AccessToken does not seem to be valid.

[gsteri1]

Hi,

I implemented a passport-linkedin-oauth2 strategy to initially just authenticate a user. This works. The user logins using linkedin, I either create or find the user in a MongoDB and life is grand. Now, I want to share a post on linkedin. I was under the impression that using the "access token" in the passport login strategy would be enough. Here is what I have:

var LinkedInStrategy = require('passport-linkedin-oauth2').Strategy;
var User = require('../users/user');
module.exports = function(passport) {
passport.use('linkedin', new LinkedInStrategy({
clientID: LINKEDIN_KEY,
clientSecret: LINKEDIN_SECRET,
callbackURL: URL + "/auth/linkedin/callback",
scope: ['r_emailaddress', 'r_liteprofile',
//'w_organization_social',
'w_member_social'
],
state: true
}, function(accessToken, refreshToken, profile, done) {
// asynchronous verification, for effect...
// console.log("accessToken => " + accessToken);
// console.log("refreshToken=> " + refreshToken);
// console.log(profile);
process.nextTick(function() {
//console.log(profile);
User.findOne({
'linkedin.id': profile.id
}, function(err, user) {
if (err)
return done(err);

    if (!user) {
      //record this user
      user = new User();
      user.linkedin.id = profile.id;
      user.linkedin.token = accessToken;
      user.linkedin.email = [];
      user.linkedin.firstname = profile.name.givenName;
      user.linkedin.lastname = profile.name.familyName;
      if (profile.emails != null) {
        for (var i = 0; i < profile.emails.length; i++) {
          user.linkedin.email.push(profile.emails[i].value);
        }
      }
      user.save(function(err) {
        if (err)
          return done(err);
        return done(null, user);
      });
      return;
    }
    user.linkedin.token = accessToken;
    user.save(function(err) {
      if (err)
        return done(err);
      return done(null, user);
    });
    return;
  });
});

}));
}

If I attempt to upload/create an image share with the access token from above, I get:
{"serviceErrorCode":65600,"message":"Invalid access token","status":401}

Fine, I thought that in calling the "done" (in the passport code), the user is serialized and the token revoked. So, I attempted to intercept the callback from linkedin, get the auth code and then query linkedin for an access token. This worked exactly once! I do not remember what the state of the session was when it worked. I have not had any luck replicating it. I get the more obscure 400 exception. I have tried encodeURIComponent on the redirect_uri, adding the "state" variable and removing it. I have tried changing the order of the parameters in the query. No good.

Should I expect the accessToken obtained in the initial login to be "good" or is there something I am missing? If it is good, how is the refresh of the Token done? Where is the token expiration time stored? If it is no good, is there some example where I can see how I would post to linked in. Do I need to override the strategy and add my functions/methods there?

Thank you!
-Greg

[gsteri1]

One further observation (this might be my bug or Linkedin), but the refreshToken is null when I get the callback from passport.