AccessToken does not seem to be valid. #81
Description
Hi,
I implemented a passport-linkedin-oauth2 strategy to initially just authenticate a user. This works. The user logins using linkedin, I either create or find the user in a MongoDB and life is grand. Now, I want to share a post on linkedin. I was under the impression that using the "access token" in the passport login strategy would be enough. Here is what I have:
var LinkedInStrategy = require('passport-linkedin-oauth2').Strategy;
var User = require('../users/user');
module.exports = function(passport) {
passport.use('linkedin', new LinkedInStrategy({
clientID: LINKEDIN_KEY,
clientSecret: LINKEDIN_SECRET,
callbackURL: URL + "/auth/linkedin/callback",
scope: ['r_emailaddress', 'r_liteprofile',
//'w_organization_social',
'w_member_social'
],
state: true
}, function(accessToken, refreshToken, profile, done) {
// asynchronous verification, for effect...
// console.log("accessToken => " + accessToken);
// console.log("refreshToken=> " + refreshToken);
// console.log(profile);
process.nextTick(function() {
//console.log(profile);
User.findOne({
'linkedin.id': profile.id
}, function(err, user) {
if (err)
return done(err);
if (!user) {
//record this user
user = new User();
user.linkedin.id = profile.id;
user.linkedin.token = accessToken;
user.linkedin.email = [];
user.linkedin.firstname = profile.name.givenName;
user.linkedin.lastname = profile.name.familyName;
if (profile.emails != null) {
for (var i = 0; i < profile.emails.length; i++) {
user.linkedin.email.push(profile.emails[i].value);
}
}
user.save(function(err) {
if (err)
return done(err);
return done(null, user);
});
return;
}
user.linkedin.token = accessToken;
user.save(function(err) {
if (err)
return done(err);
return done(null, user);
});
return;
});
});
}));
}
If I attempt to upload/create an image share with the access token from above, I get:
{"serviceErrorCode":65600,"message":"Invalid access token","status":401}
Fine, I thought that in calling the "done" (in the passport code), the user is serialized and the token revoked. So, I attempted to intercept the callback from linkedin, get the auth code and then query linkedin for an access token. This worked exactly once! I do not remember what the state of the session was when it worked. I have not had any luck replicating it. I get the more obscure 400 exception. I have tried encodeURIComponent on the redirect_uri, adding the "state" variable and removing it. I have tried changing the order of the parameters in the query. No good.
Should I expect the accessToken obtained in the initial login to be "good" or is there something I am missing? If it is good, how is the refresh of the Token done? Where is the token expiration time stored? If it is no good, is there some example where I can see how I would post to linked in. Do I need to override the strategy and add my functions/methods there?
Thank you!
-Greg