Hi,

Thank you for your response.

In the documentation here:

http://dropbox.github.io/dropbox-sdk-php/api-docs/v1.1.x/class-Dropbox.WebAuth.html

in the code here:

$appInfo = dbx\AppInfo::loadFromJsonFile(...);

what should be mentioned as parameters in loadFromJsonFile(...)?

Also, I'm using the following code to fetch the user's ccess token:

function get_current_url() {
$url = @($_SERVER["HTTPS"] != 'on') ? 'http://'.$_SERVER["SERVER_NAME"] : 'https://'.$_SERVER["SERVER_NAME"];
$url .= ($_SERVER["SERVER_PORT"] != 80) ? ":".$_SERVER["SERVER_PORT"] : "";
$url .= $_SERVER["REQUEST_URI"];
return $url;
}
$url = 'https://www.dropbox.com/1/oauth2/authorize?client_id=<clientID>&response_type=code&redirect_uri='.get_current_url().'&state=abcdefghijklmnopqrstuvwxyz';
header("Location: ".$url);

r_print($_GET['code']);

I get the error:

Also I'm not redirected back to the Redirect URI.

Can you please tell me what is missing here?

Hi,

>>Regarding the actual error you're getting, it looks like you're supplying a 'code' URL parameter, but that's not expected. As seen in the code you supplied, there is a 'response_type' parameter for which the value should be 'code'.

I didn't exactly understand you here. Don't we have to provide the 'code' parameter in the URL? Then how do we do that?

As you can see in the code snippet I provided previously, I've used 'response type' parameter as 'code' only.

The URL of the page where I'm writing the code is:

http://localhost/soft/softaculous/enduser/index.live.php

The URL to which Dropbox redirects after accessing this page is:

https://www.dropbox.com/1/oauth2/authorize?client_id=6i45k3fi9a1i9an&response_type=code&redirect_uri=http://localhost/soft/softaculous/enduser/index.live.php&state=abcdefghijklmnopqrstuvwxyz

This asks for the Authentication permission on allowing which redirects here:

https://www.dropbox.com/1/oauth2/authorize?client_id=6i45k3fi9a1i9an&response_type=code&redirect_uri=http://localhost/soft/softaculous/enduser/index.live.php?state=abcdefghijklmnopqrstuvwxyz&code=ttlP27R0ozAAAAAAAAAAVlGD6hF4EEH6VXcsJYJQmxE&state=abcdefghijklmnopqrstuvwxyz

And get the error:

Hi,

How can I get a faster support? I really need to speed up things here.. Is it possible to contact you on skype or something?

Hi,

I'm also trying to generate the oauth2 access token using the oauth1 token and token secret in the following way:

function converttov2($access_token){
$cheaders = array('Authorization: Bearer <ACCESS_TOKEN>',
'Content-Type: application/json',
'Dropbox-API-Arg: {"oauth1_token":"'.$access_token['t'].'", "oauth1_token_secret":"'.$access_token['s'].'"}');
$ch = curl_init('https://api.dropboxapi.com/2/auth/token/from_oauth1');
curl_setopt($ch, CURLOPT_HTTPHEADER, $cheaders);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);

echo '<br />Response:';
echo $response;

echo '<br />Curl Error: '.curl_error($ch);
curl_close($ch);
}

I'm getting this as output:

Response:Error in call to API function "auth/token/from_oauth1": Invalid HTTP header "Authorization": expecting "Basic" auth
Curl Error:

Can you please tell me what I'm doing wrong here?

We're not currently set up to provide phone/Skype support but I'm happy to help on the forum.

Anyway, you supplied this /authorize URL:

https://www.dropbox.com/1/oauth2/authorize?client_id=6i45k3fi9a1i9an&response_type=code&redirect_uri=http://localhost/soft/softaculous/enduser/index.live.php?state=abcdefghijklmnopqrstuvwxyz&code=ttlP27R0ozAAAAAAAAAAVlGD6hF4EEH6VXcsJYJQmxE&state=abcdefghijklmnopqrstuvwxyz

That does have a 'code' URL parameter, but it looks like it's supposed to be part of the redirect URI. It's not encoded though, so it gets sent as a parameter to the Dropbox page. Instead, you would need to encode the entire redirect URI value.

It looks like you have an extra redirect to /authorize anyway though, so that one shouldn't be necessary. You aren't supposed to provide the 'code' to Dropbox. Dropbox generates the authorization code and gives it to you. That is, the flow should look like this for you:

1. User goes to:

http://localhost/soft/softaculous/enduser/index.live.php

2. Your page there sends them to:

https://www.dropbox.com/1/oauth2/authorize?client_id=6i45k3fi9a1i9an&response_type=code&state=abcdefghijklmnopqrstuvwxyz&redirect_uri=http://localhost/soft/softaculous/enduser/index.live.php

3. Once the user authorizes the app, they're sent to:

http://localhost/soft/softaculous/enduser/index.live.php?state=abcdefghijklmnopqrstuvwxyz&code=ttlP27R0ozAAAAAAAAAAVlGD6hF4EEH6VXcsJYJQmxE

4. Your app verifies the state, and uses the authorization code to get an access token.

If you already have an OAuth 2 access token for the user, you don't need to call /2/auth/token/from_oauth1.

If there is an OAuth 1 access token you want to upgrade though, the issue is that the /2/auth/token/from_oauth1 endpoint uses "app auth", so you shouldn't supply an OAuth 2 access token. That is, this line should be like:

$cheaders = array('Authorization: Basic <base64(APP_KEY:APP_SECRET)>',

The app auth documentation has a sample.

By the way, I redacted it for you, but for the sake of security, you should disable that access token that you posted. You can do so by revoking access to the app entirely, if the access token is for your account, here:

https://www.dropbox.com/account/security

Or, you can disable just this access token using the API:

https://www.dropbox.com/developers/documentation/http/documentation#auth-token-revoke

Hi,

Thank you for your response.

>>That does have a 'code' URL parameter, but it looks like it's supposed to be part of the redirect URI. It's not encoded though, so it gets sent as a parameter to the Dropbox page. Instead, you would need to encode the entire redirect URI value.

Can you please provide me with an example? Also how do you suggest we should encode the URL?

I followed the exact steps as specified by you in the previous response:

1. User goes to:

http://localhost/soft/softaculous/enduser/index.live.php

2. The page there sends them to:

https://www.dropbox.com/1/oauth2/authorize?client_id=6i45k3fi9a1i9an&response_type=code&state=abcdef...

3. Once the user authorizes the app,  I'm redirected to the URI:

https://www.dropbox.com/1/oauth2/authorize?client_id=6i45k3fi9a1i9an&response_type=code&state=abcdefghijklmnopqrstuvwxyz&redirect_uri=http://localhost/soft/softaculous/enduser/index.live.php?state=abcdefghijklmnopqrstuvwxyz&code=ttlP27R0ozAAAAAAAAAAYNqniSjVvXFo9mOqJ4qALX4

and get the error specified previously. (unknown field "code")

Ideally, I should be redirected to 'http://localhost/soft/softaculous/enduser/index.live.php?state=abcdefghijklmnopqrstuvwxyz&code=ttlP27R0ozAAAAAAAAAAYNqniSjVvXFo9mOqJ4qALX4' as specified by the Redirect URI but I'm not redirected to that URI for some reason and instead getting the error.

In the APP, I specified the Redirect URI as: http://localhost/soft/softaculous/enduser/index.live.php

Awaiting your reply.

Hi,

Thank you for your response.

I got it now.

Should I encode only the redirect URI ('https://www.dropbox.com/1/oauth2/authorize?client_id=6i45k3fi9a1i9an&response_type=code&state=abcdefghijklmnopqrstuvwxyz&redirect_uri='.rawurlencode(get_current_url())) or the complete URI? When I'm encoding the complete URI, I'm getting errors.

Hi,

Now while obtaining an access token, I'm making the curl call to the token endpoint. I cannot make use of the CLI curl command as stated in the example here: https://blogs.dropbox.com/developers/2013/07/using-oauth-2-0-with-the-core-api/

So I'm making a curl call as:

$auth_code = $_GET['code'];
$acc_url = 'https://api.dropboxapi.com/1/oauth2/token';
$post = array('code' => $auth_code,
'grant_type' => 'authorization_code',
'client_id' => '6i45k3fi9a1i9an',
'client_secret' => '<redacted>');

// Set the curl parameters.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
// Turn off the server and peer verification (TrustManager Concept).
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
// Get response from the server.
$resp = curl_exec($ch);
echo '<br />Curl Error: '.curl_error($ch);
echo '<br />Curl Response: ';
r_print($resp);

I'm getting the response as:

Error(405): 

Something went wrong. Don't worry, your files are still safe and the Dropboxers have been notified. Check out our Help Center and forums for help, or head back to home.

How can I get a detailed error explaining the issue? What wrong am I doing? 

You should only encode your redirect URI ( http://localhost/soft/softaculous/enduser/index.live.php ) since it's being provided as a URL parameter, and not the /authorize URL itself where you send the user to authorize your app.

A 405 error should indicate that you're using the wrong HTTP method. The /oauth2/token endpoint requires the POST method. It looks like you're using that (since you're setting CURLOPT_POST), but I notice that you're actually calling $url, when you set /oauth2/token to the $acc_url variable instead. Please make sure you're calling the right endpoint.

Also, we highly recommend against disabling SSL/TLS verification.

Hi,

Ahh that was a silly mistake I made. I corrected it and now getting this:

{"error_description": "redirect_uri mismatch", "error": "invalid_grant"}

Can you tell me why?

Also regarding SSL/TLS, we'll have users having or not having SSL/TLS verification on their servers. We would require the support for all kind of servers. May I know the issue? 

Hi,

Is it possible to get a faster response please?

Hi,

I'm able to resolve the previous error.

I have a doubt though. While implementing Dropbox, our user can make auth & token generation calls from various pages. Sometimes those pages may have and sometimes may not have the parameters. We cannot fix them. But according to this v2 of Dropbox APIs, the redirect URL has to be specified in the Dropbox App.

How can we handle this?

As a matter of security OAuth 2 redirect URIs are required to use https:// not http://. 

Likewise, also as a security feature, OAuth2 redirect URIs must be pre-registered exactly. 

One thing you may be able to do instead is to use one static redirect URI but encode the necessary information in the 'state' parameter, and decode it as necessary after the redirect back to your app, to handle it as necessary:

https://www.dropbox.com/developers/documentation/http/documentation#authorization

Alternatively, you could forgo using a redirect URI entirely. With the "code" flow, you can omit redirect_uri and have the user copy and paste the code manually.