<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: error: invalid code verifier in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/error-invalid-code-verifier/m-p/543494#M25992</link>
    <description>&lt;P&gt;Thanks for fast reply.&lt;/P&gt;&lt;P&gt;How strange! I used this link for&lt;A href="https://xorbin.com/tools/sha256-hash-calculator" target="_self"&gt;&amp;nbsp;sha256&lt;/A&gt;&amp;nbsp;and then copied the output to&amp;nbsp;&lt;A href="https://simplycalc.com/base64url-encode.php" target="_self"&gt;base64url encoder&lt;/A&gt;&amp;nbsp;to check my chode_challange and it was ok. I guess I'm missing something here.&lt;/P&gt;&lt;P&gt;And for the second part of your answer, I'm doing exactly as you said.&lt;/P&gt;</description>
    <pubDate>Tue, 07 Sep 2021 05:42:22 GMT</pubDate>
    <dc:creator>mk29</dc:creator>
    <dc:date>2021-09-07T05:42:22Z</dc:date>
    <item>
      <title>error: invalid code verifier</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/error-invalid-code-verifier/m-p/543371#M25984</link>
      <description>&lt;P&gt;Hi. I'm developing a C++ application that needs to connect to Dropbox. I'm stuck at implementing OAuth. As documentation suggests:&lt;/P&gt;
&lt;P&gt;&lt;EM&gt;code_challenge&amp;nbsp;&lt;I&gt;String?(min_length=43, max_length=128)&lt;/I&gt;&lt;SPAN&gt;&amp;nbsp;Part of the PKCE flow, the challenge should be an SHA-256 (&lt;/SPAN&gt;S256&lt;SPAN&gt;) encoded value of a string that will serve as the&amp;nbsp;&lt;/SPAN&gt;code_verifier&lt;SPAN&gt;&amp;nbsp;of the corresponding&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-token" target="_blank" rel="noopener"&gt;/oauth2/token&lt;/A&gt;&lt;SPAN&gt;&amp;nbsp;call. Can can also be set to plain (&lt;/SPAN&gt;plain&lt;SPAN&gt;).&lt;/SPAN&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;My understanding was that this means I need to generate a random string with minimum 43 characters and hash it using SHA-256 and that will give me code_challenge. But when I call&amp;nbsp;/oauth2/token&amp;nbsp;I get this error:&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;LI-CODE lang="markup"&gt;{"error_description": "invalid code verifier", "error": "invalid_grant"}&lt;/LI-CODE&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Then found &lt;A href="https://medium.com/identity-beyond-borders/what-the-heck-is-pkce-40662e801a76" target="_self"&gt;this article&lt;/A&gt;&amp;nbsp;that says this is the correct way to calculate code_challenge:&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;LI-CODE lang="markup"&gt;Base64UrlEncode(SHA256Hash(code_verifier))&lt;/LI-CODE&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Which means I had to take an extra step and encode the hashed value. Tried this but the same message is returned. These are the values I'm sending:&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;LI-CODE lang="markup"&gt;code_verifier -&amp;gt; 2LORVR1BWsWNkUuLISmv28MR44bYCiq39mU5m8QuzKM
code_challenge -&amp;gt; YzY0Y2EwZTRlZDgwMTUwZWYxMzE2ZDQwZTJkMjQ0NWUxMDVlN2JlZWU2M2EzMjM3NjVmZTVhZmM2YzZlMjgyNw&lt;/LI-CODE&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;I have checked my code_challenge with online calculators and it's correct. I would appreciate it if someone could explain to me why I am getting this error.&lt;/P&gt;</description>
      <pubDate>Mon, 06 Sep 2021 12:51:54 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/error-invalid-code-verifier/m-p/543371#M25984</guid>
      <dc:creator>mk29</dc:creator>
      <dc:date>2021-09-06T12:51:54Z</dc:date>
    </item>
    <item>
      <title>Re: error: invalid code verifier</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/error-invalid-code-verifier/m-p/543390#M25987</link>
      <description>&lt;P&gt;That code_challenge value does not appear to be correct for that code_verifier value. I tried plugging "2LORVR1BWsWNkUuLISmv28MR44bYCiq39mU5m8QuzKM" into &lt;A href="https://tonyxu-io.github.io/pkce-generator/" target="_blank"&gt;https://tonyxu-io.github.io/pkce-generator/&lt;/A&gt; as the "Code Verifier" and got a "Code Challenge" of "xkyg5O2AFQ7xMW1A4tJEXhBee-7mOjI3Zf5a_GxuKCc".&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Also, make sure you're using the&amp;nbsp;"Code Challenge" on the /oauth2/authorize URL, and are passing the "Code Verifier" to /oauth2/token, and not the other way around.&lt;/P&gt;</description>
      <pubDate>Mon, 06 Sep 2021 15:02:17 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/error-invalid-code-verifier/m-p/543390#M25987</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2021-09-06T15:02:17Z</dc:date>
    </item>
    <item>
      <title>Re: error: invalid code verifier</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/error-invalid-code-verifier/m-p/543494#M25992</link>
      <description>&lt;P&gt;Thanks for fast reply.&lt;/P&gt;&lt;P&gt;How strange! I used this link for&lt;A href="https://xorbin.com/tools/sha256-hash-calculator" target="_self"&gt;&amp;nbsp;sha256&lt;/A&gt;&amp;nbsp;and then copied the output to&amp;nbsp;&lt;A href="https://simplycalc.com/base64url-encode.php" target="_self"&gt;base64url encoder&lt;/A&gt;&amp;nbsp;to check my chode_challange and it was ok. I guess I'm missing something here.&lt;/P&gt;&lt;P&gt;And for the second part of your answer, I'm doing exactly as you said.&lt;/P&gt;</description>
      <pubDate>Tue, 07 Sep 2021 05:42:22 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/error-invalid-code-verifier/m-p/543494#M25992</guid>
      <dc:creator>mk29</dc:creator>
      <dc:date>2021-09-07T05:42:22Z</dc:date>
    </item>
    <item>
      <title>Re: error: invalid code verifier</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/error-invalid-code-verifier/m-p/543589#M25995</link>
      <description>&lt;P&gt;I confirmed that &lt;A href="https://tonyxu-io.github.io/pkce-generator/" target="_blank"&gt;https://tonyxu-io.github.io/pkce-generator/&lt;/A&gt; generates a correct code challenge that Dropbox accepts, so it sounds like there's something wrong in the process you were using.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;It looks like the issue is that the "SHA-256 hash calculator" is presenting the hash with hex encoding, which should not be used in the process of generating the code challenge. The app needs to base64URL-encode the binary value, not the hex-encoded value.&lt;/P&gt;</description>
      <pubDate>Tue, 07 Sep 2021 15:05:37 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/error-invalid-code-verifier/m-p/543589#M25995</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2021-09-07T15:05:37Z</dc:date>
    </item>
  </channel>
</rss>

