Login/Register
Incomplete Linkedin OAuth 2.0 access token response
Asked Answered
Solved oauthoauth-2.0linkedin-api
C

2

2

My question is about OAuth2 access token response from Linkedin api. When I'm trying to get this token I recieve the following response:

{"access_token":"...","expires_in":...}

But the thing is that according to OAuth2 documentation (in 5.1 paragraph) there should be at least one more required parameter - "token_type". So the question is: could it be somehow customized so the linkedin API will return this parameter with access token response or it is just a departure from the rule and this parameter won't be returned?

Thanks in advance.

Chere answered 2/2, 2018 at 16:25 Comment(0)
C
0

I hoped to get answer from Linkedin member since they stated on their site that stackoverflow is a proper place for asking such questions. But since there is no answer from them and I didn't find any relevant information regarding this question I believe that it is just the way they implemented OAuth 2.0 protocol.

Chere answered 6/7, 2018 at 10:17 Comment(0)
A
2

I have run into the same issue. According to LinkedIn Docs:

A successful Access Token request will return a JSON object containing the following fields:

  • access_token — The access token for the user. This value must be kept secure, as per your agreement to the API Terms of Use.
  • expires_in — The number of seconds remaining, from the time it was requested, before the token will expire. Currently, all access tokens are issued with a 60 day lifespan.

they respond with

{"access_token":"...","expires_in":...}

which violates the standard.

Currently I am using Spring Security 5.0.3 and to fix the issue, I had to monkeypatch one class:

com.nimbusds.oauth2.sdk.token.BearerAccessToken

I will not post the whole class, only a significant part:

public static BearerAccessToken parse(final JSONObject jsonObject)
        throws ParseException {

        // Parse and verify type
        AccessTokenType tokenType;
        try {
            tokenType = new AccessTokenType(JSONObjectUtils.getString(jsonObject, "token_type"));
        } catch (ParseException ex) {
            tokenType = AccessTokenType.BEARER;
        }

        if (!tokenType.equals(AccessTokenType.BEARER))
            throw new ParseException("Token type must be \"Bearer\"");
        //...
}
Arnulfoarny answered 14/3, 2018 at 10:6 Comment(0)
C
0

I hoped to get answer from Linkedin member since they stated on their site that stackoverflow is a proper place for asking such questions. But since there is no answer from them and I didn't find any relevant information regarding this question I believe that it is just the way they implemented OAuth 2.0 protocol.

Chere answered 6/7, 2018 at 10:17 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.