HTTP Request problem (Linkedin Access Token)

Good night,

I would like to ask help to keep developing one application who must consumer information of linkedin users loged into the system.

What I have done?
(Oauth2 flow)

1 - Step: I developed a method who ask for a “AUTHORIZATION CODE” and redirect user to second step “Callback”

2 - Step: Into te callback method we made a request to get an “ACCESS TOKEN”, but the server response presents the JSON with “PROTECTED” attributes

What can I do to solve it problem?

There is my CODE

public function auth()
{
$params = [
‘response_type’ => $this->responseType,
‘client_id’ => $this->clientID,
‘scope’ => $this->scope,
‘state’ => $this->state,
‘redirect_uri’ => $this->callbackURL,
];

  $this->redirect('https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=78nt1mquqwqnu2&redirect_uri=http://10.0.0.123:9090/Cake3/app/LoginLinkedin/callback&%2Flinkedin&state=DCEeFWf45A53sdfKef424&scope=r_basicprofile');
}

public function callback()
{
   // if( !empty( $this->request->query['code'] ) && !empty( $this->request->query['state'] ) && ( $this->request->query['state'] == $this->state  ) )
    //{
        $params = [
            'grant_type' => $this->grantType,
            'client_id' => $this->clientID,
            'client_secret' => $this->clientSecret,
            'code' => $this->request->query['code'],
            'redirect_uri' => $this->callbackURL,
        ];
        
        
        $http = new Client();
        $response = $http->post('https://www.linkedin.com/uas/oauth2/accessToken?', $params);            
        $token = json_decode($response->body);                      
       
        debug($response);
        
        $user_linkedin = $this->_fetchLinkedin('/v1/people/~:(firstName,lastName,emailAddress)', $token->access_token);

There is a result with PROTECTED

\src\Controller\LoginLinkedinController.php (line 75)
object(Cake\Http\Client\Response) {
[protected] code => (int) 400
[protected] reasonPhrase => ‘Bad Request’
[protected] _xml => null
[protected] _json => null
[protected] _exposedProperties => [
‘cookies’ => ‘_cookies’,
‘body’ => ‘_getBody’,
‘code’ => ‘code’,
‘json’ => ‘_getJson’,
‘xml’ => ‘_getXml’,
‘headers’ => ‘_getHeaders’
]
[protected] _cookies => [
’_lipt’ => [
‘value’ => ‘deleteMe’,
‘expires’ => ‘Thu, 01-Jan-1970 00:00:10 GMT’,
‘path’ => ‘/’,
‘name’ => ‘_lipt’
],
‘leo_auth_token’ => [
‘value’ => ‘“GST:UYPEdQpPwa7WsYA43duZt3ttlFcWD-QJnDGEpOtnHF6W2vAvOuwfvW:1498511286:859ba904a779068e94c2971b4f8c6e868589c188”’,
‘version’ => ‘1’,
‘max-age’ => ‘1799’,
‘expires’ => ‘Mon, 26-Jun-2017 21:38:05 GMT’,
‘path’ => ‘/’,
‘name’ => ‘leo_auth_token’
],
‘sl’ => [
‘value’ => ‘“delete me”’,
‘version’ => ‘1’,
‘domain’ => ‘.www.linkedin.com’,
‘max-age’ => ‘0’,
‘expires’ => ‘Thu, 01-Jan-1970 00:00:10 GMT’,
‘path’ => ‘/’,
‘name’ => ‘sl’
],
‘s_leo_auth_token’ => [
‘value’ => ‘“delete me”’,
‘version’ => ‘1’,
‘max-age’ => ‘0’,
‘expires’ => ‘Thu, 01-Jan-1970 00:00:10 GMT’,
‘path’ => ‘/’,
‘name’ => ‘s_leo_auth_token’
],
‘visit’ => [
‘value’ => ‘“v=1&G”’,
‘version’ => ‘1’,
‘max-age’ => ‘63072000’,
‘expires’ => ‘Wed, 26-Jun-2019 21:08:06 GMT’,
‘path’ => ‘/’,
‘name’ => ‘visit’
],
‘lang’ => [
‘value’ => ‘“v=2&lang=en-us”’,
‘version’ => ‘1’,
‘domain’ => ‘linkedin.com’,
‘path’ => ‘/’,
‘name’ => ‘lang’
],
‘bcookie’ => [
‘value’ => ‘“v=2&fc5bcc6d-3de9-4e74-8e0d-ecf589e271fb”’,
‘domain’ => ‘.linkedin.com’,
‘path’ => ‘/’,
‘expires’ => ‘Thu, 27-Jun-2019 08:45:38 GMT’,
‘name’ => ‘bcookie’
],
‘bscookie’ => [
‘value’ => ‘“v=1&201706262108068a09b731-7c4b-4a08-8dd3-0ad38346b813AQE8mZV_fW7e1wJkLqOGE3ztGnYHJ-if”’,
‘domain’ => ‘.www.linkedin.com’,
‘path’ => ‘/’,
‘secure’ => true,
‘expires’ => ‘Thu, 27-Jun-2019 08:45:38 GMT’,
‘httponly’ => true,
‘name’ => ‘bscookie’
],
‘lidc’ => [
‘value’ => ‘“b=TB76:g=634:u=198:i=1498511286:t=1498592908:s=AQGj2WGkvX8VlCCCrMG8DBprb3TNH88w”’,
‘expires’ => ‘Tue, 27 Jun 2017 19:48:28 GMT’,
‘domain’ => ‘.linkedin.com’,
‘path’ => ‘/’,
‘name’ => ‘lidc’
]
]
[protected] _body => null
[protected] headers => [
‘Server’ => [
(int) 0 => ‘Apache-Coyote/1.1’
],
‘P3P’ => [
(int) 0 => ‘CP=“CAO CUR ADM DEV PSA PSD OUR”’
],
‘Content-Type’ => [
(int) 0 => ‘application/json;charset=UTF-8’
],
‘Content-Language’ => [
(int) 0 => ‘en-US’
],
‘Content-Length’ => [
(int) 0 => ‘263’
],
‘Vary’ => [
(int) 0 => ‘Accept-Encoding’
],
‘Date’ => [
(int) 0 => ‘Mon, 26 Jun 2017 21:08:05 GMT’
],
‘X-FS-UUID’ => [
(int) 0 => ‘915f4a4313c8cb14405d0b84ab2a0000’
],
‘X-Content-Type-Options’ => [
(int) 0 => ‘nosniff’
],
‘X-XSS-Protection’ => [
(int) 0 => ‘1; mode=block’
],
‘X-Li-Fabric’ => [
(int) 0 => ‘prod-ltx1’
],
‘Set-Cookie’ => [
(int) 0 => ‘_lipt=deleteMe; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/’,
(int) 1 => ‘leo_auth_token=“GST:UYPEdQpPwa7WsYA43duZt3ttlFcWD-QJnDGEpOtnHF6W2vAvOuwfvW:1498511286:859ba904a779068e94c2971b4f8c6e868589c188”; Version=1; Max-Age=1799; Expires=Mon, 26-Jun-2017 21:38:05 GMT; Path=/’,
(int) 2 => ‘sl=“delete me”; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/’,
(int) 3 => ‘sl=“delete me”; Version=1; Domain=.www.linkedin.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/’,
(int) 4 => ‘s_leo_auth_token=“delete me”; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/’,
(int) 5 => ‘visit=“v=1&G”; Version=1; Max-Age=63072000; Expires=Wed, 26-Jun-2019 21:08:06 GMT; Path=/’,
(int) 6 => ‘lang=“v=2&lang=en-us”; Version=1; Domain=linkedin.com; Path=/’,
(int) 7 => ‘bcookie=“v=2&fc5bcc6d-3de9-4e74-8e0d-ecf589e271fb”; domain=.linkedin.com; Path=/; Expires=Thu, 27-Jun-2019 08:45:38 GMT’,
(int) 8 => ‘bscookie=“v=1&201706262108068a09b731-7c4b-4a08-8dd3-0ad38346b813AQE8mZV_fW7e1wJkLqOGE3ztGnYHJ-if”; domain=.www.linkedin.com; Path=/; Secure; Expires=Thu, 27-Jun-2019 08:45:38 GMT; HttpOnly’,
(int) 9 => ‘lidc=“b=TB76:g=634:u=198:i=1498511286:t=1498592908:s=AQGj2WGkvX8VlCCCrMG8DBprb3TNH88w”; Expires=Tue, 27 Jun 2017 19:48:28 GMT; domain=.linkedin.com; Path=/’
],
‘X-LI-Proto’ => [
(int) 0 => ‘http/1.1’,
(int) 1 => ‘http/1.1’
],
‘Pragma’ => [
(int) 0 => ‘no-cache’
],
‘Expires’ => [
(int) 0 => ‘Thu, 01 Jan 1970 00:00:00 GMT’
],
‘Cache-Control’ => [
(int) 0 => ‘no-cache, no-store’
],
‘X-Li-Pop’ => [
(int) 0 => ‘prod-esp2’
],
‘X-LI-UUID’ => [
(int) 0 => ‘40j/QhPIyxSAELLFqyoAAA==’
]
]
[protected] headerNames => [
‘server’ => ‘Server’,
‘p3p’ => ‘P3P’,
‘content-type’ => ‘Content-Type’,
‘content-language’ => ‘Content-Language’,
‘content-length’ => ‘Content-Length’,
‘vary’ => ‘Vary’,
‘date’ => ‘Date’,
‘x-fs-uuid’ => ‘X-FS-UUID’,
‘x-content-type-options’ => ‘X-Content-Type-Options’,
‘x-xss-protection’ => ‘X-XSS-Protection’,
‘x-li-fabric’ => ‘X-Li-Fabric’,
‘set-cookie’ => ‘Set-Cookie’,
‘x-li-proto’ => ‘X-LI-Proto’,
‘pragma’ => ‘Pragma’,
‘expires’ => ‘Expires’,
‘cache-control’ => ‘Cache-Control’,
‘x-li-pop’ => ‘X-Li-Pop’,
‘x-li-uuid’ => ‘X-LI-UUID’
]
[private] protocol => ‘1.1’
[private] stream => object(Zend\Diactoros\Stream) {
[protected] resource => resource
[protected] stream => ‘php://memory’
}
}
Notice (8): Undefined property: stdClass::$access_token [APP/Controller\LoginLinkedinController.php, line 77]
Warning (512): Unable to emit headers. Headers sent in file=C:\AppServ\www\Cake3\app\vendor\cakephp\cakephp\src\Error\Debugger.php line=921 [CORE\src\Http\ResponseEmitter.php, line 48]
Warning (2): Cannot modify header information - headers already sent by (output started at C:\AppServ\www\Cake3\app\vendor\cakephp\cakephp\src\Error\Debugger.php:921) [CORE\src\Http\ResponseEmitter.php, line 149]
Warning (2): Cannot modify header information - headers already sent by (output started at C:\AppServ\www\Cake3\app\vendor\cakephp\cakephp\src\Error\Debugger.php:921) [CORE\src\Http\ResponseEmitter.php, line 181]