Need to see if your shared folder is taking up space on your dropbox 👨💻? Find out how to check here.
Forum Discussion
Solved
Can't get PKCE access token uses javascript fetch request
I am trying to utilize the PKCE in a background script of chrome extension
example shows the following:
curl https://api.dropbox.com/oauth2/token \
-d code=<AUTHORIZATION_CODE> \
-d grant_type=authorization_code \
-d code_verifier=<CODE_VERIFIER> \
-d client_id=<APP_KEY>
my code:
var dbxParams = new URLSearchParams({
client_id: client_id,
grant_type: "authorization_code",
code: access_code,
code_verifier: code_verifier,
});
var url = "https://api.dropbox.com/oauth2/token";
fetch(url, {
method: 'POST',
body: dbxParams
})
.then(function(response){
return response.json()
})
.then(function (data) {
console.log('Request succeeded with JSON response', data);
})
.catch(function (error) {
console.log('Request failed', error);
});
i always get the same reply:
{"error_description": "No auth function available for given request", "error": "invalid_request"}
can you help?
yes!
that was the problem
my apologies I missed these arguments in the request URLhowever,
i am now getting the error{error: 'invalid_grant', error_description: 'invalid code verifier'}The URL includes both code_challenge and code_challenge_method
and looks like:https://www.dropbox.com/oauth2/authorize?response_type=code&client_id=<client_id>&code_challenge=<code_challenge>&code_challenge_method=S256
and the parameters sent to oauth2/token are:client_id=<client_id>&grant_type=authorization_code&code=<auth code from dropbox>&code_verifier=<128 char verifier>i also made sure that <code challenge> is a SHA256 hash of <128 char verifier> by testing it at https://emn178.github.io/online-tools/sha256.html
what am i missing?
18 Replies
Replies have been turned off for this discussion
yes,
i experience the same behavior
if using an expired code i get the same error "code doesn't exist or has expired":HTTP/1.1 400 Bad Request Content-Security-Policy: sandbox allow-forms allow-scripts Content-Type: application/json Accept-Encoding: identity,gzip Date: Wed, 12 Jan 2022 02:27:14 GMT Server: envoy Content-Length: 84 X-Dropbox-Response-Origin: far_remote X-Dropbox-Request-Id: 7ff4794a94a846b0bfcbc750fbe48fd5 {"error": "invalid_grant", "error_description": "code doesn't exist or has expired"}
however
if using a working code i get:HTTP/1.1 400 Bad Request Content-Security-Policy: sandbox allow-forms allow-scripts Content-Type: application/json Accept-Encoding: identity,gzip Date: Wed, 12 Jan 2022 02:25:18 GMT Server: envoy Content-Length: 97 X-Dropbox-Response-Origin: far_remote X-Dropbox-Request-Id: 320762d3550c4d8a8e9e46a5ddc6b091 {"error": "invalid_request", "error_description": "No auth function available for given request"}is there a way we can debug this online together?
maybe in an online meeting?- Greg-DB
Dropbox Community Moderator
Thanks! That's helpful. I believe I see what's causing this now. Can you check what /oauth2/authorize URL you're using? Since you're trying to use the PKCE flow, you need to include the code_challenge and code_challenge_method parameters. If you don't include those though, this effectively becomes the non-PKCE flow, in which case when you don't supply the client_secret value when calling /oauth2/token, you'll get this "No auth function available for given request" error (since the non-PKCE flow requires the client secret).
So, in order to use the PKCE flow, make sure you're including the code_challenge and code_challenge_method parameters on your /oauth2/authorize URL when retrieving the authorization code.
yes!
that was the problem
my apologies I missed these arguments in the request URLhowever,
i am now getting the error{error: 'invalid_grant', error_description: 'invalid code verifier'}The URL includes both code_challenge and code_challenge_method
and looks like:https://www.dropbox.com/oauth2/authorize?response_type=code&client_id=<client_id>&code_challenge=<code_challenge>&code_challenge_method=S256
and the parameters sent to oauth2/token are:client_id=<client_id>&grant_type=authorization_code&code=<auth code from dropbox>&code_verifier=<128 char verifier>i also made sure that <code challenge> is a SHA256 hash of <128 char verifier> by testing it at https://emn178.github.io/online-tools/sha256.html
what am i missing?- Greg-DB
The S256 method can be difficult to implement exactly correctly in code, and that tool you linked to is made by a third party so I can't say if it's producing exactly the format required for the OAuth 2 flow. You can refer to the code in the official Dropbox API v2 JavaScript SDK where this is done though. Alternatively, you could use the "plain" method (where the code challenge is just the code verifier) instead.
By the way, I don't know exactly what was contained in the cookies in the screenshot you posted, and I redacted them from the image anyway, but just to be safe, you may want to delete any old web browser sessions, as well as sign out of your current one, to invalidate any such cookies.
plain works well
thanks
the example given at https://dropbox.tech/developers/pkce--what-and-why- refers to node.js and is not valid in browsers
can you please show an example that will be valid in such environment as browsers?
thankswill check it
thanks for your help, it is much appriciated!
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
