I am using an OAUTH library published by Scott Desapio (http://scottdesapio.com/VBScriptOAuth/) originally for Twitter. I have successfully used it for creating a Twitter API. So, for LinkedIN, i simply changed the endpoints and my API & Consumer keys and expected that it would work. It works up until it tries to https://api.linkedin.com/uas/oauth/accessToken and then it gets the following response:oauth_problem=signature_invalid&oauth_problem_advice=com.linkedin.security.auth.pub.LoginDeniedInvalidAuthTokenException%20while%20obtaining%20request%20token%20for%20%3APOST%26https%253A%252F%252Fapi.linkedin.com%252Fuas%252Foauth%252FaccessToken%26oauth_consumer_key%253Dk_Xo7Wx75pgLlZSYovAWofJEDLs2s9r6csSzKGtlOWyQSaRybu9nq5JGS5jiCZ45%2526oauth_nonce%253D1359909368%2526oauth_signature_method%253DHMAC-SHA1%2526oauth_timestamp%253D1302296412%2526oauth_token%253Db2aee560-7102-4f30-8c62-13064ef91e52%2526oauth_verifier%253D68867%2526oauth_version%253D1.0%0AOAU%3Ak_Xo7Wx75pgLlZSYovAWofJEDLs2s9r6csSzKGtlOWyQSaRybu9nq5JGS5jiCZ45%7Cb2aee560-7102-4f30-8c62-13064ef91e52%7C%2A01%7C%2A01%3A1302296412%3AHNE%2F5p8072i%2FW9oXNkD%2FIqSllg4%3DAny idea why? What is different in the signing between Twitter and LinkedIn?Thanks,Nick
I'm not familiar with exactly how the Twitter stream works, but you might check on whether the oauth_verifier is being included in the signature generation correctly.
It is being included in the signature generation, but "correctly" could be the question. Are there more than one correct ways to do it? If not, then it would not be reasonable to believe that the code works for Twitter but not LinkedIN. If there are more than one way to handle the oauth_verifier in a signature, please do tell what they are and which LinkedIN requires.
Having just gone through this exercise in C#, it occurs to me to point out that we require that the authentication to be sent in the headers for POST queries. It may be that Twitter accepts query string authentication parameters, but our API requires that the oauth parameters be sent in an Authentication header as discussed in this OAuth documentation. Note that this is a single header, "Authorization", which is a comma delimited string with the oauth information. If you examine your headers and this isn't there, that may be the issue.
I changed my request to add the request header "Authorization" with the following value but I am still getting the same error.OAuth realm="http://api.linkedin.com/", oauth_consumer_key="k_Xo7Wx75pgLlZSYovAWofJEDLs2s9r6csSzKGtlOWyQSaRybu9nq5JGS5jiCZ45", oauth_token="74a39090-c59b-4e50-bb83-f99b263cb485", oauth_signature_method="HMAC-SHA1", oauth_signature="P3cgkoQw8N52PiLsApkVI0cWDzA%3D", oauth_timestamp="1303308194", oauth_nonce="1335902310", oauth_version="1.0"Help!!!
After viewing this slide deck: http://www.slideshare.net/episod/linkedin-oauth-zero-to-hero, I may have identified the problem. After the Authorize call, I don't get an oauth_token_secret back to use in signing my next request, just the oauth_token and the oauth_verifier. Am I doing something wrong to not receive the secret. I looked at the URL called back, it only has those two values in the querystring. No secret.
Ok, I did confirm that the code I was using was not concatenating the oauth_token_secret from the initial tokenRequest with my consumer secret in order to creat the signature hash. I have corrected that. But the problem STILL remains.Now, with the signature correctly using both the consumer secret and oauth_token_secret, and with the values put in an "Authorization: ..." header on my POST request to accessToken, I still get the invalid signature response.I'm beginning to wonder how ANYONE gets this to work correctly. What should I look at next? I see enough posts like this in the forum to know that it is a common issue, and sadly, I haven't found any yet that have a solution.
Actually, people have gotten this to work correctly in almost every case. But you're the first person I've seen asking about the VB library, so this is new ground. If you can post the full request headers and content and full response headers and content (with the token/keys fuzzed for privacy) we can try to troubleshoot.I know this is frustrating, but it's definitely doable. Without more information, though, it's tough for us to help.
Nick,Developing with OAuth is similiar to using regular expressions. Both are extremely useful and both are extremely error prone. That's why you see so many problems on all platforms, not just LI. It works 100%, but the developer usability sucks.Because of this I would recommend one of the following:1) Find a VB sample that is fully working end to end, and only requires you to change the key. Otherwise it's too easy to get into this cycle of tweaking things that "should" be working and still don't. If you start with something working it's much easier to modify/add to it.2) Bite the bullet and read the entire OAuth spec. Setup your code to be able to see exactly what is sent and received for each HTTP message. Once you know what should be sent and received at every point, it's impossible not to find the problem.(2) is a real pain, but it's what I ended up doing because I couldn't find a turn key example. Also since so many sites use OAuth it's not a bad thing to invest a little time in.Definiitely option (1) if you can, but I'm just staying try not to stay stuck in the middle of 1 and 2 for too long.
I was having very similier problems. with invalid signature. Now I see the url your using and it has the query in the URL, I thought you were suppose to post the information?
I have the same problem. The problem was reproduced only when I recreated WebConsumer on each request to my site.
When I put instance of WebConsumer in Session or Application all problems are resolved
Nick, did you ever get this to work. I am attempting to do the very same thing with scotdesapio's library.
it's combination of consumer key and auth token secret. I just figured that out.
Use: consumerSecret + "&" + tokenSecret
that might be problem with callback url iam also getting the same error did got any remedy for your error please reply me firstname.lastname@example.org
most of cases social networking sites doesn't allow when localhost/ip is in callback url
For anyone using the Scott Desapio VBScript library and is finding the same issue I did which is that the requestToken works but the accessToken fails with a signature_invalid error, simply add the following lines of code to the following library files:
Dim strRequestToken : strRequestToken = objOAuth.Get_ResponseValue(OAUTH_TOKEN)
Dim strRequestTokenSecret : strRequestTokenSecret = objOAuth.Get_ResponseValue(OAUTH_TOKEN_SECRET) <---- New Line
Session(OAUTH_TOKEN_REQUEST) = strRequestToken
Session(OAUTH_TOKEN_SECRET) = strRequestTokenSecret <--- New Line
objOAuth.Parameters.Add "oauth_token", Session(OAUTH_TOKEN_REQUEST)
objOAuth.Parameters.Add "oauth_token_secret", Session(OAUTH_TOKEN_SECRET) <---- New Line
This did the trick straightaway for me. Good luck!