Forum Discussion

donaldp's avatar
donaldp
Collaborator | Level 9
4 years ago

Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync

Hi,      I'm implementing PKCE now, but getting an invalid request exception. I can't see anything that I'm doing wrong from the doco (it says everything is optional except code and appkey). This i...
API
Здравко's avatar
Здравко
Legendary | Level 20
4 years ago

Yes, we are talking for different things. donaldp, It's correct:

donaldp wrote:

From https://developers.dropbox.com/oauth-guide - "The redirect_uri is optional with the code flow - if unspecified, the authorization code is displayed on dropbox.com for the user to copy and paste to your app"

...

But the following:

donaldp wrote:

...

So the URL is https://www.dropbox.com/oauth2/authorize?client_id=MY_CLIENT_ID&redirect_uri=MY_REDIRECT_URI&response_type=code, ...

... is definitely NOT "redirect_url"!!! It's the URL used to launch the authentication and it's mandatory for every Flow - no way to get anything without it! Again, PKCE Flow does suppose code challenge existance... no, no just does suppose - it's mandatory and will never work without.

Take a look here and look on PKCE example (scroll little down). See there what's mandatory and what - not. Better don't construct it by hand, but use corresponding method instead.

donaldp's avatar
donaldp
Collaborator | Level 9
4 years ago

Ok, used the wrong name - it's the authorisation URL, not the redirect URL - but it's still the same URL every time. The link you provided says the same thing - 

https://www.dropbox.com/oauth2/authorize?client_id=<APP_KEY>&response_type=code

- so I still don't know why it's not working, given that's exactly the URL I've been using.

  • Здравко's avatar
    Здравко
    Legendary | Level 20
    4 years ago

    OMG...

    Documentation:

    Example: Auth URL for PKCE code flow

    https://www.dropbox.com/oauth2/authorize?client_id=<APP_KEY>&response_type=code&code_challenge=<CHALLENGE>&code_challenge_method=<METHOD>

    Be more careful, where you are looking on!

  • donaldp's avatar
    donaldp
    Collaborator | Level 9
    4 years ago

    Ah ok. Yes I didn't see that because doco says "Example: Auth URL for code flow with offline token access type", which is what I want - offline token. Needs a qualifier added "except for PKCE".

     

    So does the PKCE URL change each time, or I only need to generate it once?

  • Здравко's avatar
    Здравко
    Legendary | Level 20
    4 years ago
    donaldp wrote:

    ...

    So does the PKCE URL change each time, or I only need to generate it once?

    Technically it's possible to be a constant, but as I said before, why are you using PKCE in this case? 🤷 It becomes meaningless and I wouldn't give you such advice.

  • donaldp's avatar
    donaldp
    Collaborator | Level 9
    4 years ago

    I'm using PKCE so that I don't have to send the secret, and is what the doco says to do.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!