问题描述
我正在使用LinkedIN API进行第二天的战斗,每次尝试获取令牌时,都会收到400错误请求.
I am fighting second day with LinkedIN API , each time I am trying to get a token , I am getting 400 Bad Request.
这是我的代码,也许有人可以帮助您?
Here is my code , maybe someone can help with this ?
public void RequestAuthentication(System.Web.HttpContextBase context, System.Uri returnUrl)
{
string url = String.Format("https://www.linkedin.com/uas/oauth2/authorization?response_type=code" +
"&client_id={0}" +
"&scope={1}" +
"&state={3}" +
"&redirect_uri={2}",this._consumerKey,_scope,HttpUtility.UrlEncode(returnUrl.ToString()),Guid.NewGuid().ToString());
context.Response.Redirect(url);
}
public AuthenticationResult VerifyAuthentication(System.Web.HttpContextBase context)
{
//TODO: check CSRF
string code = context.Request.QueryString["code"];
string rawUrl = context.Request.Url.OriginalString;
//From this we need to remove code portion
rawUrl = Regex.Replace(rawUrl, "&code=[^&]*", "");
string authUrl = "https://www.linkedin.com/uas/oauth2/accessToken";
string postData = String.Format("grant_type=authorization_code&code={0}&redirect_uri={1}&client_id={2}&client_secret={3}", code,HttpUtility.UrlEncode(context.Request.QueryString["ReturnUrl"]), _consumerKey, _consumerSecret);
//WebClient client = new WebClient();
//var getReq = client.DownloadString(authUrl + "?" + postData);
HttpWebRequest webRequest = WebRequest.Create(authUrl + "?" + postData) as HttpWebRequest;
webRequest.Method = "POST";
//This "application/x-www-form-urlencoded"; line is important
webRequest.ContentType = "application/x-www-form-urlencoded";
webRequest.ContentLength = postData.Length;
StreamWriter requestWriter = new StreamWriter(webRequest.GetRequestStream());
requestWriter.Write(postData);
requestWriter.Close();
StreamReader responseReader = new StreamReader(webRequest.GetResponse().GetResponseStream());
}
有什么想法吗?也许有人过去解决过类似的问题?
Any thought ? Maybe someone solved similar in past ?
推荐答案
我刚刚调试了一下,这是我在成功之前尝试过的一些方法.我不确定哪一个是正确的,所以我将它们全部放下,以防万一您需要从某个地方开始:
I just debugged this, here's some of the things I tried before it was successful. I'm not sure which one made it correct, so I'll put them all down just in case you need somewhere to start:
- HTTP协议1.1
- 添加
content-type: application/x-www-form-urlencoded标头 - 请勿刷新授权码返回页面上的响应; URL参数(PHP中的
$_GET['code'])中的代码显然无法重复使用(说,它每20秒过期一次)- 换一种说法,不要尝试重复使用或缓存授权码,而应将其直接流到访问令牌请求中
- HTTP protocol 1.1
- Add a
content-type: application/x-www-form-urlencodedheader - Do not refresh the response from the authorization code return page; the code in the URL parameter (
$_GET['code']in PHP) apparently can't be re-used (another answer says it expires every 20 seconds)- To put it another way, don't try to re-use or cache the authorization code, flow it directly into the access token request ASAP
- 话虽如此,查看响应标头(不仅仅是响应代码)会很有帮助
请注意,
400错误表示格式错误的请求(400错误的请求HTTP错误代码的含义?)不是缺少的资源(404),如果您考虑得太快,这也可能是一个陷阱.Note that a
400error indicates a malformed request (400 BAD request HTTP error code meaning?) not a missing resource (404) which can also be a gotcha if you're thinking too fast.这篇关于LInkedIn oAuth2请求令牌400错误请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!