LinkedIn Application Development Series (III)-authentication Request token

Source: Internet
Author: User
Tags oauth

In the previous section, I shared some methods and code for obtaining the Request token.

In this article, we mainly introduce the authorization (authorized) Request toekn. After obtaining the request token, you have to authorize (authorized) to access it. Also get the verification code verifier while the authorization address is: https://api.linkedin.com/uas/oauth/authorize? Oauth_token = 6bdaf411-dc13-4c52-b013XXXXX402d82

Enter the address on firefox to view the logon page.

Obviously, you can get authorization by entering the correct EMAIL and password to log on. The problem is certainly not that simple, so you should check how much data it submits.

All right, enter a user name and password (test) to submit the request, and use firebug to analyze the post data:

(Note: Part of oauth_token is blocked. Sorry)

The submitted data, including the URL, are displayed in the preceding figure, including the email and password (red box)

Obviously, we only need to submit the above data through the crawler program, and then we can authenticate it.

However, the problem is still not as simple as it is. However, I noticed that the above csrtfToken parameter has different results for each request. Remember one thing: cookie.

Then, use firebug to analyze what cookies have written.


To ensure security, linkedin checks whether the cookie on the client is the same as that of the original client for each request. If it denies the request, it is considered unsafe, we have to put the request link (https://api.linkedin.com/uas/oauth/authorize? Oauth_token) the cookie is obtained first, and then sent back to the submission request in the same way before it can be submitted normally. Otherwise, the data cannot be submitted successfully.

The cookie contains the JSESSIONID value and the csrtfToken mentioned above.The values are the same.

Well, everything is clear, we can follow these parameters, we can do a crawler program, get Authentication Authorization and authentication code

 

 

Code

     string GenPostData(string email, string pwd, string token, string csrfToken)
{
string s = string.Format(@"email={0}&password={1}&duration=0&extra=&access=-3
&agree=true&oauth_token={2}&appId={3}&csrfToken={4}
&sourceAlias=uas-oauth-authorize",
email, pwd, token, string.Empty, csrfToken);
return s;

}

private string GetOauthToken()
{

CookieCollection collection = null;
HttpWebRequest cookie_request =
(HttpWebRequest)System.Net.WebRequest.Create("https://api.linkedin.com/uas/oauth/authorize?oauth_token=" + Token);

CookieContainer container = new CookieContainer();
cookie_request.Method = "GET";
cookie_request.ContentType = "application/x-www-form-urlencoded";
cookie_request.KeepAlive = true;
cookie_request.CookieContainer = container;
HttpWebResponse cookie_response = (HttpWebResponse)cookie_request.GetResponse();
collection = cookie_response.Cookies;

string postData = GenPostData(Email, Pwd, this.Token,
collection["JSESSIONID"].Value.Replace("\"", string.Empty));

ASCIIEncoding encoding = new ASCIIEncoding();
byte[] data = encoding.GetBytes(postData);
HttpWebRequest request =
(HttpWebRequest)System.Net.WebRequest.Create("https://www.linkedin.com/uas/oauth/authorize/submit");

request.Method = "Post";
request.ContentType = "application/x-www-form-urlencoded";
request.ContentLength = data.Length;
request.KeepAlive = true;
request.CookieContainer = container;
request.CookieContainer.Add(collection);

Stream newStream = request.GetRequestStream();
newStream.Write(data, 0, data.Length);
newStream.Close();

HttpWebResponse response = (HttpWebResponse)request.GetResponse();
response.Cookies = collection;

if (response.StatusCode == HttpStatusCode.OK)
{
NameValueCollection qs = HttpUtility.ParseQueryString(response.ResponseUri.Query);
if (qs["oauth_token"] != null)
{
this.Token = qs["oauth_token"];
}
if (qs["oauth_verifier"] != null)
{
this.Verifier = qs["oauth_verifier"];
}
//StreamReader reader = new StreamReader(response.GetResponseStream(), Encoding.Default);
//string content = reader.ReadToEnd();
}
if (!string.IsNullOrEmpty(Verifier))
return Token;
return string.Empty;
}

 

 

The authorization and authentication code can be obtained successfully.

Of course, if the callback page mentioned in the previous chapter can be accessed normally, otherwise the related token and verifier will not be obtained. If you have a callback under your directory. the location of your callback file is http: // localhost/linkedin/callback. aspx, your oauth_callback address is http: // localhost/linkedin/callback. aspx, but make sure that the project can be normally Redirect to callback. aspx and normal access (callback. aspx does not need to do anything)



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.