I am using an OAUTH library published by Scott Desapio (http://scottdesapio.com/VBScriptOAuth/) originally for Twitter. I have successfully used it for creating a Twitter API. So, for LinkedIN, i simply changed the endpoints and my API & Consumer keys and expected that it would work. It works up until it tries to https://api.linkedin.com/uas/oauth/accessToken and then it gets the following response:oauth_problem=signature_invalid&oauth_problem_advice=com.linkedin.security.auth.pub.LoginDeniedInvalidAuthTokenException%20while%20obtaining%20request%20token%20for%20%3APOST%26https%253A%252F%252Fapi.linkedin.com%252Fuas%252Foauth%252FaccessToken%26oauth_consumer_key%253Dk_Xo7Wx75pgLlZSYovAWofJEDLs2s9r6csSzKGtlOWyQSaRybu9nq5JGS5jiCZ45%2526oauth_nonce%253D1359909368%2526oauth_signature_method%253DHMAC-SHA1%2526oauth_timestamp%253D1302296412%2526oauth_token%253Db2aee560-7102-4f30-8c62-13064ef91e52%2526oauth_verifier%253D68867%2526oauth_version%253D1.0%0AOAU%3Ak_Xo7Wx75pgLlZSYovAWofJEDLs2s9r6csSzKGtlOWyQSaRybu9nq5JGS5jiCZ45%7Cb2aee560-7102-4f30-8c62-13064ef91e52%7C%2A01%7C%2A01%3A1302296412%3AHNE%2F5p8072i%2FW9oXNkD%2FIqSllg4%3DAny idea why? What is different in the signing between Twitter and LinkedIn?Thanks,Nick
we are aware of the issue and are working to restore service as soon as possible sorry, our API is experiencing intermittent issues
we are aware of the issue and are working to restore service as soon as possible sorry, our API is experiencing a limited-scope problem
please see this thread for updates sorry, the developer portal is currently undergoing scheduled maintenance
service is expected to be restored around 09:00PM PST OAuth 2.0 Authorization issues?
As previously announced, LinkedIn is now enforcing redirect URLs rule for OAuth 2.0 applications: More information. If you have any questions, please post to this thread in our forums: Thread for questions OAuth 2.0 Extension
LinkedIn is extending a courtesy brief period for developers to update their OAuth 2.0 redirect URLs.
If you have any questions, please post to this thread in our forums: Thread for questions. OAuth 2.0 Redirection URL
Beginning Monday April 28, 2014, LinkedIn's APIs will begin enforcing OAuth 2.0 redirect URLs.
If you have any questions, please post to this thread in our forums: Thread for questions. On July 21st between 4pm and 7pm PST we will be performing platform maintenance. You may see limited performance issues during this time. We apologize for any inconveniences generated by any service interruptions. We will be performing site wide maintenance on October 10th between 8 pm and 11 pm PST. This maintenance applies to all LinkedIn sites and applications, including our APIs. You may experience limited availability of certain APIs during this time. We apologize for any inconvenience this may cause. Please don't hesitate to reach out on our forums if you continue to experience API availability issues after the maintenance window In light of the recent disclosure of the "Poodle" SSL vulnerability, LinkedIn is joining the large number of services that have actively removed support for SSLv3, effective immediately. If you are experiencing errors related to HTTPS-based communication with our APIs, please ensure you are using a client/library that supports TLS 1.0+ instead of SSLv3 to avoid disruption. Attention, developers! We have transitioned to StackOverflow for forum-based support. Learn more about this change.
I'm not familiar with exactly how the Twitter stream works, but you might check on whether the oauth_verifier is being included in the signature generation correctly.
It is being included in the signature generation, but "correctly" could be the question. Are there more than one correct ways to do it? If not, then it would not be reasonable to believe that the code works for Twitter but not LinkedIN. If there are more than one way to handle the oauth_verifier in a signature, please do tell what they are and which LinkedIN requires.
Having just gone through this exercise in C#, it occurs to me to point out that we require that the authentication to be sent in the headers for POST queries. It may be that Twitter accepts query string authentication parameters, but our API requires that the oauth parameters be sent in an Authentication header as discussed in this OAuth documentation. Note that this is a single header, "Authorization", which is a comma delimited string with the oauth information. If you examine your headers and this isn't there, that may be the issue.
I changed my request to add the request header "Authorization" with the following value but I am still getting the same error.OAuth realm="http://api.linkedin.com/", oauth_consumer_key="k_Xo7Wx75pgLlZSYovAWofJEDLs2s9r6csSzKGtlOWyQSaRybu9nq5JGS5jiCZ45", oauth_token="74a39090-c59b-4e50-bb83-f99b263cb485", oauth_signature_method="HMAC-SHA1", oauth_signature="P3cgkoQw8N52PiLsApkVI0cWDzA%3D", oauth_timestamp="1303308194", oauth_nonce="1335902310", oauth_version="1.0"Help!!!
After viewing this slide deck: http://www.slideshare.net/episod/linkedin-oauth-zero-to-hero, I may have identified the problem. After the Authorize call, I don't get an oauth_token_secret back to use in signing my next request, just the oauth_token and the oauth_verifier. Am I doing something wrong to not receive the secret. I looked at the URL called back, it only has those two values in the querystring. No secret.
Ok, I did confirm that the code I was using was not concatenating the oauth_token_secret from the initial tokenRequest with my consumer secret in order to creat the signature hash. I have corrected that. But the problem STILL remains.Now, with the signature correctly using both the consumer secret and oauth_token_secret, and with the values put in an "Authorization: ..." header on my POST request to accessToken, I still get the invalid signature response.I'm beginning to wonder how ANYONE gets this to work correctly. What should I look at next? I see enough posts like this in the forum to know that it is a common issue, and sadly, I haven't found any yet that have a solution.
Actually, people have gotten this to work correctly in almost every case. But you're the first person I've seen asking about the VB library, so this is new ground. If you can post the full request headers and content and full response headers and content (with the token/keys fuzzed for privacy) we can try to troubleshoot.I know this is frustrating, but it's definitely doable. Without more information, though, it's tough for us to help.
Nick,Developing with OAuth is similiar to using regular expressions. Both are extremely useful and both are extremely error prone. That's why you see so many problems on all platforms, not just LI. It works 100%, but the developer usability sucks.Because of this I would recommend one of the following:1) Find a VB sample that is fully working end to end, and only requires you to change the key. Otherwise it's too easy to get into this cycle of tweaking things that "should" be working and still don't. If you start with something working it's much easier to modify/add to it.2) Bite the bullet and read the entire OAuth spec. Setup your code to be able to see exactly what is sent and received for each HTTP message. Once you know what should be sent and received at every point, it's impossible not to find the problem.(2) is a real pain, but it's what I ended up doing because I couldn't find a turn key example. Also since so many sites use OAuth it's not a bad thing to invest a little time in.Definiitely option (1) if you can, but I'm just staying try not to stay stuck in the middle of 1 and 2 for too long.
I was having very similier problems. with invalid signature. Now I see the url your using and it has the query in the URL, I thought you were suppose to post the information?
I have the same problem. The problem was reproduced only when I recreated WebConsumer on each request to my site.
When I put instance of WebConsumer in Session or Application all problems are resolved
Nick, did you ever get this to work. I am attempting to do the very same thing with scotdesapio's library.
it's combination of consumer key and auth token secret. I just figured that out.
Use: consumerSecret + "&" + tokenSecret
that might be problem with callback url iam also getting the same error did got any remedy for your error please reply me firstname.lastname@example.org
most of cases social networking sites doesn't allow when localhost/ip is in callback url
For anyone using the Scott Desapio VBScript library and is finding the same issue I did which is that the requestToken works but the accessToken fails with a signature_invalid error, simply add the following lines of code to the following library files:
Dim strRequestToken : strRequestToken = objOAuth.Get_ResponseValue(OAUTH_TOKEN)
Dim strRequestTokenSecret : strRequestTokenSecret = objOAuth.Get_ResponseValue(OAUTH_TOKEN_SECRET) <---- New Line
Session(OAUTH_TOKEN_REQUEST) = strRequestToken
Session(OAUTH_TOKEN_SECRET) = strRequestTokenSecret <--- New Line
objOAuth.Parameters.Add "oauth_token", Session(OAUTH_TOKEN_REQUEST)
objOAuth.Parameters.Add "oauth_token_secret", Session(OAUTH_TOKEN_SECRET) <---- New Line
This did the trick straightaway for me. Good luck!