LinkedIn OAuth: "signature_invalid" response when requesting a POST HTTP request (for request token)
When I request from LinkedIn a request token to https://api.linkedin.com/uas/oauth/requestToken
, I get the following error:
oauth_problem=signature_invalid&oauth_problem_advice=com.linkedin.security.auth.pub.LoginDeniedInvalidAuthTokenException%20while%20obtaining%20request%20token%20for%20%3APOST%26https%253A%252F%252Fapi.linkedin.com%252Fuas%252Foauth%252FrequestToken%26oauth_callback%253Doob%2526oauth_consumer_key%253DI9DvH3zT4c-sjmrQTmo_AeJOfi8v8n1ChYHYAV8A3siVLyu1qLZqPq_HiGecD0bp%2526oauth_nonce%253D2958724240022%2526oauth_signature_method%253DHMAC-SHA1%2526oauth_timestamp%253D1308562221%2526oauth_version%253D1.0%0AOAU%3AI9DvH3zT4c-sjmrQTmo_AeJOfi8v8n1ChYHYAV8A3siVLyu1qLZqPq_HiGecD0bp%7C%2A01%7C%2A01%7C%2A01%3A1308562221%3AkPisU0TwUgiNIYpigUrKITMwo7c%3D
This is a HTTP 401 Unauthorized response.
The Exception:
net.oauth.exception.OAuthException: HTTP/1.0 401 Unauthorized
oauth_problem=signature_invalid&oauth_problem_advice=com.linkedin.security.auth.pub.LoginDeniedInvalidAuthTokenException%20while%20obtaining%20request%20token%20for%20%3APOST%26https%253A%252F%252Fapi.linkedin.com%252Fuas%252Foauth%252FrequestToken%26oauth_callback%253Doob%2526oauth_consumer_key%253DI9DvH3zT4c-sjmrQTmo_AeJOfi8v8n1ChYHYAV8A3siVLyu1qLZqPq_HiGecD0bp%2526oauth_nonce%253D2958724240022%2526oauth_signature_method%253DHMAC-SHA1%2526oauth_timestamp%253D1308562221%2526oauth_version%253D1.0%0AOAU%3AI9DvH3zT4c-sjmrQTmo_AeJOfi8v8n1ChYHYAV8A3siVLyu1qLZqPq_HiGecD0bp%7C%2A01%7C%2A01%7C%2A01%3A1308562221%3AkPisU0TwUgiNIYpigUrKITMwo7c%3D
at net.oauth.consumer.OAuth1Consumer.requestUnauthorizedToken(OAuth1Consumer.java:133)
at com.neurologic.example.LinkedInExample.requestUnauthorizedRequestToken(LinkedInExample.java:39)
at com.neurologic.example.LinkedInExample.main(LinkedInExample.java:57)
The example source code to connect to LinkedIn:
/**
*
*/
package com.neurologic.example;
import net.oauth.consumer.OAuth1Consumer;
import net.oauth.exception.OAuthException;
import net.oauth.provider.OAuth1ServiceProvider;
import net.oauth.signature.impl.OAuthHmacSha1Signature;
import net.oauth.token.v1.AccessToken;
import net.oauth.token.v1.AuthorizedToken;
import net.oauth.token.v1.RequestToken;
/**
* @author Buhake Sindi
* @since 14 June 2011
*
*/
public class LinkedInExample {
private static final String LINKEDIN_API_URL = "https://api.linkedin.com";
private static final String API_KEY = "ENTER-API-KEY-HERE";
private static final String API_SECRET = "ENTER-API-SECRET-HERE";
private static final String CALLBACK_URL = "oob";
private OAuth1Consumer consumer;
/**
*
*/
public LinkedInExample() {
super();
// TODO Auto-generated constructor stub
consumer = new OAuth1Consumer(API_KEY, API_SECRET, new OAuth1ServiceProvider(LINKEDIN_API_URL + "/uas/oauth/requestToken", LINKEDIN_API_URL + "/uas/oauth/authorize", LINKEDIN_API_URL + "/uas/oauth/accessToken"));
}
public RequestToken requestUnauthorizedRequestToken() throws OAuthException {
return consumer.requestUnauthorizedToken(LINKEDIN_API_URL, CALLBACK_URL, null, new OAuthHmacSha1Signature());
}
public String getAuthorizationUrl(RequestToken token) throws OAuthException {
return consumer.createOAuthUserAuthorizationUrl(token, null);
}
public AccessToken requestAccessToken(AuthorizedToken authorizedToken, RequestToken requestToken) throws OAuthException {
return consumer.requestAccessToken(LINKEDIN_API_URL, requestToken, authorizedToken, new OAuthHmacSha1Signature());
}
/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
try {
LinkedInExample example = new LinkedInExample();
RequestToken rt = example.requestUnauthorizedRequestToken();
//Now th开发者_开发百科at we have request token, let's authorize it....
String url = example.getAuthorizationUrl(rt);
//Copy the URL to your browser and make sure that OAuth 1 Servlet is running....
} catch (OAuthException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
My library: JOAuth (version 1.2.1). What have I done wrong to return a com.linkedin.security.auth.pub.LoginDeniedInvalidAuthTokenException
advice from LinkedIn?
Thanks
PS: OAuth 1 works perfectly with Twitter (tested), hence I don't understand what's going on. Also, LinkedIn uses OAuth 1.0 Revision A, which JOAuth conforms (as well as RFC5849).
It seems like the JOAuth library isn't properly calculating the signature. I would need to see the full request and response to be able to debug further. What is your application name?
Please refer to my answer to Absolute minimum code to get a valid oauth_signature populated in Java or Groovy? Maybe it will help :)
I've figured it out. The problem was with normalizing the Base String URI. The path of the URI must not be in lowercase (in which mine did). I've fixed the issue. The issue was in method found in net.oauth.util.OAuth1Util.normalizeUrl()
method.
精彩评论