Android LinkedIn SDK produces unusable access tokens

What I am trying to accomplish:

  • Authenticate w/ LinkedIn via their Android SDK
  • Fetch User's profile to obtain their userId
  • Create new user against our internal service

So far I have been able to authenticate with LinkedIn, retrieve an access token, and use that against LinkedIn's service to obtain their user id.

The flow looks a bit like this

LISessionManager.getInstance(activity).init(this.activity.get(), permissionScope,
            authLinkedInCallback, showDialogIfAppMissing);

upon returning into my application I catch the Intent data using the code below

LISessionManager.getInstance(activity).onActivityResult(activity, requestCode, resultCode, data);

this part seems to be functional and yields an onAuthSuccess from the AuthListener setup in the LISessionManager initialization.

post success I am able to use the provided access token with the provided APIHelper to get the user's basic profile

String built = "https://api.linkedin.com/v1/people/~?format=json";
APIHelper.getInstance(activity.get()).getRequest(activity.get(), built, getProfileCallback);

this actually returns successfully with the basic user profile information.

this is where the problem beings I can only use this access token to make calls using the APIHelper. When trying to use the provided access token elsewhere (server side, testing in Postman/Apigee) it always returns this response.

{ 
"errorCode": 0,
"message": "Unable to verify access token",
"requestId": "M9J2NBQV9J",
"status": 401,
"timestamp": 1430922872474 
}

I have been using the LinkedIn resource for debugging 401 issues (https://developer.linkedin.com/docs/oauth2) Using the LISessionManager. to evaluate the current session tells me that the access token is

  • still valid
  • has not expired
  • is still good for roughly 2 months from the time it is issued.

Checking my LinkedIn profile, it has not revoked access to the application and the permission scope is basic_profile, email_address, and w_share

I'm really confused why these generated accessTokens don't seem to be valid outside of the LinkedIn SDK, are they not valid across the entire service?

Any help appreciated.

Answers


As noted in LinkedIn's Android SDK authentication documentation (https://developer.linkedin.com/docs/android-sdk-auth),

Mobile vs. server-side access tokens

It is important to note that access tokens that are acquired via the Mobile SDK are only useable with the Mobile SDK, and cannot be used to make server-side REST API calls.

Similarly, access tokens that you already have stored from your users that authenticated using a server-side REST API call will not work with the Mobile SDK.


Need Your Help

wrap blit around screen edge pygame

python pygame blit

Given an image, how could one "wrap" that image around the screen?

jQuery DOM maniuplation acting strangely inside a forEach loop

javascript jquery

I have a forEach loop iteraing over an array of objects. With each iteration of the loop, I create a node and append it to the DOM tree using jQuery.

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.