如何在LinkedIn中获取访问令牌OAuth 2.0身份验证应该作为POST请求？

Question

对不起,如果这是一个简单的问题.

I'm a LinkedIn newbie and am attempting to complete the OAuth 2.0 process to obtain the 60-day "access token" after obtaining the temporary "authorization code" as described at https://developer.linkedin.com/documents/authentication.

I had no problems with part 3a - obtaining the temporary authorization code. I simply redirected the user to the LinkedIn URL:

https://www.linkedin.com/uas/oauth2/authorization?response_type=code
                                       &client_id=YOUR_API_KEY
                                       &scope=SCOPE
                                       &state=STATE
                                       &redirect_uri=YOUR_REDIRECT_URI

and after the user granted permission they are redirected back to my app, and the returned parameters are checked to see if everything went well and the temporary authentication code is retrieved as one of the form parameters returned, as per the docs.

However, I am confused as to how to proceed with step 3b - exchanging the authorization code for an access token (which can then be used to make API requests). My confusion is because even the docs show show what appears to be a typical GET URL with parameters, it says "POST" next to it. So I believe a POST request must be made instead of a GET.

But what do they mean by this? Why do the docs give a URL with query parameters rather than detailing the needed POST request, with a URL and how the parameters should be formatted in the body? I'm basically just not sure how I should form my request for step 3b.

I'm assuming I can't simply redirect my users to the 3b URL as I did with the 3a URL, right? That would be easy if I could.

The language I'm using is server-side JavaScript. I can redirect. I can form and make POST requests if I know the needed format. I can create GET requests. I'm just not familiar with this situation, where the docs which say the request should look like this:

https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code
                                       &code=AUTHORIZATION_CODE
                                       &redirect_uri=YOUR_REDIRECT_URI
                                       &client_id=YOUR_API_KEY
                                       &client_secret=YOUR_SECRET_KEY

yet at the same time indicate that it is a POST request.

Is there some short-cut method of using that URL as is to make a POST request? Or am I supposed to understand how to take that URL and turn it into a typical post request and put all the parameters into the body and just make my request to https://www.linkedin.com/uas/oauth2/accessToken itself?

Sorry if it's something that should be obvious. It's just not something I have encountered before.

Any help here would be appreciated.

Thanks,

doug

Answer 1

考虑作为教程,它将顺利地驱动您访问令牌:)

步骤1:

创建应用程序后:

写这个,因为我将跟随
我创建的文件夹"/ var/www/html/code"

第2步:

呼叫:

https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id= 输入您的client_id&redirect_uri = http%3A%2F%2Flocalhost%2Fcode&state = 987654321&scope = r_basicprofile

答复:

HTTP://本地主机/代码/代码= AQTnRRDM_pMw6Nn8jutiCKTH3xmqHOPnVb4udfGI7KbK7mLhie2XqcEZf1IOycVdgGC5mamWEiFd3DxJznxJZYaix_UCGlIH_PbJJZG720LBk5heSrE&状态= 987654321

您会得到不同的回复,但结构将是相同的.

第3步:

卷曲-X POST --http1.1 " https://www.linkedin.com/oauth/v2/accessToken " --cookie "X-CSRF令牌:987654321" -d"grant_type = authorization_code&代码= AQTnRRDM_pMw6Nn8jutiCKTH3xmqHOPnVb4udfGI7KbK7mLhie2XqcEZf1IOycVdgGC5mamWEiFd3DxJznxJZYaix_UCGlIH_PbJJZG720LBk5heSrE&REDIRECT_URI = HTTP%3A %2F%2Flocalhost%2Fcode&client_id = client_id&client_secret = client_secret "-H"Content-Type:application/x-www-form-urlencoded"