Forum Discussion

donaldp's avatar
donaldp
Collaborator | Level 9
3 years ago

Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync

Hi,      I'm implementing PKCE now, but getting an invalid request exception. I can't see anything that I'm doing wrong from the doco (it says everything is optional except code and appkey). This i...
API
donaldp's avatar
donaldp
Collaborator | Level 9
3 years ago

Hi Greg-DB ,

 

   Thanks for your polite-as-always explanation. 🙂 That wasn't clear to me from the doco that the authorisation URL is different every time (since it's always been the same with non-PKCE), so might be worth highlighting that in the doco for others like me who are converting.

 

   I got it working now with an access token (wanted to try that first so that I can test my code handles it properly when it expires), but I did try to save a refresh token at the same time, as that's what I'll use later, and various info was telling me I would get one with a code authorisation flow, but I didn't get a refresh token, only the access token.  Is there another parameter or something I need to specify, because I thought I'd done everything I needed to get the refresh token too (for offline processing).

 

This is what I have so far...

```

PKCEOAuthFlow=new PKCEOAuthFlow();
AuthorisationURLText=PKCEOAuthFlow.GetAuthorizeUri(OAuthResponseType.Code,APIKEY).ToString(); (plus an option to copy this to the clipboard)

 

OAuth2Response dxResponse=await PKCEOAuthFlow.ProcessCodeFlowAsync(code,APIKEY);
DxAccessToken=dxResponse.AccessToken;
Trace.Write($"********************************** DxAccessToken is {DxAccessToken}\r\n");
if (dxResponse.ExpiresAt is DateTime) {
    DxAccessTokenExpiry=(DateTime)dxResponse.ExpiresAt;
} else {
    DxAccessTokenExpiry=DateTime.Now;
    }
Trace.Write($"********************************** DxAccessTokenExpiry is {DxAccessTokenExpiry}\r\n");
DxRefreshToken=dxResponse.RefreshToken;
Trace.Write($"********************************** DxRefreshToken is {DxRefreshToken}\r\n");
Authorised=true;

```

But as I said, the refresh token came up blank.

 

thanks,

  Donald.

Greg-DB's avatar
Greg-DB
Icon for Dropbox Community Moderator rankDropbox Community Moderator
3 years ago

donaldp Здравко is correct, in order to receive a refresh token, you need to specify "offline" access. With the .NET SDK, you would do so in your GetAuthorizeUri call, by setting tokenAccessType: TokenAccessType.Offline, like in the example here. It looks like that's missing in the GetAuthorizeUri call in the latest code you shared.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!