<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Qt OAuth get refresh token in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Qt-OAuth-get-refresh-token/m-p/645658#M29644</link>
    <description>&lt;P&gt;Please note that when calling /oauth2/token, you should not include an access token. The /oauth2/token endpoint can be used to exchange an authorization code for an access token and optional refresh token, or to use a refresh token to get a new access token. It does not itself expect or accept an access token as input. When calling /oauth2/token, the "Authorization" header is a way to supply the app key and secret, as an alternative to the client_id and client_secret parameters. You can find more information in &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-token" target="_self"&gt;the documentation for /oauth2/token&lt;/A&gt;, as well as &lt;A href="https://dropbox.tech/developers/using-oauth-2-0-with-offline-access#using-offline-access" target="_blank"&gt;this blog post which contains a useful example&lt;/A&gt;.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;You should only set the redirect_uri parameter on /oauth2/token if you used a redirect_uri on /oauth2/authorize when retrieving the authorization code, and if so, it must exactly match that redirect_uri value.&lt;/P&gt;</description>
    <pubDate>Wed, 21 Dec 2022 16:14:26 GMT</pubDate>
    <dc:creator>Greg-DB</dc:creator>
    <dc:date>2022-12-21T16:14:26Z</dc:date>
    <item>
      <title>Qt OAuth get refresh token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Qt-OAuth-get-refresh-token/m-p/645634#M29641</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I try to get my refresh token after going throw the basic authentification flow with PKCE.&lt;/P&gt;&lt;P&gt;Here my code :&lt;/P&gt;&lt;LI-CODE lang="cpp"&gt;connect(m_auth, &amp;amp;QAbstractOAuth2::authorizationCallbackReceived,[=](const QVariantMap data){
  if (false == data.isEmpty())
  {
     QString authCode = data.value("code").toString();
     if(!authCode.isEmpty())
     {
        qDebug() &amp;lt;&amp;lt; authCode; //GOT an authentification Code
        QVariantMap parameters;
        parameters.insert("code", authCode);
        parameters.insert("grant_type","authorizatioon_code");
        parameters.insert("client_id",apiKey);
        parameters.insert("client_secret",apiSecret);

        QNetworkReply *reply = m_auth-&amp;gt;post("https://api.dropboxapi.com/oauth2/token",parameters);
        connect(reply, &amp;amp;QNetworkReply::finished,this,&amp;amp;MyClass::getRefreshToken);
     }
  }
});

void MyClass::getRefreshToken()
{
    auto reply = qobject_cast&amp;lt;QNetworkReply*&amp;gt;(sender());
    Q_ASSERT(reply);

    const auto data = reply-&amp;gt;readAll();
    qDebug() &amp;lt;&amp;lt; "data " &amp;lt;&amp;lt; data;
}&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I got this error :&lt;/P&gt;&lt;P&gt;"{\"error\": \"invalid_request\", \"error_description\": \"Can't use \\\"Authorization\\\" header and \\\"client_secret\\\" arg together.\"}"&lt;/P&gt;</description>
      <pubDate>Wed, 21 Dec 2022 14:48:07 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Qt-OAuth-get-refresh-token/m-p/645634#M29641</guid>
      <dc:creator>sarahModulo</dc:creator>
      <dc:date>2022-12-21T14:48:07Z</dc:date>
    </item>
    <item>
      <title>Re: Qt OAuth get refresh token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Qt-OAuth-get-refresh-token/m-p/645639#M29642</link>
      <description>&lt;P&gt;This error message is indicating that the request contained both an "Authorization" header as well as the client_id and/or client_secret parameter. While Dropbox accepts the app key and secret in either, you should only use one or the other. That is, the request needs to contain either only the "Authorization" header or only the client_id and client_secret parameters.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;In your code, I see you are setting the "client_id" and "client_secret" parameters. I don't see you explicitly setting the "Authorization" header, so it looks like you're either setting it in some other version or part of the code not shown here, or it's being set by your network client automatically. Either way, you'll need to debug that you make sure you only set one or the other. We can't provide support for Qt/QNetworkReply in particular though, as it's not made by Dropbox.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;By the way, you have a typo in "authorizatioon_code"; it should be "authorization_code".&lt;/P&gt;</description>
      <pubDate>Wed, 21 Dec 2022 15:13:33 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Qt-OAuth-get-refresh-token/m-p/645639#M29642</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-12-21T15:13:33Z</dc:date>
    </item>
    <item>
      <title>Re: Qt OAuth get refresh token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Qt-OAuth-get-refresh-token/m-p/645649#M29643</link>
      <description>&lt;P&gt;In postman I have the same issus if I set an Access Token in Authorization part.&lt;/P&gt;&lt;P&gt;Here the post request "&lt;SPAN&gt;&lt;A href="https://www.dropboxforum.com/" target="_blank"&gt;https://api.dropboxapi.com/oauth2/token?code=&amp;lt;AuthorizationCode&amp;gt;&amp;amp;grant_type=authorization_code&amp;amp;client_id=&amp;lt;api_id&amp;gt;&amp;amp;client_secret=&amp;lt;api_secret&amp;gt;"&lt;/A&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;error&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;&lt;DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;{&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;"error"&lt;/SPAN&gt;&lt;SPAN&gt;:&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;"invalid_request"&lt;/SPAN&gt;&lt;SPAN&gt;,&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;"error_description"&lt;/SPAN&gt;&lt;SPAN&gt;:&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;"Can't&amp;nbsp;use&amp;nbsp;\"Authorization\"&amp;nbsp;header&amp;nbsp;and&amp;nbsp;\"client_secret\"&amp;nbsp;arg&amp;nbsp;together."&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;}&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&amp;nbsp;&lt;/DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;if I remove client_id and client_secret from the post request&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;post request :&amp;nbsp;"&lt;A href="https://www.dropboxforum.com/" target="_blank"&gt;https://api.dropboxapi.com/oauth2/token?code=&amp;lt;AuthorizationCode&amp;gt;&amp;amp;grant_type=authorization_code"&lt;/A&gt;&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;error&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&lt;DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;{&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;"error"&lt;/SPAN&gt;&lt;SPAN&gt;:&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;"invalid_request"&lt;/SPAN&gt;&lt;SPAN&gt;,&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;"error_description"&lt;/SPAN&gt;&lt;SPAN&gt;:&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;"The&amp;nbsp;request&amp;nbsp;parameters&amp;nbsp;do&amp;nbsp;not&amp;nbsp;match&amp;nbsp;any&amp;nbsp;of&amp;nbsp;the&amp;nbsp;supported&amp;nbsp;authorization&amp;nbsp;flows.&amp;nbsp;Please&amp;nbsp;refer&amp;nbsp;to&amp;nbsp;the&amp;nbsp;API&amp;nbsp;documentation&amp;nbsp;for&amp;nbsp;the&amp;nbsp;correct&amp;nbsp;parameters."&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;}&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&amp;nbsp;&lt;/DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;If I remove my Access Token in Authorization part&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;with post request "&lt;A href="https://www.dropboxforum.com/" target="_blank"&gt;https://api.dropboxapi.com/oauth2/token?code=&amp;lt;AuthorizationCode&amp;gt;&amp;amp;grant_type=authorization_code&amp;amp;client_id=&amp;lt;api_id&amp;gt;&amp;amp;client_secret=&amp;lt;api_secret&amp;gt;"&lt;/A&gt;&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;error&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&lt;DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;{&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;"error"&lt;/SPAN&gt;&lt;SPAN&gt;:&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;"invalid_grant"&lt;/SPAN&gt;&lt;SPAN&gt;,&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;"error_description"&lt;/SPAN&gt;&lt;SPAN&gt;:&amp;nbsp;&lt;/SPAN&gt;&lt;SPAN&gt;"redirect_uri&amp;nbsp;mismatch"&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;}&lt;/SPAN&gt;&lt;/DIV&gt;&lt;DIV&gt;&lt;SPAN&gt;But Callback URL is the one I set in my dropBox Api... Should I put an other redirect_uri ? And which one ? And where should I set it ? In Param section or Authorization section ?&lt;/SPAN&gt;&lt;/DIV&gt;&lt;/DIV&gt;&lt;/DIV&gt;&lt;/DIV&gt;&lt;/DIV&gt;&lt;/DIV&gt;</description>
      <pubDate>Wed, 21 Dec 2022 15:52:32 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Qt-OAuth-get-refresh-token/m-p/645649#M29643</guid>
      <dc:creator>sarahModulo</dc:creator>
      <dc:date>2022-12-21T15:52:32Z</dc:date>
    </item>
    <item>
      <title>Re: Qt OAuth get refresh token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Qt-OAuth-get-refresh-token/m-p/645658#M29644</link>
      <description>&lt;P&gt;Please note that when calling /oauth2/token, you should not include an access token. The /oauth2/token endpoint can be used to exchange an authorization code for an access token and optional refresh token, or to use a refresh token to get a new access token. It does not itself expect or accept an access token as input. When calling /oauth2/token, the "Authorization" header is a way to supply the app key and secret, as an alternative to the client_id and client_secret parameters. You can find more information in &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-token" target="_self"&gt;the documentation for /oauth2/token&lt;/A&gt;, as well as &lt;A href="https://dropbox.tech/developers/using-oauth-2-0-with-offline-access#using-offline-access" target="_blank"&gt;this blog post which contains a useful example&lt;/A&gt;.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;You should only set the redirect_uri parameter on /oauth2/token if you used a redirect_uri on /oauth2/authorize when retrieving the authorization code, and if so, it must exactly match that redirect_uri value.&lt;/P&gt;</description>
      <pubDate>Wed, 21 Dec 2022 16:14:26 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Qt-OAuth-get-refresh-token/m-p/645658#M29644</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-12-21T16:14:26Z</dc:date>
    </item>
    <item>
      <title>Re: Qt OAuth get refresh token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Qt-OAuth-get-refresh-token/m-p/645674#M29645</link>
      <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1600248"&gt;@sarahModulo&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;...&lt;/P&gt;&lt;PRE&gt;...
        QNetworkReply &lt;SPAN class=""&gt;*&lt;/SPAN&gt;reply &lt;SPAN class=""&gt;=&lt;/SPAN&gt; m_auth&lt;SPAN class=""&gt;-&lt;/SPAN&gt;&lt;SPAN class=""&gt;&amp;gt;&lt;/SPAN&gt;&lt;FONT color="#FF0000"&gt;&lt;U&gt;&lt;STRONG&gt;&lt;SPAN class=""&gt;post&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;/U&gt;&lt;/FONT&gt;&lt;SPAN class=""&gt;(&lt;/SPAN&gt;&lt;SPAN class=""&gt;"https://api.dropboxapi.com/oauth2/token"&lt;/SPAN&gt;&lt;SPAN class=""&gt;,&lt;/SPAN&gt;parameters&lt;SPAN class=""&gt;)&lt;/SPAN&gt;&lt;SPAN class=""&gt;;&lt;/SPAN&gt;&lt;BR /&gt;...&lt;/PRE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I got this error :&lt;/P&gt;&lt;P&gt;"{\"error\": \"invalid_request\", \"error_description\": \"Can't use \\\"Authorization\\\" header and \\\"client_secret\\\" arg together.\"}"&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;Hi &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1600248"&gt;@sarahModulo&lt;/a&gt;,&lt;/P&gt;&lt;P&gt;Yes, that's normal. The post method you're using implies authentication (i.e. includes 'Bearer' authentication). You are doing something the class you're using already implements. &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@41457EF40051AFF130FDBFE21B496926/emoticons/1f609.png" alt=":winking_face:" title=":winking_face:" /&gt; You're repeating in your code something already done! This explains the received error message. Read the documentation with bit more care.&lt;/P&gt;&lt;P&gt;Use the same post method to only call all regular API calls (i.e. the calls intended to use 'Bearer' authentication), not to call intended to receive any kind of token (as you are using incorrectly now).&lt;/P&gt;&lt;P&gt;Hope this gives direction.&lt;/P&gt;</description>
      <pubDate>Wed, 21 Dec 2022 16:50:00 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Qt-OAuth-get-refresh-token/m-p/645674#M29645</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-12-21T16:50:00Z</dc:date>
    </item>
  </channel>
</rss>

