I am encountering an issue with the LinkedIn API integration for our application, FeelThere. Despite meticulously following the guidelines provided in LinkedIn’s developer documentation, we are not receiving the refresh token upon successful authorization. This is critical because our application relies on the ability to refresh tokens to maintain a seamless user experience without requiring users to re-authenticate frequently.
Steps Implemented:
Application Setup:
Our application is registered in the LinkedIn Developer Portal.
We have requested the necessary permissions and scopes: r_liteprofile, r_emailaddress, w_member_social, offline_access.
Authorization Code Flow:
The user is redirected to LinkedIn for authentication.
We obtain the authorization code successfully.
The authorization code is then exchanged for an access token using the token endpoint.
Issue:
While we successfully receive the access token, the refresh token is missing from the response. This refresh token is crucial for our application to maintain a seamless user experience by allowing token refresh without requiring the user to re-authenticate.
What I Tried:
Authorization Request
const authUrl = 'https://www.linkedin.com/oauth/v2/authorization';
const params = {
response_type: 'code',
client_id: 'YOUR_CLIENT_ID',
redirect_uri: 'YOUR_REDIRECT_URI',
scope: 'r_liteprofile r_emailaddress w_member_social offline_access',
state: 'YOUR_UNIQUE_STATE'
};
const queryString = new URLSearchParams(params).toString();
window.location.href = `${authUrl}?${queryString}`;
Token Exchange Request:
const tokenUrl = 'https://www.linkedin.com/oauth/v2/accessToken';
const params = {
grant_type: 'authorization_code',
code: authorizationCode,
redirect_uri: 'YOUR_REDIRECT_URI',
client_id: 'YOUR_CLIENT_ID',
client_secret: 'YOUR_CLIENT_SECRET'
};
fetch(tokenUrl, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: new URLSearchParams(params).toString()
})
.then(response => response.json())
.then(data => {
console.log(data);
// Refresh token is missing in the response
})
.catch(error => console.error('Error:', error));
Expected Behavior:
According to the LinkedIn documentation, the response should include a refresh token along with the access token. This token allows the application to obtain a new access token after the current one expires.
Current Behavior:
The response includes the access token but does not include the refresh token, which prevents us from refreshing the access token programmatically.
Additional Information:
We ensured that the offline_access scope is included in the authorization request.
This issue is critical for our application’s functionality as it relies on the ability to refresh tokens to maintain a seamless user experience.
To assist in troubleshooting, we have prepared a video demonstration of the issue, which you can view at the following link: Video Demonstration.
Question:
What could be the reason for the missing refresh token in the response, and how can we resolve this issue to ensure we receive the refresh token upon successful authorization?
Any guidance or troubleshooting steps would be greatly appreciated. If additional logs or information are needed, please let me know.
Thank you for your help!
Best regards,
Bar Mor
Bar Mor is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.