Linkedin authentication giving invalid redirect_uri

Question

I'm using linkedin authentication api to login my website users.

First of all I'm redirecting to the following url :

https://www.linkedin.com/oauth/v2/authorization?' \
      'response_type=code' \
      '&client_id=*****' \
      '&redirect_uri=http%3A%2F%2F127.0.0.1%3A8000%2Faccounts%2Flinkedin%2Fcallback%3Fnext%3D%2Fhome' \
      '&state=123456789' \
      '&scope=r_basicprofile%20r_emailaddress'

This successfully redirects to the linkedin authentication dialog box. After accepting to give permissions to linkedin app user is successfully redirected to redirect_uri with code param appended to it.

After that I send a POST request like follow :

requests.post(
    'https://www.linkedin.com/oauth/v2/accessToken',
    data={
        'grant_type': 'authorization_code',
        'code': returned code in previous step,
        'redirect_uri': 'http%3A%2F%2F127.0.0.1%3A8000%2Faccounts%2Flinkedin%2Fcallback%3Fnext%3D%2Fhome',
        'client_id': ****,
        'client_secret': settings.LINKEDIN_CLIENT_SECRET,
    }
)

but this request is not successful and I don't know why! Following is the response returned by linkedin :

{'error': 'invalid_redirect_uri', 'error_description': 'Unable to retrieve access token: appid or redirect uri or code verifier does not match authorization code or authorization code expired'}

As you see redirect_uri is same in both requests...

Answer 1

In your token request you are providing the URL-encoded value of the redirect URI in the POST data, however requests.post will automatically URL-encode the key/value pairs in the data object. Hence this value reaches the server double-encoded and that thus will not match the original value sent in the authorization request; the server responds invalid_redirect_uri.

You'll need to send

    'redirect_uri': 'http://127.0.0.1:8000/accounts/linkedin/callback?next=/home',