api.linkedin.com/uas/oauth/requestToken returns 404 for GET?

28 posts / 0 new
Last post
Joined: 2012-07-24
Jul 24, 2012
api.linkedin.com/uas/oauth/requestToken returns 404 for GET?

I used LI for authenticating users in my app. The authentication would work fine until yesterday, but today it's broken.

Poking around I found that the plugin I use tries to:

{'http_method': 'GET',
'http_url': 'https://api.linkedin.com/uas/oauth/requestToken',
'parameters': {'oauth_callback': 'http://www.myserver.com/accounts/linkedin_login/done/',
'oauth_consumer_key': 'XXXXXXXXXXX',
'oauth_nonce': 'YYYYYYYYYYY',
'oauth_signature': 'ZZZZZZZZZZZZZZ',
'oauth_signature_method': 'HMAC-SHA1',
'oauth_timestamp': 1343152154,
'oauth_version': '1.0'}}

but https://api.linkedin.com returns 404 for GET. It seems to be working only for POST.

Was this always the case?

Joel Semar's picture
Joined: 2010-10-04
Jul 24, 2012

Just wanted to confirm that I am seeing this behavior as well. I have occasionally gotten the 404 in the past (Which I would add, returns HTML, which is in my opinion a cardinal sin of API development. seriously..html???). However it is usually intermittent.

Today is constant 404s (with the HTML)

EDIT: I'm actually using POST (as stated in the docs) and am seeing this issue

Joined: 2012-07-24
Jul 24, 2012

Confirmed, POST also returns:

"<HEAD><TITLE>Not Found</TITLE></HEAD>\\n<BODY BGCOLOR="white" FGCOLOR="black">\\n<FONT FACE="Helvetica,Arial"><B>\\n Your requested URL was not found.</B></FONT>\\n\\n<!-- default "Not Found" response (404) -->\\n</BODY>"

This is sad.

Kamyar Mohager's picture
LinkedIn Employee
Joined: 2012-04-04
Jul 24, 2012

Looking into this now

Kamyar Mohager's picture
LinkedIn Employee
Joined: 2012-04-04
Jul 24, 2012

Joel,

Would it be possible to provide a network trace when attempting your call to api.linkedin.com?

Joel Semar's picture
Joined: 2010-10-04
Jul 24, 2012

Do you mean the raw HTTP request?

Kamyar Mohager's picture
LinkedIn Employee
Joined: 2012-04-04
Jul 24, 2012

If you have access to a web debugging proxy tool like Fiddler or Wireshark, if I can see the network trace when you make the request token call, it'll give me more insight into what's going on.

Thanks,
Kamyar

Joel Semar's picture
Joined: 2010-10-04
Jul 24, 2012

Kamyar,

Unfortunately I was unable to produce a network dump with ngrep because of the traffic being in SSL. So I decided to just reconstruct the http request being made (version, method, url, headers, body, etc)

the oauth library I am using uses python's httplib, and I was unable to find what headers it decided to send.

However the URL it sends is HTTP 1.1 POST https://api.linkedin.com/uas/oauth/requestToken?oauth_nonce=10623282&oauth_timestamp=1343174937&oauth_consumer_key=xxxxxxx&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=xxxxxxoauth_callback=http%3A%2F%2F127.0.0.1%3A8000%2Fapi%2Fv1%2Fsocial%2Fcallback%2Flinkedin%2F

(there is no post body)

Interestingly, I switched the library used to make HTTP requests to 'requests' (http://docs.python-requests.org/en/latest/index.html)
, and it suddenly worked.

Still do not know what headers are being sent, but I found this interesting. (unfortunately using requests my callback recieves 'Signature Invalid', but at least i dont get the 404.

Not sure if any of this helps, but there you go, I am going to replace the oauth lib i use and see what i can get.

EDIT: Would just like to add i've been using this oauth.py for about a year and half with no issues. I'd also note that the url passed in to each httplib and requests is exaclty the same

Kamyar Mohager's picture
LinkedIn Employee
Joined: 2012-04-04
Jul 24, 2012

Hi Joel, yes we confirmed it was an issue on our end. We fixed the issue around 5:30 PM PST. Can you confirm that you're no longer receiving the 404s?

Thanks,
Kamyar

Joel Semar's picture
Joined: 2010-10-04
Jul 24, 2012

am now receiving: http://dpaste.org/gfArn/

Joined: 2012-07-24
Jul 25, 2012

My app which uses GET seems to be working now. Thanks Kamyar.

Luke Gotszling's picture
Joined: 2010-06-30
Jul 25, 2012

We are still experiencing this exact same issue. Please contact me if you need more information.

Kamyar Mohager's picture
LinkedIn Employee
Joined: 2012-04-04
Jul 25, 2012

Hey Luke,

Can you provide more info on the exact request being made along with the response so I can dig deeper?

Thanks,
Kamyar

Luke Gotszling's picture
Joined: 2010-06-30
Jul 25, 2012

Request token:
URL: https://api.linkedin.com/uas/oauth/requestToken
Headers: {'Authorization': 'OAuth realm="", oauth_nonce="XXXXXX", oauth_timestamp="1343239554", oauth_consumer_key="ZZZZZZZ", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_signature="WWWWWWWW"'}
Response: oauth_token=PPPPPPPPP&oauth_token_secret=VVVVVVVV&oauth_callback_confirmed=true&xoauth_request_auth_url=https%3A%2F%2Fapi.linkedin.com%2Fuas%2Foauth%2Fauthorize&oauth_expires_in=599

Access token:
URL: https://api.linkedin.com/uas/oauth/accessToken?oauth_nonce=YYYYYY&oauth_timestamp=1343239557&oauth_signature_method=HMAC-SHA1&oauth_consumer_key=ZZZZZZ&oauth_verifier=RRRRRRR&oauth_version=1.0&oauth_token=PPPPPPP&oauth_signature=QQQQQQ

Response: <HEAD><TITLE>request#no_content_length</TITLE></HEAD>
<BODY BGCOLOR="white" FGCOLOR="black">
<FONT FACE="Helvetica,Arial"><B>
Unable to process requested URL.
</B></FONT>

<!-- default "request#no_content_length" response (400) -->
</BODY>

Luke Gotszling's picture
Joined: 2010-06-30
Jul 25, 2012

For the nature of what's being performed: you can test out the functionality yourself by creating an about.me page (if you don't already have one) and adding LinkedIn to it.

Laura Gluhanich's picture
Joined: 2011-12-13
Jul 26, 2012

Any update on this? Thanks!

Kamyar Mohager's picture
LinkedIn Employee
Joined: 2012-04-04
Jul 26, 2012

Luke, which library is your team using to authenticate? I'm not able to reproduce this on my home machine or here at work.

Joel Semar's picture
Joined: 2010-10-04
Jul 26, 2012

Just as an update this error went away completely for me by replacing httplib with requests. (python)

Thats all i did. I would love to know what the difference is but don't really have time to investigate.

Luke Gotszling's picture
Joined: 2010-06-30
Jul 26, 2012

Switching to the 'requests' library also solved this problem for us. I don't understand how the existing code worked for years and now all of a sudden started failing for us and a bunch of other companies in exactly the same way. This strongly suggests that something was changed in the LinkedIn back-end implementation of these endpoints around July 23rd at 4pm Pacific that caused breakage for some http libraries in use.

Kamyar Mohager's picture
LinkedIn Employee
Joined: 2012-04-04
Jul 26, 2012

This is strange indeed. I'm going to do some investigation on our end and will let you know what my results are.

Kamyar Mohager's picture
LinkedIn Employee
Joined: 2012-04-04
Jul 26, 2012

I'm curious to know which version of httplib you're currently using. This issue seems to only affect those who used httplib as part of their implementation, that's why it's a small subset of our devs.

Obviously we don't want to break any application. Our internal changes somehow exposed an issue with this particular library.

Joel Semar's picture
Joined: 2010-10-04
Jul 26, 2012

We were using whatever ships with python 2.7.3

Luke Gotszling's picture
Joined: 2010-06-30
Jul 26, 2012

For us it's broken with both the version that ships with 2.6.1 and 2.7.1 .

Tilal Husain's picture
Joined: 2012-03-16
Aug 5, 2012

I am using PHP OAuth library and I am also seeing the constant 404 error, previously it was working just fine.

Thanks

Varun Tuli's picture
Joined: 2012-05-25
Sep 3, 2012

Hi,

https://api.linkedin.com/uas/oauth/accessToken keeps on giving Page not found error. Can anyone please help.

Thanks,
Varun

Adam Trachtenberg's picture
LinkedIn Employee
Joined: 2011-06-30
Sep 4, 2012

Are you POSTing to it? Or GETing it?

-adam

PS: I am going to delete you other messages point at this one. Spamming the forums is a very bad way to get your issue answered quickly.

Varun Tuli's picture
Joined: 2012-05-25
Sep 5, 2012

Hi Adam,

First of all "thanks a lot" for replying. I have been going mad, as there have been no responses to my posts which probably got me into do the spam in desperation. I feel sorry about that, but was very irritated. Please feel free to delete the other messages and lets stick to this one here onwards.

Then about the issue, when we try to access https://api.linkedin.com/uas/oauth/requestToken it is giving a 400 Bad Request error constantly, the matter is, it used to work at times and then does not responds mostly. I read in one of the posts that the timestamp could be the issue, but was not getting "timestamp invalid" error (when I POST with complete signature), below is the request which worked yesterday for a few minutes.

https://api.linkedin.com/uas/oauth/requestToken?oauth_consumer_key=wawp3vf5eeav&oauth_nonce=A1952A61F03BB1A9297758422207B6FB&oauth_signature_method=HMAC-SHA1&oauth_signature=dZtWTRSOymB2AMR9s8VNww5yso4%3D&oauth_timestamp=1346767631&oauth_version=1.0

I followed a thread yesterday https://developer.linkedin.com/thread/1202 and executed the PHP code to find that the server time difference was 348 seconds, between my server and LinkedIn servers.

Can you please help, looks I am lost.

Many Thanks Again.

- Varun

Adam Trachtenberg's picture
LinkedIn Employee
Joined: 2011-06-30
Sep 5, 2012

To confirm I understand, you make a request. It works. You try to make that same request repeatedly over time. It fails?

I think you know this, but I want to confirm that you're resigning each request with a new timestamp, nonce, signature, etc.

Giving me a successful request doesn't help... I'd need to see a failed request and the reply we give.