Issue with oAuth Signature (HMAC-SHA1) and LinkedIn REST API

[chiefy]

I am trying to hook this up to use with LinkedIn's REST API, and I am having some issues. I am getting a 401 - unauthorized for my requests to their API after succesfully going through the oAuth authentication. I was trying to figure out what was up and I found their oAuth tool thingee:

https://developer.linkedin.com/oauth-test-console

It lets you input your oAuth header information and it generates what it deems a "valid" HTTP Authentication Header. I compared the data that RSOAuth generates vs. this tool and noted that the oauth_signature param was the only difference. According to LinkedIn:

This page allows you to generate OAuth signatures using a known good OAuth library, OAuthSimple. This way you can quickly identify if a 401 authentication error received from the LinkedIn API server is due to a bad >signature or another issue. To reproduce your API call, input all of the data from your original request, including the authentication tokens. Don't forget to set the nonce and timestamp to the values you used. An OAuth signed URL should match regardless of the generating library. If the signatures differ, you know there is a bug in your OAuth signature code.

So basically LinkedIn is saying that your signature code is all wrong :)

I am not so sure.

Anyhow, thanks for your work on this. I was hoping that I could hook this up so I could use Twitter / LinkedIn and Facebook API calls all with the same library thus reducing app size.

Also I should note that this worked fine for me with Twitter.

[rsieiro]

Hello Christopher!

I'm currently traveling abroad and I don't have access to my computer. As soon as I come back I'll look into this issue and fix whichever bug is preventing the engine to work with Linkedin. Sorry for the delay.

[chiefy]

No worries, thanks again for looking into it!

[ericmulder]

I have ran into the same problem. Have you found a solution yet?

For what it is worth, this example (other library) does work with LinkedIn: http://www.whitneyland.com/2011/03/iphone-oauth.html

[ericmulder]

I have found the solution after a few hours of searching!

LinkedIn doesn't like it when your urlEncode the ~ sign. And that is what the - (NSString*) urlEncodedString method in NSString+MKNetworkKitAdditions.h does.

So for me the quick fix was to remove the ~ by changing: (line 55)

CFStringRef encodedCFString = CFURLCreateStringByAddingPercentEscapes(kCFAllocatorDefault, 
                                                                        (__bridge CFStringRef) self, 
                                                                        nil,
                                                                        CFSTR("?!@#$^&%*+,:;='\"`<>()[]{}/\\|~ "), 
                                                                        kCFStringEncodingUTF8);

to:

CFStringRef encodedCFString = CFURLCreateStringByAddingPercentEscapes(kCFAllocatorDefault, 
                                                                        (__bridge CFStringRef) self, 
                                                                        nil,
                                                                        CFSTR("?!@#$^&%*+,:;='\"`<>()[]{}/\\| "), 
                                                                        kCFStringEncodingUTF8);

[chiefy]

Thanks - I will have to plug that in and try it out to make sure it doesn't break Twitter oAuth (though I don't imagine it would)

[chiefy]

@ericmulder thanks for that tip - I implemented it in my code and RSOAuth now works with LinkedIn - though I had some other issues I had to deal with in MKNetworkKit to get the REST POSTing XML properly.

[rsieiro]

I fixed this in my fork of MKNetworkKit and updated RSOAuthEngine to point to the latest revision, so you shouldn't need manual fixes anymore. Thanks for finding (and fixing) the bug!

I also issued a pull request to MKNetworkKit with the fix.

[chiefy]

Thanks a lot for your work @rsieiro !