LinkedIn OAuth: “signature_invalid” response when requesting a POST HTTP request (for request token)

StackOverflow https://stackoverflow.com/questions/9342469

  •  30-04-2021
  •  | 
  •  

Question

When I request from LinkedIn a request token to https://api.linkedin.com/uas/oauth/requestToken, I get the following error:

oauth_problem=signature_invalid&oauth_problem_advice=com.linkedin.security.auth.pub.LoginDeniedInvalidAuthTokenException%20while%20obtaining%20request%20token%20for%20%3APOST%26https%253A%252F%252Fapi.linkedin.com%252Fuas%252Foauth%252FrequestToken%26oauth_callback%253Doob%2526oauth_consumer_key%253DI9DvH3zT4c-sjmrQTmo_AeJOfi8v8n1ChYHYAV8A3siVLyu1qLZqPq_HiGecD0bp%2526oauth_nonce%253D2958724240022%2526oauth_signature_method%253DHMAC-SHA1%2526oauth_timestamp%253D1308562221%2526oauth_version%253D1.0%0AOAU%3AI9DvH3zT4c-sjmrQTmo_AeJOfi8v8n1ChYHYAV8A3siVLyu1qLZqPq_HiGecD0bp%7C%2A01%7C%2A01%7C%2A01%3A1308562221%3AkPisU0TwUgiNIYpigUrKITMwo7c%3D

This is a HTTP 401 Unauthorized response.

The Exception:

net.oauth.exception.OAuthException: HTTP/1.0 401 Unauthorized
oauth_problem=signature_invalid&oauth_problem_advice=com.linkedin.security.auth.pub.LoginDeniedInvalidAuthTokenException%20while%20obtaining%20request%20token%20for%20%3APOST%26https%253A%252F%252Fapi.linkedin.com%252Fuas%252Foauth%252FrequestToken%26oauth_callback%253Doob%2526oauth_consumer_key%253DI9DvH3zT4c-sjmrQTmo_AeJOfi8v8n1ChYHYAV8A3siVLyu1qLZqPq_HiGecD0bp%2526oauth_nonce%253D2958724240022%2526oauth_signature_method%253DHMAC-SHA1%2526oauth_timestamp%253D1308562221%2526oauth_version%253D1.0%0AOAU%3AI9DvH3zT4c-sjmrQTmo_AeJOfi8v8n1ChYHYAV8A3siVLyu1qLZqPq_HiGecD0bp%7C%2A01%7C%2A01%7C%2A01%3A1308562221%3AkPisU0TwUgiNIYpigUrKITMwo7c%3D
    at net.oauth.consumer.OAuth1Consumer.requestUnauthorizedToken(OAuth1Consumer.java:133)
    at com.neurologic.example.LinkedInExample.requestUnauthorizedRequestToken(LinkedInExample.java:39)
    at com.neurologic.example.LinkedInExample.main(LinkedInExample.java:57)

The example source code to connect to LinkedIn:

/**
 * 
 */
package com.neurologic.example;

import net.oauth.consumer.OAuth1Consumer;
import net.oauth.exception.OAuthException;
import net.oauth.provider.OAuth1ServiceProvider;
import net.oauth.signature.impl.OAuthHmacSha1Signature;
import net.oauth.token.v1.AccessToken;
import net.oauth.token.v1.AuthorizedToken;
import net.oauth.token.v1.RequestToken;

/**
 * @author Buhake Sindi
 * @since 14 June 2011
 *
 */
public class LinkedInExample {

    private static final String LINKEDIN_API_URL = "https://api.linkedin.com";
    private static final String API_KEY = "ENTER-API-KEY-HERE";
    private static final String API_SECRET  = "ENTER-API-SECRET-HERE";
    private static final String CALLBACK_URL = "oob";
    private OAuth1Consumer consumer;


    /**
     * 
     */
    public LinkedInExample() {
        super();
        // TODO Auto-generated constructor stub
        consumer = new OAuth1Consumer(API_KEY, API_SECRET, new OAuth1ServiceProvider(LINKEDIN_API_URL + "/uas/oauth/requestToken", LINKEDIN_API_URL + "/uas/oauth/authorize", LINKEDIN_API_URL + "/uas/oauth/accessToken"));
    }

    public RequestToken requestUnauthorizedRequestToken() throws OAuthException {
        return consumer.requestUnauthorizedToken(LINKEDIN_API_URL, CALLBACK_URL, null, new OAuthHmacSha1Signature());
    }

    public String getAuthorizationUrl(RequestToken token) throws OAuthException {
        return consumer.createOAuthUserAuthorizationUrl(token, null);
    }

    public AccessToken requestAccessToken(AuthorizedToken authorizedToken, RequestToken requestToken) throws OAuthException {
        return consumer.requestAccessToken(LINKEDIN_API_URL, requestToken, authorizedToken, new OAuthHmacSha1Signature());
    }

    /**
     * @param args
     */
    public static void main(String[] args) {
        // TODO Auto-generated method stub
        try {
            LinkedInExample example = new LinkedInExample();
            RequestToken rt = example.requestUnauthorizedRequestToken();

            //Now that we have request token, let's authorize it....
            String url = example.getAuthorizationUrl(rt);

            //Copy the URL to your browser and make sure that OAuth 1 Servlet is running....
        } catch (OAuthException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }

}

My library: JOAuth (version 1.2.1). What have I done wrong to return a com.linkedin.security.auth.pub.LoginDeniedInvalidAuthTokenException advice from LinkedIn?

Thanks

PS: OAuth 1 works perfectly with Twitter (tested), hence I don't understand what's going on. Also, LinkedIn uses OAuth 1.0 Revision A, which JOAuth conforms (as well as RFC5849).

Was it helpful?

Solution 3

I've figured it out. The problem was with normalizing the Base String URI. The path of the URI must not be in lowercase (in which mine did). I've fixed the issue. The issue was in method found in net.oauth.util.OAuth1Util.normalizeUrl() method.

OTHER TIPS

It seems like the JOAuth library isn't properly calculating the signature. I would need to see the full request and response to be able to debug further. What is your application name?

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top