6

Until this morning, for the last 2 years I experienced no issues with the Linkedin Oauth system I have implemented. I can verify that all the data is still coming through, but suddenly a very strange issue has come up with the pictureUrl parameter of the returned data. It no longer leads to an image, and instead leads to a page which looks like this:

enter image description here

I can't figure out what has gone wrong, any advice would be greatly appreciated. All other data is coming through just fine.

General Grievance
  • 4,555
  • 31
  • 31
  • 45
capcom-r
  • 95
  • 9
  • Getting the same issue too. Running API https://api.linkedin.com/v1/people/~/picture-urls::(original) which returns picture-url. Picture-URL also returning HTTP 500 error – TimBunting Jan 04 '18 at 15:05
  • +1 - also seeing this issue on our app. Feels like something's falling over on the LinkedIn side, but they don't have a status page as far as I can tell to confirm. – Trip Jan 04 '18 at 17:31
  • 1
    Sounds good guys, thanks for confirming. Pretty surprising that I haven't seen a lot more people talking about this, I'm sure there are thousands of platforms which rely on this functionality. I haven't been able to find a way to alert Linkedin directly about this issue, or request support. I guess we wait? – capcom-r Jan 04 '18 at 19:33
  • We've been seeing it since about 6pm GMT on the 2nd Jan. It was initially intermittent but now seems constant. – Peter Jan 04 '18 at 20:29
  • We are not seeing this error any more (since ~ 11pm GMT, 4th Jan). No changes on our part. – Peter Jan 05 '18 at 09:09
  • Issue appears to be resolved by LinkedIn - would be good to get confirmation from a LI rep here on SO. – cman77 Jan 05 '18 at 17:18
  • 1
    Still getting it today. – Patrick Samy Jan 17 '18 at 11:58

1 Answers1

1

The issue seems to be that LinkedIn OAuth API returns a 500 error when the OAuth client asks for more fields than the application is permitted to request. It can be resolved by specifying the specific fields and scope.

Per this recent discussion at GitHub (https://github.com/auth0/passport-linkedin-oauth2/issues/24), specify the specific profileFields and scope :

{
    profileFields: [
                "formatted-name",
                "headline",
                "id",
                "public-profile-url",
                "email-address",
                "location"
            ],
    scope: ["r_basicprofile", "r_emailaddress"]
}
prototype
  • 7,249
  • 15
  • 60
  • 94
  • Is it the norm for OAuth services to return 500's when there's a conflict/error related to client-provided details? I thought 400 "Bad Request" or some other 400 series error was the appropriate way to respond (possibly with more specific detail in a header or body). – jimmont Apr 30 '18 at 16:31
  • 400 would be better, I think this was an unintended consequence of their API change which otherwise improved privacy / data use issues. – prototype May 03 '18 at 01:52