LinkedIn OAuth2 授权服务器遇到意外情况 [英] LinkedIn OAuth2 Authorization server encountered an unexpected condition

问题描述

对于一些尝试通过 OAuth2 API 中的链接从移动设备在 web 视图中进行身份验证的用户，我们收到了这个奇怪的错误.

We're getting this weird error for some of our users who are trying to authenticate via linked in OAuth2 API from mobile within a webview.

https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=XXX&state=XXX&redirect_uri=XXX&scope=r_emailaddress%20r_basicprofile

提交后 ( https://www.linkedin.com/uas/oauth2/authorizedialog/submit )，使用以下参数重定向到我们的重定向 uri.

After the submit ( https://www.linkedin.com/uas/oauth2/authorizedialog/submit ), there is a redirect to our redirect uri with the following params.

?error=server_error&error_description=XXX&state=the+authorization+server+encountered+an+unexpected+condition

我经历了这个 => http://chriskief.com/2014/04/23/linkedin-api-unable-to-retrieve-access-token/.

I went through this => http://chriskief.com/2014/04/23/linkedin-api-unable-to-retrieve-access-token/ .

创建新应用程序或生成新密钥是一个问题，因为它会破坏已安装应用程序的登录链接.我们以前从未使用过 OAuth1.

Creating a new application or generating fresh keys is a problem as it would break the linked in login for already installed apps. We have never use OAuth1 before.

推荐答案

当在 LinkedIn 授权表单上的用户电子邮件地址之前或之后添加空格字符时，我们能够重现此错误.LinkedIn 不会在此字段上修剪任何多余的空白.

We were able to reproduce this error when a space character is added before or after the user's email address on the LinkedIn authorization form. LinkedIn doesn't do any trimming of extraneous whitespace on this field.

我的假设是，当人们使用空格键接受电子邮件地址的自动完成建议时，会在移动设备上发生这种情况.所以用户开始输入他们的电子邮件地址，操作系统会推荐一个已知的电子邮件地址，通常，移动操作系统会在按下空格键时使用推荐.

My hypothesis is that this happens on mobile when people use the space bar as a way to accept an autocompletion recommendation on the email address. So the user starts typing their email address, the OS recommends a known email address and, generally, mobile OSs will use the recommendation when the space bar is pressed.

这篇关于LinkedIn OAuth2 授权服务器遇到意外情况的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！