3

Situation: I am trying to call the LinkedIn API from a ColdFusion CFC to get the user's profile and network (connections). The LinkedIn API states that to do this you must call a URL with scope=r_fullprofile+r_network.

Issue: ColdFusion is automatically encoding the URL, so the plus sign is getting encoded, and LinkedIn is rejecting my call. Is there any way around this? I've posted a link below to some code snippets on github which I believe illustrate the issue.

https://gist.github.com/4535364

Any help would be appreciated!

wellercs
  • 143
  • 5

2 Answers2

2

I have searched around on this for a bit and I am seeing lots of examples where ColdFusion is not playing nicely with the LinkedIn API. So I'm afraid if you do get passed this issue (although I have not come up with an alternative yet) another will crop up. While searching I found several suggestions from people to use the linkedin-j, A Java wrapper for LinkedIn APIs instead. Here are some of the references that I found:

Working example Coldfusion and Linkedin API

LinkedIn-J does not return educations

401 Unauthorized response. API people/~ and people/id=; ColdFusion, cfhttp

Problem updating status - 401 unauthorized - ColdFusion

linkedin-j Getting Started

Side Note Your github code example is making a cfhttp call to 'receiver.cfm' but you called the file 'cfhttp_receiver.cfm'. In this line:

<cfhttp url="http://#cgi.http_host#/sandbox/receiver.cfm?scope=#url.scope#" method="post" resolveurl="no">
Community
  • 1
  • 1
Miguel-F
  • 13,450
  • 6
  • 38
  • 63
  • Using a tested wrapper is a sensible approach, but since the API is just OAuth+REST there's no reason why CF shouldn't work with it? :/ – Peter Boughton Jan 15 '13 at 16:16
  • @PeterBoughton I totally agree with you Peter. Assuming that the requested URL will work with the '+' sign intact then it is just a matter of ColdFusion not encoding that character. But how to do that is a mystery...? – Miguel-F Jan 15 '13 at 16:21
  • @Miguel-F yes, I uploaded the code with a different name and forgot to change my link in the code sample. it was meant for a simple example. I am using a [LinkedIn CFC](http://linkedin.riaforge.org/) I found which I have made some modifcations to get some other things working. I really want to avoid linkedin-j but thanks for the suggestion and links. – wellercs Jan 15 '13 at 23:40
1

The scope field is a space delimited list.

The + character is commonly used as a shortcut for space, since it's more readable than %20 (which is what space encodes to).

If using a plus character results in an encoded plus (%2B) being sent, then you are left with two other ways of putting the space into the URL:

  1. using a literal space character, or
  2. using an encoded space %20

Try both of those options, ideally using a network snifer (e.g. WireShark) so that you can see accurately what is being sent.

Update: As per comments below, %20 is correct, but the signature based string needs to be encoded again, so for that the % becomes %25, giving a result of %2520.

Peter Boughton
  • 110,170
  • 32
  • 120
  • 176
  • Hi, Peter, thanks for your reply, but a literal space does not work either. – wellercs Jan 15 '13 at 13:46
  • Hmm, I was basing that of some examples I saw (since trying to visit the LinkedIn API itself was giving 404s or redirecting to home page). Is there a specific LinkedIn page where this is documented? – Peter Boughton Jan 15 '13 at 16:07
  • 1
    @PeterBoughton I found this post while searching that discusses the encoding needed. [Permission scope in request token query not working](http://developer.linkedin.com/forum/permission-scope-request-token-query-not-working) See the number 6 response by Jack Newcombe. By they way, I am also having issues getting to that linkedin page. It's sloooowwww. – Miguel-F Jan 15 '13 at 16:29
  • 1
    If I change the URL to HTTPS it works, otherwise the subdomain reverts to `www.` :/ Anyhow, that seems to confirm that `+` and `%20` should work. wellercs - have you tried %20 yet? – Peter Boughton Jan 15 '13 at 17:12
  • @Miguel-F - thanks for the link, I'll play around with the scenarios in #6 – wellercs Jan 15 '13 at 23:36
  • So, am I right in thinking that if you replace the nasty + sign in the URL with %2B, the LinkedIn API still doesn't like it? – Matt Gifford Jan 16 '13 at 15:58
  • @Miguel-F - the link you provided has the solution (#35) so thanks again for that! – wellercs Jan 16 '13 at 16:20
  • 1
    @PeterBoughton the issue was a two-part issue. the post parameters needed to encode the + as %20 as you suggested but the signature based string needed to encode it as %2520 so I apologize since you were correct but I didn't know that the signature string needed to be %2520 (I was using %20 for the signature string as well) – wellercs Jan 16 '13 at 16:22
  • @MattGifford %2B was not the correct encoding since it needed to be the encoding for a space instead of a plus sign. I originally thought it needed to be for the plus sign but it ended up being for the space and actually needed to be 2 different encodings for the space (see my above comment). Thanks for your comment though! – wellercs Jan 16 '13 at 16:24