How to use OAuth2 authentication APIs

ptallett · ‎03-15-2017

I am writing a UWP app on Windows 10 with the .NET Dropbox API and want to allow users to login to their Dropbox. Note this is not a web app and I don't have a browser control.

var authUri = DropboxOAuth2Helper.GetAuthorizeUri(OAuthResponseType.Token, appKey, "http://localhost", appSecret, true, false);
var result = await WebAuthenticationBroker.AuthenticateAsync(WebAuthenticationOptions.None, authUri, redirect);

I always get a 400 Bad Request in the event log. What am I doing wrong? I've registered http://localhost on the portal.

Cheers,
Paul

ptallett · ‎03-16-2017

I solved it! The redirect URL has to be registered with a trailing slash.

Thanks for your help.

I'm not clear how long my token will last and how I refresh it, could you explain.

Love your API by the way, was a breeze to integrate into my app (except for this auth issue).

Suggestions for improvement:

- things like SearchMode.FilenameAndContent.Instance should be enums that are "or"able

- Would like to search on content only, not name and content

- I'd like a created date for the files and a size for folders

- I'd like wildcards in the search - MyF??e.j*g

- In fact the Google Drive API has a whole query language for search which is quite nice

- Sharing.CreateSharedLinkWithSettingsAsync throwing an exception when the link already exists is dumb. Just return it to me, don't care if its already created

- The Search API and List API should be merged into one API IMHO, but not a big deal

- Thumbnails for PDF and PPT would be nice (like Google)

- Content indexing of PDF and PPT would be nice (there are free IFilters for these)

- Auth should save the token so I don't need to auth every time

Cheers,

Paul

View solution in original post

Greg-DB · ‎03-15-2017

Can you share the full URL for the 400 error (and any other error/output you're getting)? Thanks in advance!

ptallett · ‎03-16-2017

I've turned on logging and get this in the event log (keys changed to protect the innocent):

AuthHost encountered a navigation error at URL: <https://www.dropbox.com/1/oauth2/authorize?response_type=token&client_id=nfruabcdefg6g64&redirect_ur...> with HttpStatusCode: 400.

Information: AuthHost encountered Meta Tag: mswebdialog-title with content: <Can't connect to the service>.

Information: AuthHost completed document from URL: <res://authhost.exe/error.html?fgcolor=000000&bgcolor=ffffff>.

Running Fiddler I got this too:

AuthHost encountered a navigation error at URL: <https://www.dropbox.com/1/oauth2/authorize?response_type=token&client_id=nfruabcdefg6g64&redirect_ur...> with StatusCode: 0x800C0005.

I can't see any of the responses in Fiddler but the error is different in any case so probably not useful.

The UI dialog just shows a "can't connect right now" error and I don't get asked for my credentials.

Changing the Auth Type to "Code" and the redirect Url to null, I do get prompted for my credentials and can get through the auth flow, but at the end it just displays the token on the screen and does not pass it back to my app. Passing a non-null redirect url with "Code" gives me the 400 error again.

Cheers,

Paul

ptallett · ‎03-16-2017

I suspect you could repro the error by creating a blank UWP app and adding the two lines in the original post with your appKey and appSecret.

Cheers,

Paul

ptallett · ‎03-16-2017

I solved it! The redirect URL has to be registered with a trailing slash.

Thanks for your help.

I'm not clear how long my token will last and how I refresh it, could you explain.

Love your API by the way, was a breeze to integrate into my app (except for this auth issue).

Suggestions for improvement:

- things like SearchMode.FilenameAndContent.Instance should be enums that are "or"able

- Would like to search on content only, not name and content

- I'd like a created date for the files and a size for folders

- I'd like wildcards in the search - MyF??e.j*g

- In fact the Google Drive API has a whole query language for search which is quite nice

- Sharing.CreateSharedLinkWithSettingsAsync throwing an exception when the link already exists is dumb. Just return it to me, don't care if its already created

- The Search API and List API should be merged into one API IMHO, but not a big deal

- Thumbnails for PDF and PPT would be nice (like Google)

- Content indexing of PDF and PPT would be nice (there are free IFilters for these)

- Auth should save the token so I don't need to auth every time

Cheers,

Paul

Greg-DB · ‎03-16-2017

Thanks for following up. I'm glad to hear you got this sorted out already. By the way, on the Dropbox side of things, a trailing slash isn't strictly required on a redirect URI, but it is required that the pre-registered redirect URI exactly match the value supplied in the redirect_uri parameter on /authorize. That would include matching the existence or non-existence of a trailing slash.

If they didn't match, you would get an error on /authorize like that. One way to debug that would be to copy the actual /authorize URL and open it in your own browser. The page would show a specific error message.

Anyway, access tokens don't expire by themselves, but they can be revoked by the user or app at any time.

And thanks for the list of feedback! I'll send it along to the team.

ptallett · ‎03-16-2017

Thanks for the quick response, I indeed clicked on the URL and got an error message which was how I figured it out. The trailing slash was being added by the Uri class I think - I was not putting it in but it was getting sent which was confusing and without an error message, hard to isolate.

Cheers,

Paul

Greg-DB · ‎03-16-2017

By the way, I'm not sure I understand this suggestion:

"things like SearchMode.FilenameAndContent.Instance should be enums that are "or"able"

Can you elaborate? Thanks in advance!

ptallett · ‎03-17-2017

I just checked and both of the following append the slash to the redirect URL:

Uri redirect = new Uri("https://localhost");
var authUri = DropboxOAuth2Helper.GetAuthorizeUri(OAuthResponseType.Token, appKey, redirect, state, false, false);

var authUri = DropboxOAuth2Helper.GetAuthorizeUri(OAuthResponseType.Token, appKey, "https://localhost", state, false, false);

Perhaps your registration page should suggest adding the trailing slash to avoid others running into this.

Regarding "or"able enums, lets take SearchMode as an example. The current implementation is neither intuitive or scalable. If you want to extend the API in the future with a new field that you can search on, you have to add every permutation of the flags as a definition - SearchMode.Description, SearchMode.FilenameAndDescription, SearchMode.FilenameAndContentAndDescription. These would normally be defined in C# as a Flags enum:

    [Flags]
    public enum SearchMode
    {
        Filename = 1,
        Content = 2,
        Description = 4,
        AnythingElse = 8
    }
           SearchMode mode = SearchMode.Filename | SearchMode.Content;
            if (searchDescription)
                mode |= SearchMode.Description;

A lot of discussion here: http://stackoverflow.com/questions/8447/what-does-the-flags-enum-attribute-mean-in-c

By the way, you can download my app here if you'd like to try it: http://www.modernfileexplorer.com

Cheers,

Paul

Greg-DB · ‎03-17-2017

Thanks for clarifying, that's very helpful!

How to use OAuth2 authentication APIs

How to use OAuth2 authentication APIs

Top contributors to this post