Android LinkedIn SDK 产生不可用的访问令牌 [英] Android LinkedIn SDK produces unusable access tokens
问题描述
What I am trying to accomplish:
- Authenticate w/ LinkedIn via their Android SDK
- Fetch User's profile to obtain their userId
- Create new user against our internal service
So far I have been able to authenticate with LinkedIn, retrieve an access token, and use that against LinkedIn's service to obtain their user id.
The flow looks a bit like this
LISessionManager.getInstance(activity).init(this.activity.get(), permissionScope,
authLinkedInCallback, showDialogIfAppMissing);
upon returning into my application I catch the Intent data using the code below
LISessionManager.getInstance(activity).onActivityResult(activity, requestCode, resultCode, data);
this part seems to be functional and yields an onAuthSuccess from the AuthListener setup in the LISessionManager initialization.
post success I am able to use the provided access token with the provided APIHelper to get the user's basic profile
String built = "https://api.linkedin.com/v1/people/~?format=json";
APIHelper.getInstance(activity.get()).getRequest(activity.get(), built, getProfileCallback);
this actually returns successfully with the basic user profile information.
this is where the problem beings I can only use this access token to make calls using the APIHelper. When trying to use the provided access token elsewhere (server side, testing in Postman/Apigee) it always returns this response.
{
"errorCode": 0,
"message": "Unable to verify access token",
"requestId": "M9J2NBQV9J",
"status": 401,
"timestamp": 1430922872474
}
I have been using the LinkedIn resource for debugging 401 issues (https://developer.linkedin.com/docs/oauth2) Using the LISessionManager. to evaluate the current session tells me that the access token is
- still valid
- has not expired
- is still good for roughly 2 months from the time it is issued.
Checking my LinkedIn profile, it has not revoked access to the application and the permission scope is basic_profile, email_address, and w_share
I'm really confused why these generated accessTokens don't seem to be valid outside of the LinkedIn SDK, are they not valid across the entire service?
Any help appreciated.
As noted in LinkedIn's Android SDK authentication documentation (https://developer.linkedin.com/docs/android-sdk-auth),
Mobile vs. server-side access tokens
It is important to note that access tokens that are acquired via the Mobile SDK are only useable with the Mobile SDK, and cannot be used to make server-side REST API calls.
Similarly, access tokens that you already have stored from your users that authenticated using a server-side REST API call will not work with the Mobile SDK.
这篇关于Android LinkedIn SDK 产生不可用的访问令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
