Need to see if your shared folder is taking up space on your dropbox 👨💻? Find out how to check here.
Forum Discussion
Access token is not being accepted from local server
After successfully receiving an access token from the `oauth2/authorize` endpoint, I have attempted to submit the access token to `sharing/get_shared_link_metadata` along with the URL of a shared link. Several attempts have returned me with a 401 error. So I tried submitting an access token, which was generated from the app page, but with no success. However, when I copied/pasted my code to phpfiddle.com, the request returned successfully. So the issue seems to exist only in the request from my virtual server.
I have no clue what issue could exist in a request from a virtual server, so any help would be greatly appreciated.
12 Replies
- Greg-DB
Dropbox Community Moderator
Can you share your code and the full error response? Thanks in advance! request:
public function getDropboxMetadata($url, $token) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://api.dropboxapi.com/2/sharing/get_shared_link_metadata'); curl_setopt($ch, CURLOPT_HTTPHEADER, [ 'Authorization: Bearer ' . $token, 'Content-Type: application/json']); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(['url' => $url])); $result = curl_exec($ch); curl_close($ch); return $result; }response:
error: { code: 401, errors: { 0: { domain: "global", location: "Authorization", locationType: "header", message: "Invalid Credentials", reason: "authError" } }, message: "Invalid Credentials" }- Greg-DBThanks! I just tried this out, and it's working for me.
Are you sure you're passing in a valid access token? I recommend printing out the $token just before you set the headers. It should be a 64 character string consisting of letters, numbers, and some symbols. My issue is not with the code itself, because I've received a successful response when I've used it on phpfiddle.com. My issue is that I'm getting an error response on my local virtual server, and I have no clue why. I am hoping you may have some insight.
- Greg-DBThat indicates that something is wrong with the API request when made from your server. You'll need to inspect the request being made on your server. Since you're getting a 401, it seems likely that there is an issue with the access token. More generally, if you can print out the actual HTTP request that would likely be helpful.
I'd be happy to take a look, but please don't post any output that contains an actual access token of course. My process starts with a request for authorization:
function requestDropboxAuth() { $url = 'https://www.dropbox.com/oauth2/authorize'; $data = [ 'client_id' => '<client_id>', 'redirect_uri' => 'https://domain.com/validate/dropbox', 'response_type' => 'code' ]; header('Location: ' . $url . '?' . http_build_query($data)); die(); }This redirects me to the provided URI, with the following in the URL's parameters: '?code=<code>'
I then grab the <code> and submit a request via JavaScript:
function exchangeCodeForToken(code) { if (code) { var xhr = new XMLHttpRequest(), oauth2Endpoint = 'https://api.dropboxapi.com/oauth2/token', clientId = '<client_id>', clientSecret = '<client_secret>', grantType = 'authorization_code', redirectUri = location.origin + location.pathname; xhr.open('POST', oauth2Endpoint + '?code=' + code + '&grant_type=' + grantType + '&redirect_uri=' + redirectUri + '&client_id=' + clientId + '&client_secret=' + clientSecret); xhr.onreadystatechange = function(e) { var response = JSON.parse(xhr.response); if (xhr.readyState) { if (xhr.status == 200 && response.access_token) { localStorage.setItem('dropbox-auth', JSON.stringify(response)); } else { console.log('There was an error processing the token, another response was returned, or the token was invalid.'); } } }; xhr.send(null); } }The request headers from this are:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding:gzip, deflate, br Accept-Language:en-US,en;q=0.9 Cache-Control:no-cache Connection:keep-alive Cookie: [long string] Host:domain.com Pragma:no-cache Referer:https://domain.com Upgrade-Insecure-Requests:1 User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
I save the access token, and then submit it with:
function getDropboxMetadata($url, $token) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://api.dropboxapi.com/2/sharing/get_shared_link_metadata'); curl_setopt($ch, CURLOPT_HTTPHEADER, [ 'Authorization: Bearer ' . $token, 'Content-Type: application/json']); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(['url' => $url])); $result = curl_exec($ch); curl_close($ch); return $result; }The request headers from this are:
Accept:application/json, text/javascript, */*; q=0.01 Accept-Encoding:gzip, deflate, br Accept-Language:en-US,en;q=0.9 Cache-Control:no-cache Connection:keep-alive Content-Length:310 Content-Type:application/x-www-form-urlencoded; charset=UTF-8 Cookie: [long string] Host:domain.com Origin:https://domain.com Pragma:no-cache Referer:https://domain.com User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 X-Requested-With:XMLHttpRequest
- Greg-DBCan you print out the request, or at least the token, to see what's getting sent by this code?
I added request headers to my previous post, which follow each respective request.
Thanks for your help. Let me know if you need more info.
- Greg-DBThanks. That appears to the be headers for a web request though (to your own app?) and not for the API call itself.
I think I'm doing everything correctly. I think the issue is just due to the last request originitating from a local server without authentic SSL. The access tokens I'm receiving seem to work, just not from my local server.
Thanks for your help.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
