Need to see if your shared folder is taking up space on your dropbox 👨💻? Find out how to check here.
Forum Discussion
Solved
Distinction between Oauth 2 and PHP Core API (PHP SDK)
Hi,
I'm from Softaculous Ltd and we are now starting to integrate with Dropbox for Backups upload and download.
I want to know the difference between your PHP Core API or PHP SDK and OAUTH 2.
Also, do you have something as FTP stream to upload a tar.gz file in parts?
- If you want to use the HTTPS endpoints directly, that's possible using just curl.
Here are some basic examples using curl in PHP:
https://stackoverflow.com/documentation/dropbox-api/409/uploading-a-file/1354/uploading-a-file-via-curl-in-php#t=201702211923322665017
https://stackoverflow.com/documentation/dropbox-api/410/getting-account-information/1364/getting-space-usage-information-for-the-linked-user-via-curl-in-php#t=201702211923328624075
https://stackoverflow.com/documentation/dropbox-api/412/listing-a-folder/1370/listing-the-root-folder-via-curl-in-php-and-the-curl-extension#t=20170221192336214657
https://stackoverflow.com/documentation/dropbox-api/408/downloading-a-file/20965/downloading-a-file-with-metadata-via-curl-in-php#t=201702211923411507977
https://stackoverflow.com/documentation/dropbox-api/414/getting-a-shared-link-for-a-file-or-folder/24125/creating-a-shared-link-for-a-file-using-curl-in-php#t=201702211923392625782
To get an access token for the end user's account, you need to implement the OAuth app authorization flow. You can find information on how that works here:
https://www.dropbox.com/developers/reference/oauth-guide
The documentation for those endpoints can be found here:
https://www.dropbox.com/developers/documentation/http/documentation#authorization
28 Replies
Replies have been turned off for this discussion
Hi,
Thank you for your response.
In the documentation here:
http://dropbox.github.io/dropbox-sdk-php/api-docs/v1.1.x/class-Dropbox.WebAuth.html
in the code here:
$appInfo = dbx\AppInfo::loadFromJsonFile(...);
what should be mentioned as parameters in loadFromJsonFile(...)?
Also, I'm using the following code to fetch the user's ccess token:
function get_current_url() {
$url = @($_SERVER["HTTPS"] != 'on') ? 'http://'.$_SERVER["SERVER_NAME"] : 'https://'.$_SERVER["SERVER_NAME"];
$url .= ($_SERVER["SERVER_PORT"] != 80) ? ":".$_SERVER["SERVER_PORT"] : "";
$url .= $_SERVER["REQUEST_URI"];
return $url;
}
$url = 'https://www.dropbox.com/1/oauth2/authorize?client_id=<clientID>&response_type=code&redirect_uri='.get_current_url().'&state=abcdefghijklmnopqrstuvwxyz';
header("Location: ".$url);r_print($_GET['code']);
I get the error:
Error (400)
It seems the app you were using submitted a bad request. If you would like to report this error to the app's developer, include the information below.
More details for developers
unknown field "code"Also I'm not redirected back to the Redirect URI.
Can you please tell me what is missing here?
- Greg-DB
Dropbox Community Moderator
The loadFromJsonFile method is the way the PHP Core SDK loads configuration settings, and isn't itself relevant to the OAuth flow.
Regarding the actual error you're getting, it looks like you're supplying a 'code' URL parameter, but that's not expected. As seen in the code you supplied, there is a 'response_type' parameter for which the value should be 'code'.
If you need help with that, please supply the actual URL of the page for that error you're getting. Hi,
>>Regarding the actual error you're getting, it looks like you're supplying a 'code' URL parameter, but that's not expected. As seen in the code you supplied, there is a 'response_type' parameter for which the value should be 'code'.
I didn't exactly understand you here. Don't we have to provide the 'code' parameter in the URL? Then how do we do that?
As you can see in the code snippet I provided previously, I've used 'response type' parameter as 'code' only.
The URL of the page where I'm writing the code is:
http://localhost/soft/softaculous/enduser/index.live.php
The URL to which Dropbox redirects after accessing this page is:
This asks for the Authentication permission on allowing which redirects here:
And get the error:
Error (400)
It seems the app you were using submitted a bad request. If you would like to report this error to the app's developer, include the information below.
More details for developers
unknown field "code"Hi,
How can I get a faster support? I really need to speed up things here.. Is it possible to contact you on skype or something?
Hi,
I'm also trying to generate the oauth2 access token using the oauth1 token and token secret in the following way:
function converttov2($access_token){
$cheaders = array('Authorization: Bearer <ACCESS_TOKEN>', 'Content-Type: application/json', 'Dropbox-API-Arg: {"oauth1_token":"'.$access_token['t'].'", "oauth1_token_secret":"'.$access_token['s'].'"}'); $ch = curl_init('https://api.dropboxapi.com/2/auth/token/from_oauth1'); curl_setopt($ch, CURLOPT_HTTPHEADER, $cheaders); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); echo '<br />Response:'; echo $response; echo '<br />Curl Error: '.curl_error($ch); curl_close($ch); }I'm getting this as output:
Response:Error in call to API function "auth/token/from_oauth1": Invalid HTTP header "Authorization": expecting "Basic" auth
Curl Error:Can you please tell me what I'm doing wrong here?
- Greg-DB
We're not currently set up to provide phone/Skype support but I'm happy to help on the forum.
Anyway, you supplied this /authorize URL:
https://www.dropbox.com/1/oauth2/authorize?client_id=6i45k3fi9a1i9an&response_type=code&redirect_uri=http://localhost/soft/softaculous/enduser/index.live.php?state=abcdefghijklmnopqrstuvwxyz&code=ttlP27R0ozAAAAAAAAAAVlGD6hF4EEH6VXcsJYJQmxE&state=abcdefghijklmnopqrstuvwxyz
That does have a 'code' URL parameter, but it looks like it's supposed to be part of the redirect URI. It's not encoded though, so it gets sent as a parameter to the Dropbox page. Instead, you would need to encode the entire redirect URI value.
It looks like you have an extra redirect to /authorize anyway though, so that one shouldn't be necessary. You aren't supposed to provide the 'code' to Dropbox. Dropbox generates the authorization code and gives it to you. That is, the flow should look like this for you:
1. User goes to:
http://localhost/soft/softaculous/enduser/index.live.php
2. Your page there sends them to:
3. Once the user authorizes the app, they're sent to:
http://localhost/soft/softaculous/enduser/index.live.php?state=abcdefghijklmnopqrstuvwxyz&code=ttlP27R0ozAAAAAAAAAAVlGD6hF4EEH6VXcsJYJQmxE
4. Your app verifies the state, and uses the authorization code to get an access token.
- Greg-DB
If you already have an OAuth 2 access token for the user, you don't need to call /2/auth/token/from_oauth1.
If there is an OAuth 1 access token you want to upgrade though, the issue is that the /2/auth/token/from_oauth1 endpoint uses "app auth", so you shouldn't supply an OAuth 2 access token. That is, this line should be like:
$cheaders = array('Authorization: Basic <base64(APP_KEY:APP_SECRET)>',The app auth documentation has a sample.
By the way, I redacted it for you, but for the sake of security, you should disable that access token that you posted. You can do so by revoking access to the app entirely, if the access token is for your account, here:
https://www.dropbox.com/account/security
Or, you can disable just this access token using the API:
https://www.dropbox.com/developers/documentation/http/documentation#auth-token-revoke
Hi,
Thank you for your response.
>>That does have a 'code' URL parameter, but it looks like it's supposed to be part of the redirect URI. It's not encoded though, so it gets sent as a parameter to the Dropbox page. Instead, you would need to encode the entire redirect URI value.
Can you please provide me with an example? Also how do you suggest we should encode the URL?
I followed the exact steps as specified by you in the previous response:
1. User goes to:
http://localhost/soft/softaculous/enduser/index.li
ve.php 2. The page there sends them to:
3. Once the user authorizes the app, I'm redirected to the URI:
and get the error specified previously. (
unknown field "code")Ideally, I should be redirected to 'http://localhost/soft/softaculous/enduser/index.live.php?state=abcdefghijklmnopqrstuvwxyz&code=ttlP27R0ozAAAAAAAAAAYNqniSjVvXFo9mOqJ4qALX4' as specified by the Redirect URI but I'm not redirected to that URI for some reason and instead getting the error.
In the APP, I specified the Redirect URI as: http://localhost/soft/softaculous/enduser/index.live.php
Awaiting your reply.
- Greg-DBIt looks like you have an extra redirect in the flow you have implemented. Specifically, you shouldn't be doing step 3. You should only direct the user to /oauth2/authorize once. It appears your app is directing them again a second time, including the extra 'code' parameter the second time.
This blog post may be helpful:
https://blogs.dropbox.com/developers/2013/07/using-oauth-2-0-with-the-core-api/
When encoding URL parameters, you can use whatever standard URL encoding library is available on your platform. Hi,
Thank you for your response.
I got it now.
Should I encode only the redirect URI ('https://www.dropbox.com/1/oauth2/authorize?client_id=6i45k3fi9a1i9an&response_type=code&state=abcdefghijklmnopqrstuvwxyz&redirect_uri='.rawurlencode(get_current_url())) or the complete URI? When I'm encoding the complete URI, I'm getting errors.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
