问题
I am fighting second day with LinkedIN API , each time I am trying to get a token , I am getting 400 Bad Request.
Here is my code , maybe someone can help with this ?
public void RequestAuthentication(System.Web.HttpContextBase context, System.Uri returnUrl)
{
string url = String.Format("https://www.linkedin.com/uas/oauth2/authorization?response_type=code" +
"&client_id={0}" +
"&scope={1}" +
"&state={3}" +
"&redirect_uri={2}",this._consumerKey,_scope,HttpUtility.UrlEncode(returnUrl.ToString()),Guid.NewGuid().ToString());
context.Response.Redirect(url);
}
public AuthenticationResult VerifyAuthentication(System.Web.HttpContextBase context)
{
//TODO: check CSRF
string code = context.Request.QueryString["code"];
string rawUrl = context.Request.Url.OriginalString;
//From this we need to remove code portion
rawUrl = Regex.Replace(rawUrl, "&code=[^&]*", "");
string authUrl = "https://www.linkedin.com/uas/oauth2/accessToken";
string postData = String.Format("grant_type=authorization_code&code={0}&redirect_uri={1}&client_id={2}&client_secret={3}", code,HttpUtility.UrlEncode(context.Request.QueryString["ReturnUrl"]), _consumerKey, _consumerSecret);
//WebClient client = new WebClient();
//var getReq = client.DownloadString(authUrl + "?" + postData);
HttpWebRequest webRequest = WebRequest.Create(authUrl + "?" + postData) as HttpWebRequest;
webRequest.Method = "POST";
//This "application/x-www-form-urlencoded"; line is important
webRequest.ContentType = "application/x-www-form-urlencoded";
webRequest.ContentLength = postData.Length;
StreamWriter requestWriter = new StreamWriter(webRequest.GetRequestStream());
requestWriter.Write(postData);
requestWriter.Close();
StreamReader responseReader = new StreamReader(webRequest.GetResponse().GetResponseStream());
}
Any thought ? Maybe someone solved similar in past ?
回答1:
You have to use the same redirect_uri in both
public void RequestAuthentication(System.Web.HttpContextBase context, System.Uri returnUrl)
And
public AuthenticationResult VerifyAuthentication(System.Web.HttpContextBase context)
function. But in your code redirect_uri of first function HttpUtility.UrlEncode(returnUrl.ToString()) and second function HttpUtility.UrlEncode(context.Request.QueryString["ReturnUrl"]) are not same (I think). So make sure you have fix this problem. You code may be worked.
回答2:
I just debugged this, here's some of the things I tried before it was successful. I'm not sure which one made it correct, so I'll put them all down just in case you need somewhere to start:
- HTTP protocol 1.1
- Add a
content-type: application/x-www-form-urlencodedheader - Do not refresh the response from the authorization code return page; the code in the URL parameter (
$_GET['code']in PHP) apparently can't be re-used (another answer says it expires every 20 seconds)- To put it another way, don't try to re-use or cache the authorization code, flow it directly into the access token request ASAP
- Do try to use another application (like SoapUI or Fiddlr) to hit the endpoint to show it is working, and to see some headers more clearly
- That being said, looking at the response headers (not just the response code) can be helpful
- Sending the data as POST content not as a URL parameter
Note that a 400 error indicates a malformed request (400 BAD request HTTP error code meaning?) not a missing resource (404) which can also be a gotcha if you're thinking too fast.
来源:https://stackoverflow.com/questions/17027589/linkedin-oauth2-request-token-400-bad-request