Android SDK auth access token malformed when Access Token use in Dropbox JS SDK

harunctgbd · ‎12-10-2018

Recently I have included Dropbox in my ionic 1 android application through Dropbox JavaScript SDK for user data backup. I have used inAppBrowser for the authentication process. Everything is working perfectly and 100+ user already using this feature.

After 100+ user I have applied for production request but it's declined reason for OAuth app authorization flow inside a web view, instead of the system browser.

For handling this situation I have made an ionic plugin for native authentication flow of Dropbox android SDK. I have developed & configure my plugin using Dropbox android SDK (https://www.dropbox.com/developers-v1/core/sdks/android) for getting access token. This part also working fine and I am getting access token successfully.

But problem is, when I am sending my Access Token to JS SDK (https://github.com/dropbox/dropbox-sdk-js) it's returning 400 response The given OAuth 2 access token is malformed

var dbx = new Dropbox({ accessToken: ACCESS_TOKEN });
dbx.usersGetCurrentAccount()
.then(function(response) {    
	console.log(response);
}).catch(function(error) {    
	console.error(error);
});

In this situation what can I do? I can not figure out the solution

Greg-DB · ‎12-10-2018

[Cross-linking for reference: https://stackoverflow.com/questions/53699757/dropbox-android-sdk-auth-access-token-malformed-when-us... ]

Regardless of where/how you got a Dropbox API OAuth 2 access token, you should be able to use it to make Dropbox API v2 calls from any platform. For instance, a Dropbox API OAuth 2 access token retrieved via a Java/Android SDK can also be copied over and used via JavaScript.

The error message is indicating that the supplied access token is "malformed", i.e., it isn't in the expected format, so it sounds like perhaps you're accidentally modifying it when copying it over.

First, I recommend inspecting the access token string itself to see how it may be malformed. For instance, has it been accidentally truncated, or perhaps it has unexpected leading or trailing whitespace, etc.

For comparison, here's a sample OAuth 2 access token:

Zu9U1XOZl8QAAAAAAAOIULgRVgYHAjrusYASKTBRbaRpQXKJWpH9C4BwyJ9fpd6M

Note that it is one long string, using letters and numbers, with no whitespace.

(I retrieved this access token and revoked it, just for reference here. Please don't post your own access token.)

By the way, note that the SDK you linked to is for the retired API v1, and so is no longer officially supported. The OAuth app authorization flow implementation in that may still work, but we recommend using the current official API v2 Java SDK on Android instead.

harunctgbd · ‎12-11-2018

Thanks for your response. I have updated Official API v2 SDK for android but still, I am getting access token which says malformed.

I have tested with android native Logcat for ensuring that before passing the token to my js client side it is modifying or not. I found both are the same token that I am getting after authentication.

package cordova.plugin.dbxconnect;

import org.apache.cordova.CallbackContext;
import org.apache.cordova.CordovaPlugin;
import org.json.JSONArray;
import org.json.JSONException;

import android.util.Log;
import android.content.Context;

import com.dropbox.core.android.Auth;
import com.dropbox.core.v2.users.FullAccount;
import com.dropbox.core.android.AuthActivity;

public class DbxConnect extends CordovaPlugin {
    final static private String APP_KEY = "myAppKey";

    private static CallbackContext myCallbackContext;

    @Override
    public boolean execute(String action, JSONArray args, CallbackContext callbackContext) throws JSONException {

        if (action.equals("dbxAuth")) {
            this.dbxAuth(callbackContext);
            DbxConnect.myCallbackContext = callbackContext;
            return true;
        }
        return false;
    }

    private void dbxAuth(CallbackContext callbackContext) {
        Context context = this.cordova.getActivity().getApplicationContext();
        Auth.startOAuth2Authentication(context, APP_KEY);
    }

    @Override
    public void onResume(boolean multitasking) {
        super.onResume(multitasking);
        try {
            String accessToken = Auth.getOAuth2Token();
            Log.d("TOKEN",accessToken);
            DbxConnect.myCallbackContext.success(accessToken);
        } catch (IllegalStateException e) {
            DbxConnect.myCallbackContext.error("Drobox login fail");
        }
    }
}

Greg-DB · ‎12-11-2018

You mentioned you checked in LogCat on the Android side, but did you also add some logging to check on the JavaScript side? I recommend doing so if you haven't.

And then when you do inspect it in JavaScript, does it have the same format as the sample I shared in my previous post?

harunctgbd · ‎12-12-2018

Yes, I have checked both side and both side token received same. Here is one token which I retrieved and revoked it. There is no extra whitespace before or after the token string.

XMtgp6WiHTAAAAAAAAAC4XhwiE-frZfooOu0Hxu5EmTfGUU38c6KakU0uqQDM77t

I can not figure out what's the problem 😞

Greg-DB · ‎12-12-2018

Thanks. That does look valid. I also just tried it in the JavaScript SDK using your code and it worked as expected for me. (It failed with a 401 Unauthorized; the malformed check occurs first, so it would fail with the malformed error even if the token is revoked.)

Just to check, can you make sure you're not actually saving the token with that "Token:" prefix? I imagine that's just how you're printing it, but it would be good to make sure.

Otherwise, please share the rest of the relevant code to reproduce this so we can reproduce it here to investigate it.

harunctgbd · ‎12-12-2018

Thanks for your quick response. I used only token string. The leading 'Token:' that I used in my console log for debugging. I have added my plugin in a GitHub repository for your investigation.

I am using it in my ionic 1 application. You can investigate with this code Cordova, ionic other versions also.

1. Install plugin

cordova plugin add https://github.com/haruncpi/cordova-native-dbxconnect.git

2. Add activity in platforms/android/AndroidManifest.xml file

<activity android:configChanges="orientation|keyboard" android:launchMode="singleTask" android:name="com.dropbox.core.android.AuthActivity">
      <intent-filter>
          <data android:scheme="db-here_your_app_key" />
          <action android:name="android.intent.action.VIEW" />
          <category android:name="android.intent.category.BROWSABLE" />
          <category android:name="android.intent.category.DEFAULT" />
      </intent-filter>
</activity>

[N.B: Must change here_your_app_key with your app key]

3. Use in your js side

cordova.plugins.DbxConnect.dbxAuth(here_your_app_key, 
  function (token) {
      console.log(token)
  }, function (error) {
      console.log(error)
  })

[N.B: Must change here_your_app_key with your app key]

I hope I'll get a solution asap. My app users getting a bad experience with this issue.

Greg-DB · ‎12-13-2018

Nothing in the code you've provided so far looks problematic.

Unfortunately Cordova isn't officially supported by Dropbox though, so I'm afraid I don't have experience using it. Can you share a complete sample including all of the code necessary so we can reproduce this?

harunctgbd · ‎12-13-2018

Actually, it does not matter of Cordova. The total auth process is happening android side with Official Dropbox SDK. After successful authentication, the Cordova callback just passing the access token noting else and there is no confusion Cordova is modifying the access token. I have confirmed that the access token before passing and successful authentication both are same.

I have provided sufficient code and my plugin to investigation if you are familiar with Cordova or ionic.

By the way, If I provide a total a sample project with integrating my plugin you need to build, debug to investigate the problem. Could you do that if you are not familiar with the Cordova or ionic development process?

harunctgbd · ‎12-14-2018

I have added a total sample project https://github.com/haruncpi/testdropbox

- clone the repo.

You need to change two files with the app key

1. www/js/controllers.js

2. platforms/android/AndroidManifest.xml

For run the project you have required

1. Node v6.14*

2. Cordova 6.0 install it by npm install -g cordova@6.0.0

3. ionic 1.7 install it by npm install -g ionic@1.7.15

For running app run the command

ionic run [it will install the app to connected device or emulator]

For debugging and show the log in the console run the command below

ionic run -l -c -s

I have done all stuff what you required. Hopefully, I'll get a solution. Thanks for your cooperations.

Android SDK auth access token malformed when Access Token use in Dropbox JS SDK

Android SDK auth access token malformed when Access Token use in Dropbox JS SDK

Top contributors to this post