LinkedInAuthentication (C# sample application for LinkedIn OAuth2.0 – Requires you to add NewtonSoft JSON)
Quite a frustrating issue, today, but the solution is straight forward…
Problem: When using Chrome (Firefox too?) and logging into LinkedIn directly, THEN going to your app that requests LinkedIn credentials, also in Chrome, when my app sends the user to LinkedIn’s auth URL (oAuth2) it automatically redirects back to your callback without any user login required and the authorization code is right there. The problem is that code returned was not valid and would return a 400 bad request from LinkedIn when I tried getting an authentication token using that authorization code.
NOTE: If you use a different browser to log into LinkedIn and using your app, that behavior doesn’t occur. It requires the user to log in.
Solution: I had to go into my LinkedIn account used for authenticating on my app and remove authorization in my applications settings. This is done by going to your profile settings, then “Groups, Companies, & Applications” and then clicking on view applications. I then checked my app’s name and clicked remove. The next time I tried the scenario of being logged into LinkedIn in Chrome and then granting access to to my app, also in Chrome, the same behavior of being automatically redirected to my callback without any logging in occurred, however the authorization code was usable and did not return that 400 bad request. Everything went well after this.
Take-away: My theory is that the authorization in my account that I had to remove was an “old” authorization and the code had changed since then. By removing it and recreating that authorization it was current with my code. Now, if this is true, what will happen when I update my code in the future? I can’t ask all users to remove their authentication every time I upgrade. I’ll keep an eye on this.