Changing scope causes an error.

[ggsjyoon]

Hello. I'm learning Node.js (Express 3) and trying to make a simple web app using LinkedIn REST API. I've been testing passport-linkedin-oauth2 module lately and found a potential bug. I'm not sure it's from the module or from LinkedIn side.

The problem is that changing scope causes an error. (The project is at https://github.com/ggsjyoon/Job_Search_App)

Initially I did authentication with everything, and it worked fine. var API_SCOPE = [ 'r_basicprofile', 'r_fullprofile', 'r_emailaddress', 'r_network', 'r_contactinfo', 'rw_nus', 'rw_groups', 'w_messages'];

Then, I tried authentication again with less scopes, and it stopped working. var API_SCOPE = [ 'r_basicprofile', 'r_fullprofile']; or var API_SCOPE = [ 'r_basicprofile']

The error message is... failed to fetch user profile (status: 401 data: { "errorCode": 0, "message": "Unable to verify access token", "requestId": "FJI5PKEE1H", "status": 401, "timestamp": 1392598443466 }) at D:\WebstormProjects\Job_Search_App\node_modules\passport-linkedin-oauth2\lib\oauth2.js:29:28 at passBackControl (D:\WebstormProjects\Job_Search_App\node_modules\passport-linkedin-oauth2\node_modules\passport-oauth\node_modules\oauth\lib\oauth2.js:109:9) at IncomingMessage. (D:\WebstormProjects\Job_Search_App\node_modules\passport-linkedin-oauth2\node_modules\passport-oauth\node_modules\oauth\lib\oauth2.js:128:7) at IncomingMessage.EventEmitter.emit (events.js:117:20) at _stream_readable.js:920:16 at process._tickCallback (node.js:415:13)

I also tried changing Default Scope section on the Application Detail page of LinkedIn, but it did not work either.

EDIT 1 :
When I'm logged into LinkedIn on my desktop, it works. For example, 1) log-in LinkedIn.com on a desktop 2) Run the Express project 3) go to localhost:3000/auth/linkedin 4) The Authorization dialog does not popup 5) Able to retrieve my profile in JSON.

However, if I run the app when I'm logged off from LinkedIn.com, it doesn't work. 1) log-off LinkedIn.com on a desktop 2) Run the Express project 3) go to localhost:3000/auth/linkedin 4) the Authorization dialog pops up and hit the Allow Access button. 5) Above error message appears.

I have a feeling that I'm doing something wrong. I'm not sure what it is.

EDIT 2 : I made a new LinkedIn account to test more. When I use the new LinkedIn account, it works in the two cases from EDIT 1.

[zoellner]

EDIT: I realized that I wasn't on the latest version. 1.1.1 works fine for me.

[ggsjyoon]

What was your original post?

[zoellner]

I had these two errors, depending on the scope: failed to fetch user profile (status: 400 data: { "errorCode": 0, "message": "Unknown field {last-modified-timstamp} in resource {Person}", "requestId": "PC16R84ZNN", "status": 400, "timestamp": 1392699078381 })

failed to fetch user profile (status: 400 data: { "errorCode": 0, "message": "Duplicate field {Person.last-modified-timestamp} in inline filter {(id,first-name,last-name,picture-url,formatted-name,maiden-name,phonetic-first-name,phonetic-last-name,formatted-phonetic-name,headline,location:(name,country:(code)),industry,distance,relation-to-viewer:(distance,connections),current-share,num-connections,num-connections-capped,summary,specialties,positions,site-standard-profile-request,api-standard-profile-request:(headers,url),public-profile-url,last-modified-timestamp,proposal-comments,associations,interests,publications,patents,languages,skills,certifications,educations,courses,volunteer,three-current-positions,three-past-positions,num-recommenders,recommendations-received,mfeed-rss-url,following,job-bookmarks,suggestions,date-of-birth,member-url-resources:(name,url),related-profile-views,honors-awards,email-address,last-modified-timestamp,proposal-comments,associations,interests,publications,patents,languages,skills,certifications,educations,courses,volunteer,three-current-positions,three-past-positions,num-recommenders,recommendations-received,mfeed-rss-url,following,job-bookmarks,suggestions,date-of-birth,member-url-resources:(name,url),related-profile-views,honors-awards)}", "requestId": "Y4240XYPNS", "status": 400, "timestamp": 1392699589082 })

[ggsjyoon]

From the LinkedIn Dev forum, an LinkedIn employee said

"I'm working on a 401 issue right now and want to make sure they're the same. In the other scenario, applications will take the user through the OAuth2 flow and obtain an access token and then immediately make an API call. That call will result in a 401 error. Subsequent API calls with that same token, however, are successful." (from https://developer.linkedin.com/forum/unable-verify-access-token)

In ./passport-linkedin-oauth2/lib/oauth2.js file, I think it makes an immediate api call to retrieve a user profile, and could this be the cause?

[zoellner]

I have discovered that some of the errors I was getting were due to a missing state parameter. I was copying code from another OAuth2 project I had done which didn't require a state.

[mikermcneil]

I have discovered that some of the errors I was getting were due to a missing state parameter. I was copying code from another OAuth2 project I had done which didn't require a state.

@zoellner thank you for posting that! Saved me a bunch of time-- same thing was going on for me. Would you mind editing your original issue title to indicate this solution? I imagine it'll help other folks out down the line :)

[siacomuzzi]

LinkedIn requires state parameter. It will return an error if not set. See https://github.com/auth0/passport-linkedin-oauth2#auto-handle-state-param