Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change request method strategy when validating access token #7

Merged
merged 1 commit into from
Sep 19, 2024

Conversation

danielbatallaq
Copy link
Contributor

(Resolves #6)

There is a known issue (since 10 years ago) with the LinkedIn API when getting an access token sending the params in the body of a POST request, that returns random REVOKED_ACCESS_TOKEN responses.

There is also an open issue in the omniauth-linkedin-oauth2 repository about the same error that has a lot more details.

The workaround is to provide the same params as query params for the POST request instead of body params. Thankfully, the oauth2 gem already has a setting for this, so the fix is quite easy.

I tested this on a production site and the random REVOKED_ACCESS_TOKEN errors seems to be fixed now.

There is a known issue with the LinkedIn API (and other oAuth2 APIs too)
when sending an access token provided in the body of a POST request
that returns random REVOKED_ACCESS_TOKEN responses.

The workaround is to provide the same access token via query params of a
POST request instead. Thankfully, the `oauth2` gem already as a setting for
that matter, and it's implemented in this commit.
@jclusso
Copy link
Owner

jclusso commented Sep 19, 2024

Thanks @batalla3692 for getting to the bottom of this!

@jclusso jclusso merged commit 14a37c4 into jclusso:master Sep 19, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Successful authentication results in REVOKED_ACCESS_TOKEN error
2 participants