cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Access token is not being accepted from local server

Labels:

Access token is not being accepted from local server

njclonch
Explorer | Level 3
‎12-04-2017 07:56 AM

After successfully receiving an access token from the `oauth2/authorize` endpoint, I have attempted to submit the access token to `sharing/get_shared_link_metadata` along with the URL of a shared link. Several attempts have returned me with a 401 error. So I tried submitting an access token, which was generated from the app page, but with no success. However, when I copied/pasted my code to phpfiddle.com, the request returned successfully. So the issue seems to exist only in the request from my virtual server.

 

I have no clue what issue could exist in a request from a virtual server, so any help would be greatly appreciated.

 

Labels:
  • 0 Likes
  • 12 Replies
  • 3,206 Views
0 Likes
12 Replies 12

Greg-DB
Dropbox Staff
‎12-04-2017 09:00 AM
Can you share your code and the full error response? Thanks in advance!
0 Likes

njclonch
Explorer | Level 3
‎12-04-2017 10:41 AM

request:

public function getDropboxMetadata($url, $token)
{
	$ch = curl_init();

	curl_setopt($ch, CURLOPT_URL, 'https://api.dropboxapi.com/2/sharing/get_shared_link_metadata');
	curl_setopt($ch, CURLOPT_HTTPHEADER, [
		'Authorization: Bearer ' . $token,
		'Content-Type: application/json']);
	curl_setopt($ch, CURLOPT_POST, true);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
	curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(['url' => $url]));

	$result = curl_exec($ch);

	curl_close($ch);

	return $result;
}

 

response:

error: {
	code: 401,
	errors: {
		0: {
			domain: "global",
			location: "Authorization",
			locationType: "header",
			message: "Invalid Credentials",
			reason: "authError"
		}
	},
	message: "Invalid Credentials"
}
0 Likes

Greg-DB
Dropbox Staff
‎12-04-2017 11:59 AM
Thanks! I just tried this out, and it's working for me.

Are you sure you're passing in a valid access token? I recommend printing out the $token just before you set the headers. It should be a 64 character string consisting of letters, numbers, and some symbols.
0 Likes

njclonch
Explorer | Level 3
‎12-04-2017 12:31 PM

My issue is not with the code itself, because I've received a successful response when I've used it on phpfiddle.com. My issue is that I'm getting an error response on my local virtual server, and I have no clue why. I am hoping you may have some insight.

0 Likes

Greg-DB
Dropbox Staff
‎12-04-2017 12:34 PM
That indicates that something is wrong with the API request when made from your server. You'll need to inspect the request being made on your server. Since you're getting a 401, it seems likely that there is an issue with the access token. More generally, if you can print out the actual HTTP request that would likely be helpful.

I'd be happy to take a look, but please don't post any output that contains an actual access token of course.
0 Likes

njclonch
Explorer | Level 3
‎12-05-2017 09:29 AM

My process starts with a request for authorization:

 

function requestDropboxAuth()
{
    $url = 'https://www.dropbox.com/oauth2/authorize';
    $data = [
	'client_id' => '<client_id>',
	'redirect_uri' => 'https://domain.com/validate/dropbox',
	'response_type' => 'code'
    ];

    header('Location: ' . $url . '?' . http_build_query($data));
    die();
}

 

This redirects me to the provided URI, with the following in the URL's parameters: '?code=<code>'

 

I then grab the <code> and submit a request via JavaScript&colon;

 

function exchangeCodeForToken(code)
{
    if (code)
    {
	var xhr 	    = new XMLHttpRequest(),
	    oauth2Endpoint  = 'https://api.dropboxapi.com/oauth2/token',
	    clientId 	    = '<client_id>',
	    clientSecret    = '<client_secret>',
	    grantType 	    = 'authorization_code',
	    redirectUri     = location.origin + location.pathname;

	xhr.open('POST', oauth2Endpoint + '?code=' + code +
	    '&grant_type=' + grantType + '&redirect_uri=' + redirectUri +
	    '&client_id=' + clientId + '&client_secret=' + clientSecret);

	xhr.onreadystatechange = function(e)
	{
	    var response = JSON.parse(xhr.response);

	    if (xhr.readyState)
	    {
		if (xhr.status == 200 && response.access_token)
		{
		    localStorage.setItem('dropbox-auth', JSON.stringify(response));
		}
		else
		{
		    console.log('There was an error processing the token, another response was returned, or the token was invalid.');
		}
	    }
	};

	    xhr.send(null);
	}
}

 

The request headers from this are:

 

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.9
Cache-Control:no-cache
Connection:keep-alive
Cookie: [long string]
Host:domain.com
Pragma:no-cache
Referer:https://domain.com
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36

 

I save the access token, and then submit it with:

 

function getDropboxMetadata($url, $token)
{
    $ch = curl_init();

    curl_setopt($ch, CURLOPT_URL, 'https://api.dropboxapi.com/2/sharing/get_shared_link_metadata');
    curl_setopt($ch, CURLOPT_HTTPHEADER, [
	'Authorization: Bearer ' . $token,
	'Content-Type: application/json']);
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(['url' => $url]));

    $result = curl_exec($ch);

    curl_close($ch);

    return $result;
}

 

The request headers from this are:

 

Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.9
Cache-Control:no-cache
Connection:keep-alive
Content-Length:310
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Cookie: [long string]
Host:domain.com
Origin:https://domain.com
Pragma:no-cache
Referer:https://domain.com
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
X-Requested-With:XMLHttpRequest
0 Likes

Greg-DB
Dropbox Staff
‎12-05-2017 09:35 AM
Can you print out the request, or at least the token, to see what's getting sent by this code?
0 Likes

njclonch
Explorer | Level 3
‎12-05-2017 09:52 AM

I added request headers to my previous post, which follow each respective request.

 

Thanks for your help. Let me know if you need more info.

0 Likes

Greg-DB
Dropbox Staff
‎12-05-2017 09:58 AM
Thanks. That appears to the be headers for a web request though (to your own app?) and not for the API call itself.
0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    njclonch Explorer | Level 3
  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?