Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

OAuth is complicated, and there LinkedIn OAuth: Zero To Hero


Published on

OAuth is complicated, and there are a number of things that go wrong.
Here are some tips.
Every error response we send you will contain an XML body describing the error, including a
timestamp representing API server time. Some OAuth-based requests will also return an
oauth_problem HTTP header.

Make sure that your server’s system clock is in sync with ours.

oauth_callback should only be provided on the requestToken step.

oauth_verifier is required in the accessToken step.

PUT & POST operations typically have XML Content-Types. Your OAuth library should
exclude the request body in signature calculations as a result.

For the access token step, remember that the request token’s oauth_token_secret must be
used as part of your signing key.

Likewise, for API resource requests, your access token’s oauth_token_secret must be used as
part of your signing key.

At this time, LinkedIn only supports HTTP header-based OAuth. Make sure that you are
passing your OAuth credentials as an Authorization HTTP header, not as query parameters
attached to the request.

Published in: Technology, Business