<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620567#M28601</link>
    <description>&lt;P&gt;Ok, used the wrong name - it's the authorisation URL, not the redirect URL - but it's still the same URL every time. The link you provided says the same thing -&amp;nbsp;&lt;/P&gt;&lt;PRE&gt;https://www.dropbox.com/oauth2/authorize?client_id=&amp;lt;APP_KEY&amp;gt;&amp;amp;response_type=code&lt;/PRE&gt;&lt;P&gt;- so I still don't know why it's not working, given that's exactly the URL I've been using.&lt;/P&gt;</description>
    <pubDate>Mon, 05 Sep 2022 20:46:43 GMT</pubDate>
    <dc:creator>donaldp</dc:creator>
    <dc:date>2022-09-05T20:46:43Z</dc:date>
    <item>
      <title>Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620342#M28580</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp; &amp;nbsp;I'm implementing PKCE now, but getting an invalid request exception. I can't see anything that I'm doing wrong from the doco (it says everything is optional except code and appkey). This is code that was working when I was using&amp;nbsp;DropboxOAuth2Helper.ProcessCodeFlowAsync (but I want to convert to not sending the secret - using a C# dotnet desktop app).&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;My initial code (using a code authorised in the browser, and the same appkey) is as follows...&lt;/P&gt;&lt;P&gt;```&lt;/P&gt;&lt;P&gt;if (code is object) {&lt;BR /&gt;&amp;nbsp; &amp;nbsp; PKCEOAuthFlow pKCEFlow=new PKCEOAuthFlow();&lt;BR /&gt;// OAuth2Response dxResponse=await DropboxOAuth2Helper.ProcessCodeFlowAsync(code,APIKEY,APISECRET); note THIS CODE WAS WORKING&lt;BR /&gt;&amp;nbsp; &amp;nbsp; OAuth2Response dxResponse=await pKCEFlow.ProcessCodeFlowAsync(code,APIKEY);&lt;/P&gt;&lt;P&gt;```&lt;/P&gt;&lt;P&gt;Then I hit the exception...&lt;/P&gt;&lt;P&gt;********************************** UNHANDLED EXCEPTION! Details: Dropbox.Api.OAuth2Exception: invalid_request&lt;BR /&gt;at Dropbox.Api.DropboxOAuth2Helper.ProcessCodeFlowAsync(String code, String appKey, String appSecret, String redirectUri, HttpClient client, String codeVerifier)&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp; &amp;nbsp;Do I need to use a different authoriseURI if I'm using PKCE or something? I'm using the same one I was using with&amp;nbsp;DropboxOAuth2Helper.ProcessCodeFlowAsync. Otherwise I don't know what it's not happy about. &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@EA4D5AD6084EAC95CB4E739348E74CC6/emoticons/1f615.png" alt=":confused_face:" title=":confused_face:" /&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;thanks,&lt;/P&gt;&lt;P&gt;&amp;nbsp; Donald.&lt;/P&gt;</description>
      <pubDate>Sun, 04 Sep 2022 20:17:16 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620342#M28580</guid>
      <dc:creator>donaldp</dc:creator>
      <dc:date>2022-09-04T20:17:16Z</dc:date>
    </item>
    <item>
      <title>Re: Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620350#M28582</link>
      <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/382186"&gt;@donaldp&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;...&lt;/P&gt;&lt;P&gt;if (code is object) {&lt;BR /&gt;&amp;nbsp; &amp;nbsp; PKCEOAuthFlow pKCEFlow=new PKCEOAuthFlow();&lt;/P&gt;&lt;P&gt;...&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;As can be seen from your post, you are constructing pKCEFlow object anew after you have got the code. How you guarantee that PKCE code challenge, send as part of initial query (targeting the code you have received on redirect), match to the code verifier used on followup code processing (both generated and carried within&amp;nbsp;PKCEOAuthFlow object)? &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@9AD39CA637682E9616FBE31CDAF1B6C4/emoticons/1f914.png" alt=":thinking_face:" title=":thinking_face:" /&gt; This workflow targets extremely difficult prediction of such pair, so security gonna be improved. If it was so easy to predict second pair' element (just construct a new object),&amp;nbsp;&lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@D88F213CAFB196B6AB70612B08AD9D31/emoticons/1f601.png" alt=":beaming_face_with_smiling_eyes:" title=":beaming_face_with_smiling_eyes:" /&gt; what's the meaning of PKCE usage at all?&lt;/P&gt;&lt;P&gt;Hope this gives direction. &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@41457EF40051AFF130FDBFE21B496926/emoticons/1f609.png" alt=":winking_face:" title=":winking_face:" /&gt;&lt;/P&gt;</description>
      <pubDate>Mon, 05 Sep 2022 00:21:52 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620350#M28582</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-09-05T00:21:52Z</dc:date>
    </item>
    <item>
      <title>Re: Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620352#M28583</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;gt;&amp;nbsp;&lt;SPAN&gt;As can be seen from your post, you are constructing pKCEFlow object anew after you have got the code&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp; &amp;nbsp;Yes, that's right. I'm getting the code directly from the browser - I'm not doing it via the app - so this is the first step in the process in the app. There is no redirect. The user gets the code, then comes to the app with it. The doco says that you can do that, hence why the subsequent parameters are all optional. It's not working though (as is).&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 05 Sep 2022 00:54:36 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620352#M28583</guid>
      <dc:creator>donaldp</dc:creator>
      <dc:date>2022-09-05T00:54:36Z</dc:date>
    </item>
    <item>
      <title>Re: Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620353#M28584</link>
      <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/382186"&gt;@donaldp&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;... I'm getting the code directly from the browser - I'm not doing it via the app - so this is the first step in the process in the app. There is no redirect. The user gets the code, then comes to the app with it. The doco says that you can do that, hence why the subsequent parameters are all optional. It's not working though (as is).&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;Ok, that's right. Nothing against what you say, it's correct. Do you intentionally bypass my actual notes posted before?&amp;nbsp;🤷 If you don't want, don't read them.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Edit:&lt;/P&gt;&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/382186"&gt;@donaldp&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;... I'm getting the code directly from the browser - I'm not doing it via the app - so &lt;U&gt;&lt;STRONG&gt;this is the first step&lt;/STRONG&gt;&lt;/U&gt; in the process in the app. ...&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;The first step is constructing and launching Dropbox authentication (URL construction that must include code challenge). What you are talking about is going to be the second one! Both are strictly related to each other - something you are missing, seems!&lt;/P&gt;</description>
      <pubDate>Mon, 05 Sep 2022 01:15:37 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620353#M28584</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-09-05T01:15:37Z</dc:date>
    </item>
    <item>
      <title>Re: Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620355#M28585</link>
      <description>&lt;P&gt;&amp;gt;&lt;SPAN&gt;The first step is constructing and launching Dropbox authentication&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;And the doco states that step is optional, as I already said. I therefore don't know what code is needed to get this working when one isn't constructing and launching a redirect. If you're getting the code directly from a browser as the actual first step, then the next step is entering that code into the app, unless someone can tell me a different first step for bypassing using a redirect (I already asked if there's a different URL needed to be used for the PKCE flow - I'm using the same URL as non-PKCE flow, but maybe that's the issue?).&lt;/P&gt;</description>
      <pubDate>Mon, 05 Sep 2022 01:35:49 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620355#M28585</guid>
      <dc:creator>donaldp</dc:creator>
      <dc:date>2022-09-05T01:35:49Z</dc:date>
    </item>
    <item>
      <title>Re: Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620357#M28586</link>
      <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/382186"&gt;@donaldp&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;...&lt;/P&gt;&lt;P&gt;And the doco states &lt;U&gt;&lt;STRONG&gt;that step is optional&lt;/STRONG&gt;&lt;/U&gt;, as I already said. ...&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;Probably we are talking for different things. How constructing URL used on launching the browser (where you are getting code) can be optional? You are getting such code every time OAuth is on go, but it's optional... &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@9AD39CA637682E9616FBE31CDAF1B6C4/emoticons/1f914.png" alt=":thinking_face:" title=":thinking_face:" /&gt; Can you clarify the meaning of word "optional" here (in this context)?&lt;/P&gt;&lt;P&gt;This is something mandatory for any type of Flow in use and both with and without redirection! Sometimes it's simple, sometimes little bit complicated. When SDK is in use you are relying on the SDK code to do this, should look the same. Just careful what code is used to construct it. Don't mix different code (from different flows) together.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;One more thing:&lt;/P&gt;&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/382186"&gt;@donaldp&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;... (I already asked if there's a different URL needed to be used for the PKCE flow - I'm using &lt;U&gt;&lt;STRONG&gt;the same URL&lt;/STRONG&gt;&lt;/U&gt; as non-PKCE flow, but maybe that's the issue?).&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;What actually means "the same URL"? If you mean URL received using the same code (PKCEOAuthFlow class code), that's correct. Since this URL will contain within code challenge (something supposed to be unique for every query), URL literal gonna be different. If you mean usage of a constant URL literal..., where and how will come code challenge from - something mandatory for PKCE?&lt;/P&gt;</description>
      <pubDate>Mon, 05 Sep 2022 02:19:23 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620357#M28586</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-09-05T02:19:23Z</dc:date>
    </item>
    <item>
      <title>Re: Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620549#M28599</link>
      <description>&lt;P&gt;From&amp;nbsp;&lt;A href="https://developers.dropbox.com/oauth-guide" target="_blank"&gt;https://developers.dropbox.com/oauth-guide&lt;/A&gt;&amp;nbsp;- "The redirect_uri is optional with the code flow - if unspecified, the authorization code is displayed on dropbox.com for the user to copy and paste to your app"&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;So the URL is&amp;nbsp;&lt;A href="https://www.dropbox.com/oauth2/authorize?client_id=MY_CLIENT_ID&amp;amp;redirect_uri=MY_REDIRECT_URI&amp;amp;response_type=code," target="_blank"&gt;https://www.dropbox.com/oauth2/authorize?client_id=MY_CLIENT_ID&amp;amp;redirect_uri=MY_REDIRECT_URI&amp;amp;response_type=code,&lt;/A&gt;&amp;nbsp;but without the redirect, since that is optional, and that link is always the same, so just have a browser shortcut for it.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;It sounds like the link is different for PKCE then?&lt;/P&gt;</description>
      <pubDate>Mon, 05 Sep 2022 19:59:55 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620549#M28599</guid>
      <dc:creator>donaldp</dc:creator>
      <dc:date>2022-09-05T19:59:55Z</dc:date>
    </item>
    <item>
      <title>Re: Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620563#M28600</link>
      <description>&lt;P&gt;Yes, we are talking for different things. &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/382186"&gt;@donaldp&lt;/a&gt;, It's correct:&lt;/P&gt;&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/382186"&gt;@donaldp&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;From&amp;nbsp;&lt;A href="https://developers.dropbox.com/oauth-guide" target="_blank" rel="noopener"&gt;https://developers.dropbox.com/oauth-guide&lt;/A&gt;&amp;nbsp;- "The redirect_uri is optional with the code flow - if unspecified, the authorization code is displayed on dropbox.com for the user to copy and paste to your app"&lt;/P&gt;&lt;P&gt;...&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;But the following:&lt;/P&gt;&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/382186"&gt;@donaldp&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;...&lt;/P&gt;&lt;P&gt;So the URL is&amp;nbsp;&lt;A href="https://www.dropbox.com/oauth2/authorize?client_id=MY_CLIENT_ID&amp;amp;redirect_uri=MY_REDIRECT_URI&amp;amp;response_type=code," target="_blank" rel="noopener"&gt;https://www.dropbox.com/oauth2/authorize?client_id=MY_CLIENT_ID&amp;amp;redirect_uri=MY_REDIRECT_URI&amp;amp;response_type=code,&lt;/A&gt; ...&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;... is definitely NOT "redirect_url"!!! It's the URL used to launch the authentication and it's mandatory for every Flow - no way to get anything without it! Again, PKCE Flow does suppose code challenge existance... no, no just does suppose - it's mandatory and will never work without.&lt;/P&gt;&lt;P&gt;Take a look &lt;A title="Authorization" href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize" target="_blank" rel="noopener"&gt;here&lt;/A&gt; and look on PKCE example (scroll little down). See there what's mandatory and what - not. Better don't construct it by hand, but use corresponding method instead.&lt;/P&gt;</description>
      <pubDate>Mon, 05 Sep 2022 20:38:21 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620563#M28600</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-09-05T20:38:21Z</dc:date>
    </item>
    <item>
      <title>Re: Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620567#M28601</link>
      <description>&lt;P&gt;Ok, used the wrong name - it's the authorisation URL, not the redirect URL - but it's still the same URL every time. The link you provided says the same thing -&amp;nbsp;&lt;/P&gt;&lt;PRE&gt;https://www.dropbox.com/oauth2/authorize?client_id=&amp;lt;APP_KEY&amp;gt;&amp;amp;response_type=code&lt;/PRE&gt;&lt;P&gt;- so I still don't know why it's not working, given that's exactly the URL I've been using.&lt;/P&gt;</description>
      <pubDate>Mon, 05 Sep 2022 20:46:43 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620567#M28601</guid>
      <dc:creator>donaldp</dc:creator>
      <dc:date>2022-09-05T20:46:43Z</dc:date>
    </item>
    <item>
      <title>Re: Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620574#M28602</link>
      <description>&lt;P&gt;OMG...&lt;/P&gt;&lt;BLOCKQUOTE&gt;&lt;HR /&gt;Documentation:&lt;BR /&gt;&lt;P&gt;Example: Auth URL for PKCE code flow&lt;/P&gt;&lt;PRE&gt;https://www.dropbox.com/oauth2/authorize?client_id=&lt;SPAN class=""&gt;&lt;SPAN class=""&gt;&lt;SPAN class=""&gt;&amp;lt;&lt;/SPAN&gt;APP_KEY&lt;/SPAN&gt;&lt;SPAN class=""&gt;&amp;gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&amp;amp;response_type=code&amp;amp;code_challenge=&lt;SPAN class=""&gt;&lt;SPAN class=""&gt;&lt;SPAN class=""&gt;&amp;lt;&lt;/SPAN&gt;CHALLENGE&lt;/SPAN&gt;&lt;SPAN class=""&gt;&amp;gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&amp;amp;code_challenge_method=&lt;SPAN class=""&gt;&lt;SPAN class=""&gt;&lt;SPAN class=""&gt;&amp;lt;&lt;/SPAN&gt;METHOD&lt;/SPAN&gt;&lt;SPAN class=""&gt;&amp;gt;&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/PRE&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;Be more careful, where you are looking on!&lt;/P&gt;</description>
      <pubDate>Mon, 05 Sep 2022 21:04:01 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620574#M28602</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-09-05T21:04:01Z</dc:date>
    </item>
    <item>
      <title>Re: Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620575#M28603</link>
      <description>&lt;P&gt;Ah ok. Yes I didn't see that because doco says "&lt;SPAN&gt;Example: Auth URL for code flow with offline token access type", which is what I want - offline token. Needs a qualifier added "except for PKCE".&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;So does the PKCE URL change each time, or I only need to generate it once?&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Mon, 05 Sep 2022 21:15:46 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620575#M28603</guid>
      <dc:creator>donaldp</dc:creator>
      <dc:date>2022-09-05T21:15:46Z</dc:date>
    </item>
    <item>
      <title>Re: Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620576#M28604</link>
      <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/382186"&gt;@donaldp&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;...&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;So does the PKCE URL change each time, or I only need to generate it once?&lt;/SPAN&gt;&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;Technically it's possible to be a constant, but as I said before, why are you using PKCE in this case? 🤷 It becomes meaningless and I wouldn't give you such advice.&lt;/P&gt;</description>
      <pubDate>Mon, 05 Sep 2022 21:25:06 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620576#M28604</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-09-05T21:25:06Z</dc:date>
    </item>
    <item>
      <title>Re: Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620577#M28605</link>
      <description>&lt;P&gt;I'm using PKCE so that I don't have to send the secret, and is what the doco says to do.&lt;/P&gt;</description>
      <pubDate>Mon, 05 Sep 2022 21:28:27 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620577#M28605</guid>
      <dc:creator>donaldp</dc:creator>
      <dc:date>2022-09-05T21:28:27Z</dc:date>
    </item>
    <item>
      <title>Re: Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620767#M28639</link>
      <description>&lt;P&gt;The PKCE flow is the right choice for a client-side app, such as a desktop app. The PKCE flow can be used with or without a redirect URI.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;The PKCE flow eliminates the need for the app secret by instead using a code challenge/verifier. That's essentially a temporary secret generated by the app. A redirect URI can be used to return the authorization code to the app, but that's unrelated to the use of a code challenge/verifier.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;In order for the PKCE flow to be successful, the&amp;nbsp;code challenge/verifier needs to be validated by the Dropbox server. If it's invalid, the process will fail. Specifically, the&amp;nbsp;code_challenge set on the &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize" target="_blank"&gt;/oauth2/authorize&lt;/A&gt; URL used when retrieving the authorization code needs to correspond to the code_verifier sent to &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-token" target="_blank"&gt;/oauth2/token&lt;/A&gt; when attempting to exchange that particular authorization code. You can use the &lt;SPAN class="pl-en"&gt;&lt;SPAN class="pl-token" data-hydro-click="{&amp;quot;event_type&amp;quot;:&amp;quot;code_navigation.click_on_symbol&amp;quot;,&amp;quot;payload&amp;quot;:{&amp;quot;action&amp;quot;:&amp;quot;click_on_symbol&amp;quot;,&amp;quot;repository_id&amp;quot;:37572093,&amp;quot;ref&amp;quot;:&amp;quot;main&amp;quot;,&amp;quot;language&amp;quot;:&amp;quot;C#&amp;quot;,&amp;quot;backend&amp;quot;:&amp;quot;ALEPH_FUZZY&amp;quot;,&amp;quot;code_nav_context&amp;quot;:&amp;quot;BLOB_VIEW&amp;quot;,&amp;quot;retry_backend&amp;quot;:&amp;quot;&amp;quot;,&amp;quot;cross_repo_results_included&amp;quot;:&amp;quot;CROSS_REPO_NOT_ENABLED&amp;quot;,&amp;quot;in_repo_result_count&amp;quot;:1,&amp;quot;cross_repo_result_count&amp;quot;:0,&amp;quot;originating_url&amp;quot;:&amp;quot;https://github.com/dropbox/dropbox-sdk-dotnet/find-definition?q=PKCEOAuthFlow&amp;amp;blob_path=dropbox-sdk-dotnet%2FExamples%2FOAuthPKCE%2FProgram.cs&amp;amp;ref=main&amp;amp;language=C%23&amp;amp;row=182&amp;amp;col=40&amp;amp;code_nav_context=BLOB_VIEW&amp;quot;,&amp;quot;user_id&amp;quot;:8700917}}" data-hydro-click-hmac="5392b20ddeefdcaa601bdf541bf2d9743930cda613c85dfeb28db770fb47f85d"&gt;&lt;A href="https://dropbox.github.io/dropbox-sdk-dotnet/gh-pages/obj/api/Dropbox.Api.PKCEOAuthFlow.html" target="_blank"&gt;PKCEOAuthFlow&lt;/A&gt; in the official Dropbox .NET SDK, which will do most of the work for you. &lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;SPAN class="pl-en"&gt;&lt;SPAN class="pl-token" data-hydro-click="{&amp;quot;event_type&amp;quot;:&amp;quot;code_navigation.click_on_symbol&amp;quot;,&amp;quot;payload&amp;quot;:{&amp;quot;action&amp;quot;:&amp;quot;click_on_symbol&amp;quot;,&amp;quot;repository_id&amp;quot;:37572093,&amp;quot;ref&amp;quot;:&amp;quot;main&amp;quot;,&amp;quot;language&amp;quot;:&amp;quot;C#&amp;quot;,&amp;quot;backend&amp;quot;:&amp;quot;ALEPH_FUZZY&amp;quot;,&amp;quot;code_nav_context&amp;quot;:&amp;quot;BLOB_VIEW&amp;quot;,&amp;quot;retry_backend&amp;quot;:&amp;quot;&amp;quot;,&amp;quot;cross_repo_results_included&amp;quot;:&amp;quot;CROSS_REPO_NOT_ENABLED&amp;quot;,&amp;quot;in_repo_result_count&amp;quot;:1,&amp;quot;cross_repo_result_count&amp;quot;:0,&amp;quot;originating_url&amp;quot;:&amp;quot;https://github.com/dropbox/dropbox-sdk-dotnet/find-definition?q=PKCEOAuthFlow&amp;amp;blob_path=dropbox-sdk-dotnet%2FExamples%2FOAuthPKCE%2FProgram.cs&amp;amp;ref=main&amp;amp;language=C%23&amp;amp;row=182&amp;amp;col=40&amp;amp;code_nav_context=BLOB_VIEW&amp;quot;,&amp;quot;user_id&amp;quot;:8700917}}" data-hydro-click-hmac="5392b20ddeefdcaa601bdf541bf2d9743930cda613c85dfeb28db770fb47f85d"&gt;When using &lt;A href="https://dropbox.github.io/dropbox-sdk-dotnet/gh-pages/obj/api/Dropbox.Api.PKCEOAuthFlow.html" target="_blank"&gt;PKCEOAuthFlow&lt;/A&gt; in the Dropbox .NET SDK, you need to make sure you use the same instance for both &lt;A href="https://github.com/dropbox/dropbox-sdk-dotnet/blob/main/dropbox-sdk-dotnet/Examples/OAuthPKCE/Program.cs#L184" target="_blank"&gt;the GetAuthorizeUri step&lt;/A&gt; as well as &lt;A href="https://github.com/dropbox/dropbox-sdk-dotnet/blob/main/dropbox-sdk-dotnet/Examples/OAuthPKCE/Program.cs#L199" target="_blank"&gt;the ProcessCodeFlowAsync step&lt;/A&gt;, as shown in that example. That's because &lt;A href="https://github.com/dropbox/dropbox-sdk-dotnet/blob/7106a9e922d25277882aa7b76831136a7bb3d636/dropbox-sdk-dotnet/Dropbox.Api/DropboxOauth2Helper.cs#L682" target="_blank"&gt;the PKCEOAuthFlow class generates the code challenge/verifier when the instance is created&lt;/A&gt;.&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 06 Sep 2022 15:46:58 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620767#M28639</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-09-06T15:46:58Z</dc:date>
    </item>
    <item>
      <title>Re: Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620930#M28656</link>
      <description>&lt;P&gt;Hi&amp;nbsp;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/10"&gt;@Greg-DB&lt;/a&gt;&amp;nbsp;,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp; &amp;nbsp;Thanks for your polite-as-always explanation. &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@FBF7D2AB59A0D6E861EBF6A36F93B7E2/emoticons/1f642.png" alt=":slightly_smiling_face:" title=":slightly_smiling_face:" /&gt; That wasn't clear to me from the doco that the authorisation URL is different every time (since it's always been the same with non-PKCE), so might be worth highlighting that in the doco for others like me who are converting.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp; &amp;nbsp;I got it working now with an access token (wanted to try that first so that I can test my code handles it properly when it expires), but I did try to save a refresh token at the same time, as that's what I'll use later, and various info was telling me I would get one with a code authorisation flow, but I didn't get a refresh token, only the access token.&amp;nbsp; Is there another parameter or something I need to specify, because I thought I'd done everything I needed to get the refresh token too (for offline processing).&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;This is what I have so far...&lt;/P&gt;&lt;P&gt;```&lt;/P&gt;&lt;P&gt;PKCEOAuthFlow=new PKCEOAuthFlow();&lt;BR /&gt;AuthorisationURLText=PKCEOAuthFlow.GetAuthorizeUri(OAuthResponseType.Code,APIKEY).ToString(); (plus an option to copy this to the clipboard)&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;OAuth2Response dxResponse=await PKCEOAuthFlow.ProcessCodeFlowAsync(code,APIKEY);&lt;BR /&gt;DxAccessToken=dxResponse.AccessToken;&lt;BR /&gt;Trace.Write($"********************************** DxAccessToken is {DxAccessToken}\r\n");&lt;BR /&gt;if (dxResponse.ExpiresAt is DateTime) {&lt;BR /&gt;&amp;nbsp; &amp;nbsp; DxAccessTokenExpiry=(DateTime)dxResponse.ExpiresAt;&lt;BR /&gt;} else {&lt;BR /&gt;&amp;nbsp; &amp;nbsp; DxAccessTokenExpiry=DateTime.Now;&lt;BR /&gt;&amp;nbsp; &amp;nbsp; }&lt;BR /&gt;Trace.Write($"********************************** DxAccessTokenExpiry is {DxAccessTokenExpiry}\r\n");&lt;BR /&gt;DxRefreshToken=dxResponse.RefreshToken;&lt;BR /&gt;Trace.Write($"********************************** DxRefreshToken is {DxRefreshToken}\r\n");&lt;BR /&gt;Authorised=true;&lt;/P&gt;&lt;P&gt;```&lt;/P&gt;&lt;P&gt;But as I said, the refresh token came up blank.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;thanks,&lt;/P&gt;&lt;P&gt;&amp;nbsp; Donald.&lt;/P&gt;</description>
      <pubDate>Wed, 07 Sep 2022 09:08:36 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620930#M28656</guid>
      <dc:creator>donaldp</dc:creator>
      <dc:date>2022-09-07T09:08:36Z</dc:date>
    </item>
    <item>
      <title>Re: Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620967#M28659</link>
      <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/382186"&gt;@donaldp&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;..., but I didn't get a &lt;U&gt;&lt;STRONG&gt;refresh token&lt;/STRONG&gt;&lt;/U&gt;, only the access token.&amp;nbsp; Is there another parameter or something I need to specify, because I thought I'd done everything I needed to get the refresh token too (for &lt;U&gt;&lt;STRONG&gt;offline processing&lt;/STRONG&gt;&lt;/U&gt;).&lt;/P&gt;&lt;P&gt;...&lt;BR /&gt;AuthorisationURLText=PKCEOAuthFlow.GetAuthorizeUri(OAuthResponseType.Code,APIKEY).ToString();&lt;/P&gt;&lt;P&gt;...&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;Hi &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/382186"&gt;@donaldp&lt;/a&gt;,&lt;/P&gt;&lt;P&gt;Yes there is such parameter that you skipped. Refresh token is "in pair" with offline processing, but where you are specifying that? There is such a parameter 'tokenAccessType' (set to Legacy by default). Whenever some example uses refresh token the parameter is set to Offline.&amp;nbsp;&lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@41457EF40051AFF130FDBFE21B496926/emoticons/1f609.png" alt=":winking_face:" title=":winking_face:" /&gt; Just do the same.&lt;/P&gt;&lt;P&gt;There is a mistake in &lt;A title="TokenAccessType.Legacy" href="https://github.com/dropbox/dropbox-sdk-dotnet/blob/main/dropbox-sdk-dotnet/Dropbox.Api/DropboxOauth2Helper.cs#L46" target="_blank" rel="noopener"&gt;code comment&lt;/A&gt; and documentation that Legacy means long lived token. Sometime ago - Yes, but now it's obsolete.&lt;/P&gt;</description>
      <pubDate>Wed, 07 Sep 2022 12:02:43 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/620967#M28659</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-09-07T12:02:43Z</dc:date>
    </item>
    <item>
      <title>Re: Getting invalid request for PKCEOAuthFlow.ProcessCodeFlowAsync</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/621015#M28666</link>
      <description>&lt;P&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/382186"&gt;@donaldp&lt;/a&gt;&amp;nbsp;Здравко is correct, in order to receive a refresh token, you need to specify "offline" access. With the .NET SDK, you would do so in your GetAuthorizeUri call, by setting tokenAccessType: TokenAccessType.Offline, like &lt;A href="https://github.com/dropbox/dropbox-sdk-dotnet/blob/main/dropbox-sdk-dotnet/Examples/OAuthPKCE/Program.cs#L184" target="_blank"&gt;in the example here&lt;/A&gt;. It looks like that's missing in the GetAuthorizeUri call in the latest code you shared.&lt;/P&gt;</description>
      <pubDate>Wed, 07 Sep 2022 15:21:28 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Getting-invalid-request-for-PKCEOAuthFlow-ProcessCodeFlowAsync/m-p/621015#M28666</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-09-07T15:21:28Z</dc:date>
    </item>
  </channel>
</rss>

