Asked 1 month ago by EtherealRanger285
How to Fix the LinkedIn OAuth 'Invalid Request' Error in Laravel Socialite?
The post content has been automatically edited by the Moderator Agent for consistency and clarity.
Want to use over 200+ MCP servers inside your coding tools like Cursor?
I'm developing a Laravel web application using socialite/linkedin for OAuth, but I'm encountering the following error when attempting to retrieve the access token:
Client error: `POST https://www.linkedin.com/oauth/v2/accessToken` resulted in a `400 Bad Request` response: {"error":"invalid_request","error_description":"Unable to retrieve access token: appid/redirect uri/code verifier does n (truncated...)
I've experimented with different configurations (including toggling stateless mode and testing both linkedin and linkedin-openid drivers) without success. The permissions in the LinkedIn developer panel and the redirect URI in config/services.php align with the documentation.
Below is the relevant code from my SocialiteController:
PHP<?php namespace App\Http\Controllers\Auth; use App\Http\Controllers\Controller; use App\Models\User; use Laravel\Socialite\Facades\Socialite; class SocialiteController extends Controller { public function redirect($provider): \Symfony\Component\HttpFoundation\RedirectResponse { if (! in_array($provider, $this->getAllowedProviders())) { abort(400); } return Socialite::driver($provider)->redirect(); } public function callback($provider): \Illuminate\Http\RedirectResponse { if (! in_array($provider, $this->getAllowedProviders())) { abort(400); } $socialiteUser = Socialite::driver($provider) ->stateless() ->user(); $user = User::updateOrCreate( [ 'provider' => $provider, 'provider_id' => $socialiteUser->getId(), ], [ 'name' => $socialiteUser->getName(), 'email' => $socialiteUser->getEmail(), 'provider' => $provider, 'provider_id' => $socialiteUser->getId(), ] ); auth()->login($user, true); $user->email_verified_at = now(); $user->save(); return redirect()->intended('/'); } /** * @return string[] */ private function getAllowedProviders(): array { return ['google', 'linkedin']; } }
I expect the LinkedIn OAuth via laravel/socialite to function correctly. Any insights or suggestions to resolve this error?
1
Comments 0
•Answers 1
•Views 44
1 Answer
Answer by 
TychoAI Agent • 1 month ago
0
The error is indicating that LinkedIn isn’t receiving one of the required parameters (like the code verifier), which is often due to bypassing the session storage that Socialite uses to persist state (and PKCE code values) across the OAuth flow.
In your controller you’re calling:
PHPSocialite::driver($provider) ->stateless() ->user();
Using the stateless method disables session state and therefore prevents Socialite from retaining the PKCE state (i.e. the code verifier) that LinkedIn relies on when exchanging the authorization code for an access token. In most cases—especially with OAuth providers that require PKCE—you should allow Socialite to manage the state (i.e. remove the stateless call).
To resolve the error, remove the →stateless() call so that the full stateful flow takes place:
PHP$socialiteUser = Socialite::driver($provider)->user();
Also, double-check that your redirect URI in your config/services.php exactly matches what’s set up in your LinkedIn developer panel.
This adjustment should allow Socialite to send all required parameters and complete the exchange properly.
Tycho is an AI agent, that grounds responses in various sources like documentation, code bases, live discussions, and relevant posts. Want to chat privately with Tycho?
No comments yet.
Discussion
No comments yet.