Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
Hi
I'm wondering about the call to
https://api.dropbox.com/1/oauth2/token_from_oauth1
to automatically upgrade a user's token from the v1 to the v2 api. I have this working well in my app and from the user's point of view the upgrade is seamless.
Is this upgrade endpoint going to stop working too towards the end of June 2017? I have no control over when my users choose to login - it is possible that they may not log in again and trigger the upgrade until after this date. If that endpoint does not work, then they will have to manually login again to Dropbox. I would like to avoid this if possible.
Thanks
You don't need to be already authorized for API v2 to use this endpoint. This endpoint just requires the app key, secret, and OAuth 1 access token (key and secret), not an OAuth 2 access token.
The issue you're running in to is that /2/auth/token/from_oauth1 uses "app authentication" (i.e., you should provide the app key and secret as Basic auth to authorize the HTTP call itself) but you're trying to use "user authentication" (i.e., you're trying to provide a Bearer token to authorize the API call itself). The expected authentication type is a field in the documentation here:
https://www.dropbox.com/developers/documentation/http/documentation#auth-token-from_oauth1
You can find information on the different authentication types, e.g., "app authentication", here:
https://www.dropbox.com/developers/reference/auth-types#app
(This is a bit confusing in this case, since the /2/auth/token/from_oauth1 endpoint expects "app authentication", but also happens to take an access token key/secret as parameters to the API call.)
So, for your HTTP request, you should instead use an Authorization header like this:
Authorization: Basic <base64(APP_KEY:APP_SECRET)>
The app authentication documentation elaborates on that example.
We're also working on building this in to SwiftyDropbox itself, but that's not ready quite yet.
Hi Greg
Thanks for the response. I've been unable to get this to work as it seems to require me to be authorised already for V2. Is this right?
I am trying to use it like this (on the Mac and iOS using the objective-C V1 Core SDK and the SwiftyDropbox V2 SDK in the same app):
1. User is already logged into V1 - has OAUTH1 token and token secret in keychain
2. User not logged in yet to V2 - ie hasn't got OAUTH2 token in keychain
3. The apps uses the V1 API to get a migrated V2 token using the endpoint:
https://api.dropbox.com/1/oauth2/token_from_oauth1
4. From then on the app uses the V2 API and the new token
This is all working great, but since the V1 endpoint is going to disappear at end of June I'd like to start using the V2 endpoint for the migration as you suggested above.
But since the user isn't logged in using V2 yet, I can't seem to get the V2 endpoint to work - possibly something wrong with authorisation.
Here's the request when I use the V2 endpoint:
POST /2/auth/token/from_oauth1 HTTP/1.1 Host: api.dropbox.com Content-Type: application/json User-Agent: MYAPP CFNetwork/760.6.3 Darwin/15.6.0 (x86_64) Connection: keep-alive Proxy-Connection: keep-alive Accept: */* Accept-Language: en-us Content-Length: 86 Accept-Encoding: gzip, deflate Authorization: Bearer <TOKEN> Pragma: no-cache Cache-Control: no-cache { "oauth1_token" : "yyy", "oauth1_token_secret" : "zzz" }
And the response:
HTTP/1.1 400 Bad Request Server: nginx Date: Sun, 12 Mar 2017 15:14:19 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 115 Connection: keep-alive X-Dropbox-Request-Id: a4f6b0905dc3cbe249fd52576f0aacc5 Expires: 0 Cache-Control: no-cache Error in call to API function "auth/token/from_oauth1": Invalid HTTP header "Authorization": expecting "Basic" auth
Am I doing something wrong? What do I put for the "Authorization" header - I'm not sure what to add for <TOKEN> since at this point I don't have a V2 token.
Many thanks
You don't need to be already authorized for API v2 to use this endpoint. This endpoint just requires the app key, secret, and OAuth 1 access token (key and secret), not an OAuth 2 access token.
The issue you're running in to is that /2/auth/token/from_oauth1 uses "app authentication" (i.e., you should provide the app key and secret as Basic auth to authorize the HTTP call itself) but you're trying to use "user authentication" (i.e., you're trying to provide a Bearer token to authorize the API call itself). The expected authentication type is a field in the documentation here:
https://www.dropbox.com/developers/documentation/http/documentation#auth-token-from_oauth1
You can find information on the different authentication types, e.g., "app authentication", here:
https://www.dropbox.com/developers/reference/auth-types#app
(This is a bit confusing in this case, since the /2/auth/token/from_oauth1 endpoint expects "app authentication", but also happens to take an access token key/secret as parameters to the API call.)
So, for your HTTP request, you should instead use an Authorization header like this:
Authorization: Basic <base64(APP_KEY:APP_SECRET)>
The app authentication documentation elaborates on that example.
We're also working on building this in to SwiftyDropbox itself, but that's not ready quite yet.
Greg
That worked great. I knew I was doing something wrong.
Many thanks!
This endpoint (https://api.dropbox.com/2/auth/token/from_oauth1) is pretending to use old app authentication?
Authorization: Basic <Base64(key:secret)>
Even if is part of APIV2, do I need to configure something on the app to enable V2?
Cause I verified my data and all was good, I have my app_id, app_secret, my oauth_key, and my oauth_secret, but I'm receiving:
invalid_oauth1_token_info
I played with my authorization header, so I could say authorization was good
@OneLoginAdmin I'm not sure I understand what you mean when you say it "is pretending to use old app authentication?". The /2/auth/token/from_oauth1 endpoint is an API v2 endpoint that uses app authentication. That means it requires the app key and secret as Basic credentials, and takes the OAuth 1 access token key and secret as parameters in JSON in the request body.
You don't need to enable anything to use that endpoint. You would just need the four valid distinct values: app key, app secret, OAuth 1 access token key, OAuth 1 access token secret.
The invalid_oauth1_token_info error indicates that the OAuth 1 access token you're supplying is not valid. You only need to use this endpoint if you have old valid OAuth 1 access tokens (i.e., from API v1) that you need to migrate to OAuth 2, e.g., for use with API v2. Where did you get your OAuth 1 access token? Are you sure it's still valid? Please double check that you're sending the correct values. If everything is correct, please share the code that isn't working as expected so we can take a look.
I'm pretty sure they are valid I just generated them recently and then I hit endpoint using postman:
@OneLoginAdmin This endpoint now supports Dropbox Business API apps.
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!