OAuth is complicated, and there are a number of things that go wrong.
Here are some tips.
Every error response we send you will contain an XML body describing the error, including a
timestamp representing API server time. Some OAuth-based requests will also return an
oauth_problem HTTP header.
Make sure that your server’s system clock is in sync with ours.
oauth_callback should only be provided on the requestToken step.
oauth_veriﬁer is required in the accessToken step.
PUT & POST operations typically have XML Content-Types. Your OAuth library should
exclude the request body in signature calculations as a result.
For the access token step, remember that the request token’s oauth_token_secret must be
used as part of your signing key.
Likewise, for API resource requests, your access token’s oauth_token_secret must be used as
part of your signing key.
At this time, LinkedIn only supports HTTP header-based OAuth. Make sure that you are
passing your OAuth credentials as an Authorization HTTP header, not as query parameters
attached to the request.