Need to see if your shared folder is taking up space on your dropbox 👨‍💻? Find out how to check here.

Forum Discussion

Riccardo A.'s avatar
Riccardo A.
New member | Level 1
11 years ago

Missing query parameter 'state'

I use Dropbox Core API to work with Dropbox. And I impement recently hwioauthbundle in Symfony for a fast authentication. Before this all function upload,download,list files work well. But I have this error :

/dropbox-auth-finish: bad request: Missing query parameter 'state'

It seems that the $_GET array doesn't contain state value, but I try to set this parameter with some values but it didn't work. And now I don't know what do. In the HTTP Response there isn't state parametrer.

If you know something, answer here.

list($accessToken,$userId, $urlState) = $this->webAuth->finish($_GET);

$this->dbxClient = new dbx\Client($accessToken, "PHP-Example/1.0");

Thank you

API

4 Replies

Replies have been turned off for this discussion
  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    11 years ago

    [Cross-linking for reference: https://stackoverflow.com/questions/30106962/dropbox-bad-request-missing-query-parameter-state ]

    The WebAuth.finish method checks the state value included on the redirect to your redirect_uri when the user is sent back to your app by Dropbox during the OAuth 2 app authorization flow. (This protects against CSRF attacks.) This error indicates that your $_GET array doesn't include state.

    To track down where the issue is, I'd check a few things to see where the state value is lost:

    • does the full URL for /dropbox-auth-finish when the user is redirected back to your app have the state parameter?
    • does the app authorization URL your app sends the user to (which should start with https://www.dropbox.com/1/oauth2/authorize) have the state parameter?
  • Riccardo A.'s avatar
    Riccardo A.
    New member | Level 1
    11 years ago

    I tried to insert a "state" parameter in the authorizaion_url like the Core API Document said.
    But I don't know what's the value to pass.
    The response said that it's "dropbox-auth-finish: CSRF mismatch: Expected" but I'm using a fixed authorization_url .
    There is a way to eceed this parameter???

    Thank you
    Sorry for the delay
    :)

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    11 years ago

    The state value is generated by the PHP SDK for you, and is passed through the OAuth app authorization flow. You shouldn't have to set it yourself. I'm not familiar with hwioauthbundle, but it's possible it's consuming it before you can get to it. Can you post the details I asked for in my last reply? Can you post the relevant code?

    Also, what do you mean when you say you're "using a fixed authorization_url"? The authorization URL should be generated (e.g., using WebAuth.start) when the user wants to link to your app.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!