We Want to Hear From You! What Do You Want to See on the Community? Tell us here!

Forum Discussion

mk29's avatar
mk29
Explorer | Level 3
4 years ago

error: invalid code verifier

Hi. I'm developing a C++ application that needs to connect to Dropbox. I'm stuck at implementing OAuth. As documentation suggests:

code_challenge String?(min_length=43, max_length=128) Part of the PKCE flow, the challenge should be an SHA-256 (S256) encoded value of a string that will serve as the code_verifier of the corresponding /oauth2/token call. Can can also be set to plain (plain).

My understanding was that this means I need to generate a random string with minimum 43 characters and hash it using SHA-256 and that will give me code_challenge. But when I call /oauth2/token I get this error:

 

 

 

 

{"error_description": "invalid code verifier", "error": "invalid_grant"}

 

 

 

 

Then found this article that says this is the correct way to calculate code_challenge:

 

 

 

 

Base64UrlEncode(SHA256Hash(code_verifier))

 

 

 

 

Which means I had to take an extra step and encode the hashed value. Tried this but the same message is returned. These are the values I'm sending:

 

 

 

 

code_verifier -> 2LORVR1BWsWNkUuLISmv28MR44bYCiq39mU5m8QuzKM
code_challenge -> YzY0Y2EwZTRlZDgwMTUwZWYxMzE2ZDQwZTJkMjQ0NWUxMDVlN2JlZWU2M2EzMjM3NjVmZTVhZmM2YzZlMjgyNw

 

 

 

 

 I have checked my code_challenge with online calculators and it's correct. I would appreciate it if someone could explain to me why I am getting this error.

API

3 Replies

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    4 years ago

    That code_challenge value does not appear to be correct for that code_verifier value. I tried plugging "2LORVR1BWsWNkUuLISmv28MR44bYCiq39mU5m8QuzKM" into https://tonyxu-io.github.io/pkce-generator/ as the "Code Verifier" and got a "Code Challenge" of "xkyg5O2AFQ7xMW1A4tJEXhBee-7mOjI3Zf5a_GxuKCc".

     

    Also, make sure you're using the "Code Challenge" on the /oauth2/authorize URL, and are passing the "Code Verifier" to /oauth2/token, and not the other way around.

  • mk29's avatar
    mk29
    Explorer | Level 3
    4 years ago

    Thanks for fast reply.

    How strange! I used this link for sha256 and then copied the output to base64url encoder to check my chode_challange and it was ok. I guess I'm missing something here.

    And for the second part of your answer, I'm doing exactly as you said.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    4 years ago

    I confirmed that https://tonyxu-io.github.io/pkce-generator/ generates a correct code challenge that Dropbox accepts, so it sounds like there's something wrong in the process you were using.

     

    It looks like the issue is that the "SHA-256 hash calculator" is presenting the hash with hex encoding, which should not be used in the process of generating the code challenge. The app needs to base64URL-encode the binary value, not the hex-encoded value.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.6,037 PostsLatest Activity: 9 hours ago
412 Following

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!