I've successfully made my way through the LinkedIn OAuth process (using the REST API - OAuth 1.0a). However I'm having trouble with my first API call after the callback. I set the UserToken, UserTokenSecret and UserVerfier in the library I am writing, and this call this function to get my profile information:

public function getUserProfile()
{
    $consumer = new OAuthConsumer($this->consumer_key, $this->consumer_secret, NULL);
    $auth_token = new OAuthConsumer($this->getUserToken(), $this->getUserTokenSecret());
    $access_token_req = new OAuthRequest("GET", $this->access_token_endpoint);
    $params['oauth_verifier'] = $this->getUserVerifier();
    $access_token_req = $access_token_req->from_consumer_and_token($this->consumer,
            $auth_token, "GET", $this->access_token_endpoint, $params);

    $access_token_req->sign_request(new OAuthSignatureMethod_HMAC_SHA1(),$consumer,
            $auth_token);

    $after_access_request = $this->doHttpRequest($access_token_req->to_url());
    $access_tokens = array();
    parse_str($after_access_request,$access_tokens);

    # line 234 below
    $access_token = new OAuthConsumer($access_tokens['oauth_token'], $access_tokens['oauth_token_secret']);


    // prepare for get profile call
    $profile_req = $access_token_req->from_consumer_and_token($consumer,
            $access_token, "GET", $this->api_url.'/v1/people/~');

    $profile_req->sign_request(new OAuthSignatureMethod_HMAC_SHA1(),$consumer,$access_token);

    $after_request = $this->doHttpRequest($profile_req->to_url());


    var_dump($after_request);
}

The function var_dumps a string, which is the basic synopsis of my profile:

string(402) " User Name etc. etc. http://www.linkedin.com/profile?viewProfile=&key=28141694&authToken=HWBC&authType=name&trk=api*a137731*s146100* "

That's good. However, the minute I refresh the page, the same function call fails with:

Undefined index: oauth_token, line number: 234 

(this line marked with comment in above code block).

Then, of course, the var_dump reports this error from LinkedIn:

string(290) " 401 1310652477038 R8MHA2787T 0 [unauthorized]. The token used in the OAuth request is not valid. "

something to note:

• the user token, secret, and verifier are persisted during the initial authorization callback (right before this function is called). So, they are the same during the first call (when it works, right after coming back from linkedin) and during a page reload (when it fails on line 234).

Also, I must admit I'm not 100% sure I understand everything that's going on in this function. I actually took examples from this tutorial (about a different service, not linkedin) http://apiwiki.justin.tv/mediawiki/index.php/OAuth_PHP_Tutorial and combined it with the information I gathered from the LinkedIn API documentation, spread thr开发者_StackOverflow社区oughout their developer site. Most notable was the addition of the 'verifier' which the tutorial did not use.

Any insight into this problem would be greatly appreciated. Thanks in advance. -Nick

UPDATE

The only way I've been able to get this going is to do a new OAuth handshake every single time. Is this the way it's supposed to happen? I was under the impression that once I got my user token/secret and verifier, that I could then use these for continuous API calls until the token expired or was revoked.

As it is now, every time the page reloads I'm requesting a new user token, secret and verifier, then immediately calling to get the user profile (which succeeds). Next reload, I get a whole new key/secret and verifier. Seems like quite a lot of work for each call, and as I understood it, you should be able to perform offline operations with this method - and if I need new authorization each time, then I guess I can't do that?

Well. I've finally figured out what was going on so thought I'd post the answer here, just in case someone else runs into this.

The example that I was using as a guide was flawed. After the access token is retrieved, you should then create a new OAuthRequest object, instead of using the existing $access_token_req instance.

So this:

// prepare for get profile call
$profile_req = $access_token_req->from_consumer_and_token($consumer,
        $access_token, "GET", $this->api_url.'/v1/people/~');

$profile_req->sign_request(new OAuthSignatureMethod_HMAC_SHA1(),$consumer,$access_token);

$after_request = $this->doHttpRequest($profile_req->to_url());

Should be changed to this:

$api_req = new OAuthRequest("GET", $this->api_url.$api_call);

// prepare for get profile call
$api_req = $api_req->from_consumer_and_token($consumer,
        $access_token, "GET", $this->api_url.'/v1/people/~');

$api_req->sign_request(new OAuthSignatureMethod_HMAC_SHA1(),$consumer,$access_token);

$after_request = $this->doHttpRequest($api_req->to_url());