Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

LinkedIn error: "The token used in the request is expired" #17

Open
maccman opened this issue Feb 11, 2014 · 22 comments
Open

LinkedIn error: "The token used in the request is expired" #17

maccman opened this issue Feb 11, 2014 · 22 comments

Comments

@maccman
Copy link

maccman commented Feb 11, 2014

I'm getting the following error when I'm using this gem.

OAuth2::Error at /auth/linkedin/callback
: { "errorCode": 0, "message": "The token used in the request is expired.", "requestId": "5LVAAP7YZ2", "status": 401, "timestamp": 1392084765723 }
file: client.rb location: request line: 110

So it actually looks like a problem with LinkedIn. I was seeing it intermittently, so I surmised it was a timing issue. Low and behold if I put a 10 second sleep in there it works every time.

  def raw_info
    @raw_info ||= begin
      sleep 10
      access_token.get("/v1/people/~:(#{options.fields.join(',')})?format=json").parsed
    end
  end

I'm wondering if anyone else has seen this behavior?

@fmendez
Copy link

fmendez commented Feb 25, 2014

There's a thread here: http://developer.linkedin.com/forum/unauthorized-invalid-or-expired-token-immediately-after-receiving-oauth2-token with a lengthy discussion and several possible workarounds.

@kamloops
Copy link

Hi Folks,

Kamyar here with LinkedIn. This should be resolved in production. Please
verify everything works on your end. Apologize for the regression, but we
are working hard to ensure this doesn't happen again.

Regards,
Kamyar

On Tue, Feb 25, 2014 at 4:07 AM, Fernando Mendez
[email protected]:

There's a thread here:
http://developer.linkedin.com/forum/unauthorized-invalid-or-expired-token-immediately-after-receiving-oauth2-tokenwith a lengthy discussion and several possible workarounds.

Reply to this email directly or view it on GitHubhttps://github.com//issues/17#issuecomment-36001000
.

@vovka667
Copy link

It doesn't work now. Without "sleep 5" I get 401 error with "message": "Then token used in this request has been revoked by the user.".

@carloscambon
Copy link

I am getting the same 401 error when trying to retrieve the user info with the correct token. And works every time if I put 5 seconds sleep. Is there any workaround to this?

@kfitzsimons
Copy link

kfitzsimons commented May 6, 2018

Any update? Surprised this is still an issue but seeing the same error.

@elahmo
Copy link

elahmo commented Aug 28, 2018

Same error here, it popped up in the past weeks. Before that, things were working correctly.

@Ahamathullah
Copy link

I am getting the same 401 error when trying to retrieve the user info with the correct token using Oauth2.0.
The response is like

{
"errorCode": 0,
"message": "Then token used in this request has been revoked by the user.",
"requestId": "KP9N0EXW9W",
"status": 401,
"timestamp": 1536553487159
}
Can anyone help to solve this to get user information like email and name of the user.

@elahmo
Copy link

elahmo commented Sep 10, 2018

@Ahamathullah I have resolved an issue by adding a delay after calling a request when obtaining the token. Go with 5-6 seconds. LinkedIn doesnt seem to activate the token that it gives immediately, so waiting a bit helps.

@edmundadjei
Copy link

I'm still getting this error too

April 23rd 2020, 11:35:33.736	message:[Thu Apr 23 11:35:33 2020] c187bb8eff27ee9084ce3b89daf07dde LinkedIn profile error: The token used in the request has expired 

I know the token has not expired because I have just literally refreshed it.

@saraiyakush
Copy link

I am facing this problem as well. Even the introspect api call POST https://www.linkedin.com/oauth/v2/introspectToken returns revoked or expired at times, when the token is created literally a second ago.

Adding delay won't work for me because it does not go well with the user experience. Imagine keeping the user waiting for 5 seconds after they have authorized the app to access LinkedIn.

This needs to be solved!

@joeEulerity
Copy link

joeEulerity commented Apr 30, 2021

I'm also facing this problem.

I'm generating access tokens from a refresh token. If I use the access token immediately, but if I wait a few minutes, it miraculously works.

This means that any integration tests I run that generate an access token for immediate use ALWAYS fail

-- update. I didn't realize where I was posting this. My comment really belong on some LinkedIn developer page, not here. I will leave it here anyway though so that others realize this is a LinkedIn problem, and not an issue with this repo

@tfrancois
Copy link

tfrancois commented May 4, 2021

+1

I can also confirm that this an issue as I am seeing the EXACT same thing as the last two posters. Glad to know though that it's not something I'm doing wrong in my code (finally). This definitely needs to be fixed. I'm hoping someone from the dev team is monitoring this issue/post.

EDIT:
What I would like to report however, is for whatever reason, the token that is reported as revoked from the API call to introspect token stills works fine if I skip the check! Not good. Defeats the purpose of relying on the information about a token revocation if its not reporting the correct state in either direction. PLEASE FIX THIS.

@georgek1991
Copy link

I am facing this issue. Has anyone solved this?

@joeEulerity
Copy link

It's been 7 years since a Linkedin dev replied on this thread. I wouldn't get my hopes up that this has been or ever will be resolved.

@avinasha
Copy link

As of this comment, this issue still persists. The following stackoverflow answers suggested to include all the params sent to https://www.linkedin.com/oauth/v2/accessToken to get the access token to be sent as query params and not part of the body!

https://stackoverflow.com/questions/25488172/linkedin-api-the-token-used-in-the-oauth-request-has-been-revoked
https://stackoverflow.com/questions/66830621/linkedin-api-the-token-used-in-the-request-has-been-revoked-by-the-user

This works! To achieve this using this gem, monkey patch the client options for the oauth2 client to include token_method set to post_with_query_string. This ensure the params are in the query string rather than the body of the POST request.

module OmniAuth
  module Strategies
    class LinkedIn
      option :client_options, {
        :site => 'https://api.linkedin.com',
        :authorize_url => 'https://www.linkedin.com/oauth/v2/authorization?response_type=code',
        :token_url => 'https://www.linkedin.com/oauth/v2/accessToken',
        :token_method => :post_with_query_string
      }
    end
  end
end

@mikemike396
Copy link

As of this comment, this issue still persists. The following stackoverflow answers suggested to include all the params sent to https://www.linkedin.com/oauth/v2/accessToken to get the access token to be sent as query params and not part of the body!

https://stackoverflow.com/questions/25488172/linkedin-api-the-token-used-in-the-oauth-request-has-been-revoked https://stackoverflow.com/questions/66830621/linkedin-api-the-token-used-in-the-request-has-been-revoked-by-the-user

This works! To achieve this using this gem, monkey patch the client options for the oauth2 client to include token_method set to post_with_query_string. This ensure the params are in the query string rather than the body of the POST request.

module OmniAuth
  module Strategies
    class LinkedIn
      option :client_options, {
        :site => 'https://api.linkedin.com',
        :authorize_url => 'https://www.linkedin.com/oauth/v2/authorization?response_type=code',
        :token_url => 'https://www.linkedin.com/oauth/v2/accessToken',
        :token_method => :post_with_query_string
      }
    end
  end
end

I tried this out in C# using RestSharp .AddQueryParameter via a POST and it didn't change anything. Still getting the 401 if I don't delay for 5-8 seconds.

@joeEulerity
Copy link

Our solution is to call introspect token in a loop with a delay of 250ms until we get TEN!!!! 10 responses saying the token is valid. This is the only method that appears to work consistently

@lucca-oliveira
Copy link

@joeEulerity Hey! Can you show an example of how you implemented that? I'm having the same issue for a couple of weeks and nothing i tried could solve the problem.

@joeEulerity
Copy link

@lucca-oliveira I don't actually use this github project, so I can't provide a code sample. I only found this while searching for solutions to the LinkedIn API issue I was having. But essentially it would look something like this language agnostic pseudocode

token = generateToken(params)
validTokenCount = 0
while (validTokenCount < 10) {
if (isTokenValid(token)) {
validTokenCount++;
} else {
validTokenCount = 0;
sleep(250)
}
}

@lucca-oliveira
Copy link

@joeEulerity Thanks buddy!

@frunkad
Copy link

frunkad commented Aug 1, 2024

Following this. It's been 10 years! 🤔🥲

@busbyjon
Copy link

busbyjon commented Aug 2, 2024

As of this comment, this issue still persists. The following stackoverflow answers suggested to include all the params sent to https://www.linkedin.com/oauth/v2/accessToken to get the access token to be sent as query params and not part of the body!

https://stackoverflow.com/questions/25488172/linkedin-api-the-token-used-in-the-oauth-request-has-been-revoked https://stackoverflow.com/questions/66830621/linkedin-api-the-token-used-in-the-request-has-been-revoked-by-the-user

This works! To achieve this using this gem, monkey patch the client options for the oauth2 client to include token_method set to post_with_query_string. This ensure the params are in the query string rather than the body of the POST request.

module OmniAuth
  module Strategies
    class LinkedIn
      option :client_options, {
        :site => 'https://api.linkedin.com',
        :authorize_url => 'https://www.linkedin.com/oauth/v2/authorization?response_type=code',
        :token_url => 'https://www.linkedin.com/oauth/v2/accessToken',
        :token_method => :post_with_query_string
      }
    end
  end
end

Just want to say thank you - this is the solution for what is effectively an intermittent failure.

Devs - please create a patch into upstream here.

For those wondering how to implement, the easiest solution for now is to drop this code into config/initializers/linkedin_monkey_patch.rb.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests