"Legacy App" working with OAuth but new app not working with OAuth

[ptwobrussell]

I am finding a peculiar thing when using this library that I think may reflect an important bug, and I'd like your thoughts on it.

When I follow the OAuth flow with the "API Key" and "API Secret" from an app I created a couple of years ago (what I will call app1) and plug them into the flow as what you describe in the README.md as "application key" and "application secret", everything works fine. An important detail here is that the length and form of my API Key/Secret values resemble the same ones you use in the README.md as well.

However, when I create a new app (what I will call app2), I see that I now have an "API Key" a "Secret Key" as well as an "OAuth User Token" and "OAuth User Secret". The length/form of these values do not resemble at all my API Key/Secret from app1 (nor do they resemble your values from the README.md.) Regardless of which combination of these values that I use, the OAuth flow always results in a 401 error.

I am curious if you might be testing this library with values from an app you created long ago as opposed to an app recently and, thus, experiencing the same troubles that I am? Intuition suggests that this is the case.

I would be very interested in hearing back from you on this if you could create a brand new app and test, and seeing an update to the README that clarifies the language a bit and includes updated sample app values that work as-is.

This is currently blocking me, and I'm not quite sure how to proceed without getting down into the guts of the linkedin.py file. Are you able to assist?

[ptwobrussell]

To make reproducing this even easier, I have verified that with your linkedin.server that can be used for easy testing as described in the README.md, the behavior is similar, but slightly different. With what I describe as a "legacy" set of key/secret credentials from an app created prior to LinkedIn implementing OAuth 2.0, the test server works fine, but with credentials from a new app, the test server produces a 400 (Bad Request) error. I think this may be part of what is being described in https://github.com/ozgur/python-linkedin/issues/2

At any rate, I feel pretty confident in saying that this library is fundamentally broken at this point unless you are using "legacy" credentials. Glad to provide more info, but I believe you will have no problems reproducing.

[ozgur]

Hi Matthew,

Thanks for the clarification of the problem. Yes, that's right, I hadn't tested the library with the new credentials and yes it seems there is a problem with the new applications (before OAuth 2.0). Today, I'll dig up the authentication related documents in the developer section of linkedin and hopefully find an answer.

[ptwobrussell]

@ozgur - Thank you so much. I really appreciate the help on this. I love your library and want to help in any way that I can. Just let me know what I can do.

One related question - is the intention that the library will work with only OAuth 2.0 or both OAuth 2.0 and OAuth 1.0a as well? One major advantage of development with OAuth 1.0a is that it allows developers or folks interested in accessing their own data to just plug in all 4 credentials and go without any further fuss as shown in http://developer.linkedin.com/documents/quick-start-guide#toggleview:id=python

It may be out of scope for this library, but I was curious as to your thoughts on this. i can open a separate issue and ask again there if you'd like. My thoughts are that it would be a very useful option to have available and we could probably make it happen pretty easily by recycling the code snippet with oauth2 I shared above.

Given that Twitter is still running 1.0a, LinkedIn has plans to indefinitely support 1.0a (http://developer.linkedin.com/blog/linkedin-platform-launches-oauth-20) and OAuth 2.0 is still a bit controversial (http://homakov.blogspot.de/2013/03/oauth1-oauth2-oauth.html) it could be worth considering.

[ptwobrussell]

@ozgur - I'm sure you saw this, but will stick it in here for others benefit just in case you are delayed in reviewing it. It doesn't fix this current issue that we are discussing but it provides new functionality that addresses my immediate problems, may be useful to others, and provides what I think would be an easy path forward in a very simple OAuth 1.0a flow if you wanted to also consider one of those: https://github.com/ozgur/python-linkedin/pull/12

[ptwobrussell]

@ozgur - is this the doc you were working from? https://developer.linkedin.com/documents/authentication

[ptwobrussell]

@ozgur - Thanks for merging the pull request. I think that will help some people out while this issue is still being worked out. Any progress or updates to share? I'd be willing to jump in and help, but I'd like to hear from you first. Let's get a plan to together to knock out this OAuth 2.0 bug and then release an update to PyPI. I will help, but I want to hear from you first. Thanks!

[ironstarpro]

@ptwobrussell I've been trying to get this library working and despite your patch I and still getting an invalid url error on LinkedIn. I also tried with the interactive Interpreter instructions and the url forwards back to the app but the app though a LinkedInHTTPError: 400 Client Error: Bad Request error.

[ptwobrussell]

@ironstarpro - So far as I can tell, the maintainer of this package is totally unresponsive at this point. Can you try using my fork and file an issue there if you still experience issues? I will help you work through them...

I may also have to fix this package to work for OAuth2 since I have little confidence that its maintainer will at this point, and I'll do that in my fork as well sometime in early July probably

On Jun 24, 2013, at 7:46 AM, ironstarpro notifications@github.com wrote:

@ptwobrussell I've been trying to get this library working and despite your patch I and still getting an invalid url error on LinkedIn. I also tried with the interactive Interpreter instructions and the url forwards back to the app but the app though a LinkedInHTTPError: 400 Client Error: Bad Request error.

— Reply to this email directly or view it on GitHub.

[olivermueller]

Hi there,

is the bug resolved? I still get a 400:

Traceback (most recent call last): File "C:\Python27\MyScripts\linkedin_001.py", line 12, in authentication.get_access_token() File "C:\Python27\lib\site-packages\linkedin\linkedin.py", line 123, in get_access_token raise LinkedInHTTPError(error.message) LinkedInHTTPError: 400 Client Error: Bad Request

Best regards, Oli

[ptwobrussell]

@olivermueller - Everything seems to work for me. I just double checked. The test case I am using is from this IPython Notebook (which has code that would be easy to extract and run in a console app if you wanted) -

http://nbviewer.ipython.org/urls/raw.github.com/ptwobrussell/Mining-the-Social-Web-2nd-Edition/master/ipynb/_Appendix%20B%20-%20OAuth%20Primer.ipynb

The source code repo with the source notebook is at https://github.com/ptwobrussell/Mining-the-Social-Web-2nd-Edition

I can understand your frustration with this python-linkedin library. It gave me some fits as well. I'll do anything I can to help you since I have just recently been working through the kinks myself, and you can feel free to file an issue on my forked version as well if you'd like.