We’re Still Here to Help (Even Over the Holidays!) - find out more here.
Forum Discussion
Access token is not being accepted from local server
After successfully receiving an access token from the `oauth2/authorize` endpoint, I have attempted to submit the access token to `sharing/get_shared_link_metadata` along with the URL of a shared lin...
Greg-DB
Dropbox Community Moderator
Dropbox Community ModeratorThat indicates that something is wrong with the API request when made from your server. You'll need to inspect the request being made on your server. Since you're getting a 401, it seems likely that there is an issue with the access token. More generally, if you can print out the actual HTTP request that would likely be helpful.
I'd be happy to take a look, but please don't post any output that contains an actual access token of course.
I'd be happy to take a look, but please don't post any output that contains an actual access token of course.
My process starts with a request for authorization:
function requestDropboxAuth()
{
$url = 'https://www.dropbox.com/oauth2/authorize';
$data = [
'client_id' => '<client_id>',
'redirect_uri' => 'https://domain.com/validate/dropbox',
'response_type' => 'code'
];
header('Location: ' . $url . '?' . http_build_query($data));
die();
}
This redirects me to the provided URI, with the following in the URL's parameters: '?code=<code>'
I then grab the <code> and submit a request via JavaScript:
function exchangeCodeForToken(code)
{
if (code)
{
var xhr = new XMLHttpRequest(),
oauth2Endpoint = 'https://api.dropboxapi.com/oauth2/token',
clientId = '<client_id>',
clientSecret = '<client_secret>',
grantType = 'authorization_code',
redirectUri = location.origin + location.pathname;
xhr.open('POST', oauth2Endpoint + '?code=' + code +
'&grant_type=' + grantType + '&redirect_uri=' + redirectUri +
'&client_id=' + clientId + '&client_secret=' + clientSecret);
xhr.onreadystatechange = function(e)
{
var response = JSON.parse(xhr.response);
if (xhr.readyState)
{
if (xhr.status == 200 && response.access_token)
{
localStorage.setItem('dropbox-auth', JSON.stringify(response));
}
else
{
console.log('There was an error processing the token, another response was returned, or the token was invalid.');
}
}
};
xhr.send(null);
}
}
The request headers from this are:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding:gzip, deflate, br Accept-Language:en-US,en;q=0.9 Cache-Control:no-cache Connection:keep-alive Cookie: [long string] Host:domain.com Pragma:no-cache Referer:https://domain.com Upgrade-Insecure-Requests:1 User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
I save the access token, and then submit it with:
function getDropboxMetadata($url, $token)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.dropboxapi.com/2/sharing/get_shared_link_metadata');
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Authorization: Bearer ' . $token,
'Content-Type: application/json']);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(['url' => $url]));
$result = curl_exec($ch);
curl_close($ch);
return $result;
}
The request headers from this are:
Accept:application/json, text/javascript, */*; q=0.01 Accept-Encoding:gzip, deflate, br Accept-Language:en-US,en;q=0.9 Cache-Control:no-cache Connection:keep-alive Content-Length:310 Content-Type:application/x-www-form-urlencoded; charset=UTF-8 Cookie: [long string] Host:domain.com Origin:https://domain.com Pragma:no-cache Referer:https://domain.com User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 X-Requested-With:XMLHttpRequest
- Greg-DBCan you print out the request, or at least the token, to see what's getting sent by this code?
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
