every time on my end:
Not all users are affected. Only certain users who happen to hit a specific data center. If one of your users happens to be hitting this data center (we have certain logic that determines which DC to hit), and this user is authorizing your application for the FIRST TIME, they revoked your application but want to use it again, or their existing access token has expired and you're taking them through the auth flow again, you may run into this error if:
In the second step of your OAuth2 flow, when you make a POST call to the /accessToken endpoint, if you're passing the OAuth parameters in your request body (i.e. auth code, client id, client secret), when you get an access token back for that user your calls will continually fail with the 401 mentioned above. This will fail for about 5-10 minutes, then that same token should start to work again.
Now, in the step above, if you were to make a POST call to the /accessToken endpoint but pass the OAuth parameters as QUERY parameters (as mentioned in our docs: Authentication) instead of passing in the body of the message as described above, you should not run into the error.
We understand that most OAuth2 libraries will make a POST call to the /accessToken endpoint and pass the parameters in the body of the message. We're currently working on a fix on our end to not break this compatibility. As soon as I have an update I'll let everyone know. I just wanted to keep all of you in the loop that a fix has been identified and we're doing what we can to get it into production ASAP.
Thanks for working with us on this and providing details. It helped narrow it down.