I’m trying to build an API endpoint to Linked In. I am not currently accessing member data, just app so I don’t need any special permissions. I am trying to pull an auth token but I am receiving an error “SyntaxError: Unexpected end of JSON input” but I can’t tell if that is from Appguyver or LinkedIn. I can’t locate the error code, if any. It works fine on Postman. Any suggestions?
Here is the Linked In Documentation.
Turns out the grant_type client_crenedtials does require specific permissions which I do not have. I do have permissions for grant_type authorization_code which is the three legged Auth process. This is the one I have working in Postman but does not work in AppGuyver. Linked Docs
I am unable to diagnose it well as the API data integration in AppGuyver does not show what was sen nor what the error code. When there is an error Linked In replies with properly formed JSON so I am not sure why AppGuyver API systems says “Unexpected end of JSON input”. It also does not say what error code it is getting from Linked In or if the data is being sent.
You should be able to see the full error response in the Web Inspector (Opt+Cmd+I on Mac, Ctrl+Shift+I on Windows).
authorization_code grant type returns a LinkedIn website for the user to log in, which is what the REST API configurator is failing to process – so what you can do is use the WebView component to render the login form, and then use the
onLocationChange listener to detect when the successful login redirects the browser to the defined
redirect_uri with the code in the query parameter.
Then, you can POST to https://www.linkedin.com/oauth/v2/accessToken with the params – though a best practice would be to have a custom backend handle the POST to LinkedIn, so you can keep your
client_secret out of the app code; see https://docs.microsoft.com/en-us/linkedin/shared/api-guide/best-practices/secure-applications?context=linkedin/context
You might make it clear that you API solutions is client side and not server side. I didn’t see that anywhere in the documentation. The word “direct” in the title is not specific enough.
To clarify, the
authorization_code grant type does not return a LinkedIn website. That is the previous call which I am already handling the way you said. The
authorization_code grant type is returning nothing, Probably because Linked In is detecting a call from a browser form something that should be from a server. The same call from Postman returns JSON while from a website it is blank.
Apologies for the confusion regarding the server- vs. client-side nature of the REST API direct integration feature, I’ll make a note to clarify that.
What’s the erroring call look like in the browser Web Inspector? Could very well be LinkedIn has some sort of block for browser-made requests. That said, the API could work from the native app even if it fails from the browser test button; you can set the schema manually and try it out via the Preview app.
We are building a browser app, not a native app. Since that would be insecure we will need to look for other solutions. From the website the browser returned a 200 OK with no data. If the URL is pasted in the browser address field it returns 200 but with data, probably because it is not in the context of a specific website so there is no CORS data sent. I’m just assuming they block the response on their side and neglected to send a proper error code. Since the solution won’t work for use I won’t be investigating it any further.
Sorry to have you hit a blocker, we hope to get a unified OAuth flow feature out soon that utilizes https://github.com/FormidableLabs/react-native-app-auth internally!