<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Can't get PKCE access token uses javascript fetch request in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569854#M26661</link>
    <description>&lt;P&gt;Could you show both the headers and body for both the request and response? The Chrome developer tools should enable you to see both.&lt;/P&gt;</description>
    <pubDate>Tue, 11 Jan 2022 17:35:48 GMT</pubDate>
    <dc:creator>Greg-DB</dc:creator>
    <dc:date>2022-01-11T17:35:48Z</dc:date>
    <item>
      <title>Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569476#M26643</link>
      <description>&lt;P&gt;&lt;FONT size="4"&gt;I am trying to utilize the&amp;nbsp;&lt;SPAN&gt;PKCE in a background script of chrome extension&lt;BR /&gt;example shows the following:&lt;/SPAN&gt;&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;curl https://api.dropbox.com/oauth2/token \
 -d code=&amp;lt;AUTHORIZATION_CODE&amp;gt; \
 -d grant_type=authorization_code \
 -d code_verifier=&amp;lt;CODE_VERIFIER&amp;gt; \
 -d client_id=&amp;lt;APP_KEY&amp;gt;&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;FONT size="4"&gt;&lt;SPAN&gt;my code:&lt;BR /&gt;&lt;/SPAN&gt;&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="javascript"&gt; var dbxParams = new URLSearchParams({
    client_id:      client_id,
    grant_type:     "authorization_code",
    code:           access_code,
    code_verifier:  code_verifier,
  });
   var url = "https://api.dropbox.com/oauth2/token";

  fetch(url, {
    method: 'POST',
    body: dbxParams
  })
  .then(function(response){
    return response.json()
  })
  .then(function (data) {
    console.log('Request succeeded with JSON response', data);
  })
  .catch(function (error) {
    console.log('Request failed', error);
  });&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;DIV&gt;i always get the same reply:&lt;/DIV&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="javascript"&gt;{"error_description": "No auth function available for given request", "error": "invalid_request"}
​&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;can you help?&lt;/P&gt;&lt;P&gt;&lt;FONT size="4"&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/FONT&gt;&lt;/P&gt;</description>
      <pubDate>Mon, 10 Jan 2022 15:15:42 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569476#M26643</guid>
      <dc:creator>ancso</dc:creator>
      <dc:date>2022-01-10T15:15:42Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569499#M26644</link>
      <description>&lt;P&gt;Hi &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1507808"&gt;@ancso&lt;/a&gt;,&lt;/P&gt;&lt;P&gt;Where is 'redirect_uri' header in your call? &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@9AD39CA637682E9616FBE31CDAF1B6C4/emoticons/1f914.png" alt=":thinking_face:" title=":thinking_face:" /&gt; Did you forget it? 🧐 Review &lt;A title="/oauth2/token" href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-token" target="_blank" rel="noopener"&gt;here&lt;/A&gt; again.&lt;/P&gt;&lt;P&gt;Good luck.&lt;/P&gt;</description>
      <pubDate>Mon, 10 Jan 2022 16:23:40 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569499#M26644</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-01-10T16:23:40Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569500#M26645</link>
      <description>&lt;P&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1507808"&gt;@ancso&lt;/a&gt; Is this the exact code you're running? I just gave it a try and it works for me when I plug in my own client_id, access_code, and code_verifier. (For reference, redirect_uri is optional in this flow, so that shouldn't be an issue.)&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;The "No auth function available for given request" error should indicate that the necessary authorization information, such as "code", etc., weren't provided (or weren't provided in a correct format that the Dropbox API servers understood). Can you check the network request, using the developer tools, to see what is/isn't being sent?&lt;/P&gt;</description>
      <pubDate>Mon, 10 Jan 2022 16:26:51 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569500#M26645</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-01-10T16:26:51Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569532#M26652</link>
      <description>&lt;P&gt;according to the de tools all parameters are sent&lt;BR /&gt;could it be that one of them is simply of wrong type?&lt;BR /&gt;if so I suppose it will be the calculation of the&amp;nbsp;code_verifier&lt;BR /&gt;for such a small task i did not want to import a library so&amp;nbsp;i have the following code:&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;var code_verifier = '';
var codeChallenge = '';  

  /**
   *
   */
  setDropboxCodes(){
    
    var codes = {};
    const base64Encode = (str) =&amp;gt; {
      return str.toString('base64')
        .replace(/\+/g, '-')
        .replace(/\//g, '_')
        .replace(/=/g, '');
      }

    codeVerifier  = base64Encode(getRandomString(128));
    var code256 = _self.sha256(codes['codeVerifier'])
    .codeChallenge = base64Encode(code256);

  }

  /**
   *
   */
  getRandomString(length) {
    var randomChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
    var result = '';
    for ( var i = 0; i &amp;lt; length; i++ ) {
        result += randomChars.charAt(Math.floor(Math.random() * randomChars.length));
    }
    return result;
  }&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 10 Jan 2022 17:57:56 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569532#M26652</guid>
      <dc:creator>ancso</dc:creator>
      <dc:date>2022-01-10T17:57:56Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569568#M26653</link>
      <description>&lt;P&gt;Could you elaborate on what you mean when you say "according to the de tools all parameters are sent"? For instance, could you show the request (headers and body) that your client is sending? Be sure to redact any sensitive values themselves though.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;If a parameter was being sent in the correct format but had an incorrect value, the API should respond with a different message than the one you're getting.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Also, it's worth mentioning that I'm not running this in the context of a Chrome extension, so that may be contributing to the difference.&lt;/P&gt;</description>
      <pubDate>Mon, 10 Jan 2022 19:14:51 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569568#M26653</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-01-10T19:14:51Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569710#M26656</link>
      <description>&lt;P&gt;since its SSL i am unable to use wireshrk/tcpdump&lt;BR /&gt;In the Chrome's dev tools, under the payload tab i can see the following (raw data):&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;client_id=&amp;lt;15 chars clienid&amp;gt;&amp;amp;grant_type=authorization_code&amp;amp;code=&amp;lt;43 chars code&amp;gt;&amp;amp;code_verifier=&amp;lt;128 chars code_verifier&amp;gt;&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;all codes include only lower&amp;amp;Upper case letters and numbers&lt;BR /&gt;&lt;BR /&gt;i also tested this string at&amp;nbsp;&lt;A href="https://reqbin.com/req/v0crmky0/rest-api-post-example" target="_blank" rel="noopener"&gt;https://reqbin.com/req/v0crmky0/rest-api-post-example&lt;/A&gt;&amp;nbsp;and got the same result&lt;/P&gt;</description>
      <pubDate>Tue, 11 Jan 2022 06:58:55 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569710#M26656</guid>
      <dc:creator>ancso</dc:creator>
      <dc:date>2022-01-11T06:58:55Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569854#M26661</link>
      <description>&lt;P&gt;Could you show both the headers and body for both the request and response? The Chrome developer tools should enable you to see both.&lt;/P&gt;</description>
      <pubDate>Tue, 11 Jan 2022 17:35:48 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569854#M26661</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-01-11T17:35:48Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569862#M26663</link>
      <description>&lt;P&gt;the headers:&lt;BR /&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Untitled-1.png" style="width: 761px;"&gt;&lt;img src="https://www.dropboxforum.com/t5/image/serverpage/image-id/26994iB39EF5B7D7EC26DF/image-size/large?v=v2&amp;amp;px=999" role="button" title="Untitled-1.png" alt="Untitled-1.png" /&gt;&lt;/span&gt;&lt;BR /&gt;because it is a chrome extension the body is not in it&lt;BR /&gt;there is a tab called payload instead:&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Untitled-2.jpg" style="width: 800px;"&gt;&lt;img src="https://www.dropboxforum.com/t5/image/serverpage/image-id/26993i463BF4500BE5C0E4/image-size/large?v=v2&amp;amp;px=999" role="button" title="Untitled-2.jpg" alt="Untitled-2.jpg" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;i tried to use the above string in&amp;nbsp;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://reqbin.com/req/v0crmky0/rest-api-post-example" target="_blank" rel="noopener nofollow noreferrer"&gt;https://reqbin.com/req/v0crmky0/rest-api-post-example&lt;/A&gt;&amp;nbsp;and got the same error&lt;BR /&gt;looks like the issue is not with the chrome extension, probably something to do with the data in the body&lt;BR /&gt;&lt;BR /&gt;Thanks&lt;BR /&gt;Avner&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 11 Jan 2022 18:02:09 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569862#M26663</guid>
      <dc:creator>ancso</dc:creator>
      <dc:date>2022-01-11T18:02:09Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569897#M26664</link>
      <description>&lt;P&gt;Thanks. In particular I was most looking for the "Content-Type" header which will affect how the body is read, but that seems to be set correctly in your screenshot. Were you also setting that to "application/x-www-form-urlencoded;charset=UTF-8" when using &lt;A href="https://reqbin.com/req/v0crmky0/rest-api-post-example" target="_blank"&gt;https://reqbin.com/req/v0crmky0/rest-api-post-example&lt;/A&gt; ? That could cause the error if not.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Also, I'm not sure why your request contains cookies; that's not expected for API calls like this. That doesn't occur for me, so I can't say if that's the cause. Perhaps it's because that one's happening in a Chrome extension (as opposed to the potential Content-Type issue in reqbin)?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;In any case, perhaps you can share the actual unredacted payload? (The authorization code expires after five minutes, so it's safe to share once that elapses.) You can &lt;A href="https://www.dropbox.com/developers/contact" target="_self"&gt;open an API ticket&lt;/A&gt; with that if you'd prefer to share privately. That may enable us to reproduce what you're seeing. Alternatively, do you have a sample page with this code running we can try?&lt;/P&gt;</description>
      <pubDate>Tue, 11 Jan 2022 19:18:15 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569897#M26664</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-01-11T19:18:15Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569911#M26665</link>
      <description>&lt;P&gt;when using the&amp;nbsp;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;A href="https://reqbin.com/req/v0crmky0/rest-api-post-example" target="_blank" rel="noopener nofollow noreferrer"&gt;https://reqbin.com/req/v0crmky0/rest-api-post-example&lt;/A&gt;&amp;nbsp;i tried all types of content-type available with no luck&lt;BR /&gt;I don't believe the cookie should matter, usually API servers do not relate to any irrelevant information unless it is actually needed,&lt;BR /&gt;however,&lt;BR /&gt;would be good if you could check that with the programmers&lt;BR /&gt;as you said, this is chrome extension and I am unable to change this default behavior&lt;BR /&gt;&lt;BR /&gt;the params I sent were:&lt;BR /&gt;client_id=&amp;lt;client_id&amp;gt;&amp;amp;grant_type=authorization_code&amp;amp;code=waO3hkmKk8EAAAAAAAAL04IbHdMrBYxBGw7yghMI_0o&amp;amp;code_verifier=HfW9Gz3ZtF3mgdZCq3wuIIzbPDmwaGbkrOgMLgYYv6GeYXvLAMusvBjrJ91Zv8bFKhTOHlHj3EyAqMz5tivKXSLQS1r5NpSeNLP61zz5JRh6MXAB0mAL7lTrzBuSlptc&lt;BR /&gt;&lt;BR /&gt;let me know if you need anymore information&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 11 Jan 2022 19:43:47 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569911#M26665</guid>
      <dc:creator>ancso</dc:creator>
      <dc:date>2022-01-11T19:43:47Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569917#M26666</link>
      <description>&lt;P&gt;Using that payload (though plugging in my own test client ID since you redacted yours), I still didn't get that error on &lt;A href="https://reqbin.com/req/v0crmky0/rest-api-post-example" target="_blank" rel="noopener nofollow noreferrer"&gt;https://reqbin.com/req/v0crmky0/rest-api-post-example&lt;/A&gt; . I instead got "code doesn't exist or has expired" as expected, since authorization codes are single-use and expire after a few minutes. Here's a screenshot showing the raw request and response there:&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2022-01-11 at 3.01.04 PM.png" style="width: 400px;"&gt;&lt;img src="https://www.dropboxforum.com/t5/image/serverpage/image-id/26999i912D5686473F9181/image-size/medium?v=v2&amp;amp;px=400" role="button" title="Screen Shot 2022-01-11 at 3.01.04 PM.png" alt="Screen Shot 2022-01-11 at 3.01.04 PM.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;Just to double check, are you getting "code doesn't exist or has expired" or "No auth function available for given request" if you do the same there?&lt;/P&gt;</description>
      <pubDate>Tue, 11 Jan 2022 20:04:47 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/569917#M26666</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-01-11T20:04:47Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/570011#M26667</link>
      <description>&lt;P&gt;yes,&lt;BR /&gt;i experience the same behavior&lt;BR /&gt;if using an expired code i get the same error "&lt;SPAN&gt;code doesn't exist or has expired":&lt;BR /&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;HTTP/1.1 400 Bad Request
Content-Security-Policy: sandbox allow-forms allow-scripts
Content-Type: application/json
Accept-Encoding: identity,gzip
Date: Wed, 12 Jan 2022 02:27:14 GMT
Server: envoy
Content-Length: 84
X-Dropbox-Response-Origin: far_remote
X-Dropbox-Request-Id: 7ff4794a94a846b0bfcbc750fbe48fd5

{"error": "invalid_grant", "error_description": "code doesn't exist or has expired"}&lt;/LI-CODE&gt;&lt;P&gt;&lt;SPAN&gt;&lt;BR /&gt;however&lt;BR /&gt;if using a working code i get:&lt;BR /&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;HTTP/1.1 400 Bad Request
Content-Security-Policy: sandbox allow-forms allow-scripts
Content-Type: application/json
Accept-Encoding: identity,gzip
Date: Wed, 12 Jan 2022 02:25:18 GMT
Server: envoy
Content-Length: 97
X-Dropbox-Response-Origin: far_remote
X-Dropbox-Request-Id: 320762d3550c4d8a8e9e46a5ddc6b091

{"error": "invalid_request", "error_description": "No auth function available for given request"}&lt;/LI-CODE&gt;&lt;P&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 12 Jan 2022 02:27:49 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/570011#M26667</guid>
      <dc:creator>ancso</dc:creator>
      <dc:date>2022-01-12T02:27:49Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/570012#M26668</link>
      <description>&lt;P&gt;is there a way we can debug this online together?&lt;BR /&gt;maybe in an online meeting?&lt;/P&gt;</description>
      <pubDate>Wed, 12 Jan 2022 02:47:17 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/570012#M26668</guid>
      <dc:creator>ancso</dc:creator>
      <dc:date>2022-01-12T02:47:17Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/570013#M26669</link>
      <description>&lt;P&gt;Thanks! That's helpful. I believe I see what's causing this now. Can you check what /oauth2/authorize URL you're using? Since you're trying to use the PKCE flow, you need to include the code_challenge and code_challenge_method parameters. If you don't include those though, this effectively becomes the non-PKCE flow, in which case when you don't supply the client_secret value when calling /oauth2/token, you'll get this "No auth function available for given request" error (since the non-PKCE flow requires the client secret).&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;So, in order to use the PKCE flow, make sure you're including the code_challenge and code_challenge_method parameters on your /oauth2/authorize URL when retrieving the authorization code.&lt;/P&gt;</description>
      <pubDate>Wed, 12 Jan 2022 02:58:37 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/570013#M26669</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-01-12T02:58:37Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/570037#M26670</link>
      <description>&lt;P&gt;yes!&lt;BR /&gt;that was the problem&lt;BR /&gt;my apologies I missed these arguments in the request URL&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;however,&lt;BR /&gt;i am now getting the error&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="javascript"&gt;{error: 'invalid_grant', error_description: 'invalid code verifier'}&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;The URL includes both&amp;nbsp;code_challenge and&amp;nbsp;code_challenge_method&lt;BR /&gt;and looks like:&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;https://www.dropbox.com/oauth2/authorize?response_type=code&amp;amp;client_id=&amp;lt;client_id&amp;gt;&amp;amp;code_challenge=&amp;lt;code_challenge&amp;gt;&amp;amp;code_challenge_method=S256&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;BR /&gt;and the parameters sent to oauth2/token are:&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;client_id=&amp;lt;client_id&amp;gt;&amp;amp;grant_type=authorization_code&amp;amp;code=&amp;lt;auth code from dropbox&amp;gt;&amp;amp;code_verifier=&amp;lt;128 char verifier&amp;gt;&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;i also made sure that &amp;lt;code challenge&amp;gt; is a SHA256 hash of&amp;nbsp;&amp;lt;128 char verifier&amp;gt; by testing it at&amp;nbsp;&lt;A href="https://emn178.github.io/online-tools/sha256.html" target="_blank" rel="noopener"&gt;https://emn178.github.io/online-tools/sha256.html&lt;/A&gt;&lt;BR /&gt;&lt;BR /&gt;what am i missing?&lt;/P&gt;</description>
      <pubDate>Wed, 12 Jan 2022 09:06:47 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/570037#M26670</guid>
      <dc:creator>ancso</dc:creator>
      <dc:date>2022-01-12T09:06:47Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/570130#M26671</link>
      <description>&lt;P&gt;The S256 method can be difficult to implement exactly correctly in code, and that tool you linked to is made by a third party so I can't say if it's producing exactly the format required for the OAuth 2 flow. You can refer to &lt;A href="https://github.com/dropbox/dropbox-sdk-js/blob/f1214918142ac51ea0b4181c5c1755f7403d8622/src/auth.js#L174" target="_self"&gt;the code in the official Dropbox API v2 JavaScript SDK where this is done though&lt;/A&gt;. Alternatively, you could use the "plain" method (where the code challenge is just the code verifier) instead.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;By the way, I don't know exactly what was contained in the cookies in the screenshot you posted, and I redacted them from the image anyway, but just to be safe, you may want to &lt;A href="https://www.dropbox.com/account/security" target="_self"&gt;delete any old web browser sessions&lt;/A&gt;, as well as &lt;A href="https://www.dropbox.com/logout" target="_self"&gt;sign out of your current one&lt;/A&gt;, to invalidate any such cookies.&lt;/P&gt;</description>
      <pubDate>Wed, 12 Jan 2022 16:54:03 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/570130#M26671</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-01-12T16:54:03Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/570170#M26673</link>
      <description>&lt;P&gt;plain works well&lt;BR /&gt;thanks&lt;BR /&gt;&lt;BR /&gt;the example given at&amp;nbsp;&lt;A href="https://dropbox.tech/developers/pkce--what-and-why-" target="_self"&gt;https://dropbox.tech/developers/pkce--what-and-why-&lt;/A&gt;&amp;nbsp;refers to node.js and is not valid in browsers&lt;BR /&gt;can you please show an example that will be valid in such environment as browsers?&lt;BR /&gt;thanks&lt;/P&gt;</description>
      <pubDate>Wed, 12 Jan 2022 18:58:10 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/570170#M26673</guid>
      <dc:creator>ancso</dc:creator>
      <dc:date>2022-01-12T18:58:10Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/570192#M26674</link>
      <description>&lt;P&gt;The API v2 JavaScript SDK supports both browser and node environments, so I recommend checking out &lt;A href="https://github.com/dropbox/dropbox-sdk-js/blob/f1214918142ac51ea0b4181c5c1755f7403d8622/src/auth.js#L174" target="_self"&gt;that code&lt;/A&gt;.&lt;/P&gt;</description>
      <pubDate>Wed, 12 Jan 2022 20:15:53 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/570192#M26674</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-01-12T20:15:53Z</dc:date>
    </item>
    <item>
      <title>Re: Can't get PKCE access token uses javascript fetch request</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/570301#M26677</link>
      <description>&lt;P&gt;will check it&lt;BR /&gt;thanks for your help, it is much appriciated!&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 13 Jan 2022 11:36:28 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Can-t-get-PKCE-access-token-uses-javascript-fetch-request/m-p/570301#M26677</guid>
      <dc:creator>ancso</dc:creator>
      <dc:date>2022-01-13T11:36:28Z</dc:date>
    </item>
  </channel>
</rss>

