Migration from v1 to v2 API - automatic token upgrade

Dearbhla · ‎03-04-2017

Hi

I'm wondering about the call to

https://api.dropbox.com/1/oauth2/token_from_oauth1

to automatically upgrade a user's token from the v1 to the v2 api. I have this working well in my app and from the user's point of view the upgrade is seamless.

Is this upgrade endpoint going to stop working too towards the end of June 2017? I have no control over when my users choose to login - it is possible that they may not log in again and trigger the upgrade until after this date. If that endpoint does not work, then they will have to manually login again to Dropbox. I would like to avoid this if possible.

Thanks

Greg-DB · ‎03-13-2017

You don't need to be already authorized for API v2 to use this endpoint. This endpoint just requires the app key, secret, and OAuth 1 access token (key and secret), not an OAuth 2 access token.

The issue you're running in to is that /2/auth/token/from_oauth1 uses "app authentication" (i.e., you should provide the app key and secret as Basic auth to authorize the HTTP call itself) but you're trying to use "user authentication" (i.e., you're trying to provide a Bearer token to authorize the API call itself). The expected authentication type is a field in the documentation here:

https://www.dropbox.com/developers/documentation/http/documentation#auth-token-from_oauth1

You can find information on the different authentication types, e.g., "app authentication", here:

https://www.dropbox.com/developers/reference/auth-types#app

(This is a bit confusing in this case, since the /2/auth/token/from_oauth1 endpoint expects "app authentication", but also happens to take an access token key/secret as parameters to the API call.)

So, for your HTTP request, you should instead use an Authorization header like this:

Authorization: Basic <base64(APP_KEY:APP_SECRET)>

The app authentication documentation elaborates on that example.

We're also working on building this in to SwiftyDropbox itself, but that's not ready quite yet.

View solution in original post

Greg-DB · ‎03-06-2017

Yes, that endpoint is considered part of API v1, so it will be retired with API v1.

We have an API v2 equivalent that you can switch to instead though, at /2/auth/token/from_oauth1:

https://www.dropbox.com/developers/documentation/http/documentation#auth-token-from_oauth1

Hope this helps!

Dearbhla · ‎03-12-2017

Hi Greg

Thanks for the response. I've been unable to get this to work as it seems to require me to be authorised already for V2. Is this right?

I am trying to use it like this (on the Mac and iOS using the objective-C V1 Core SDK and the SwiftyDropbox V2 SDK in the same app):

1. User is already logged into V1 - has OAUTH1 token and token secret in keychain
2. User not logged in yet to V2 - ie hasn't got OAUTH2 token in keychain
3. The apps uses the V1 API to get a migrated V2 token using the endpoint:
https://api.dropbox.com/1/oauth2/token_from_oauth1
4. From then on the app uses the V2 API and the new token

This is all working great, but since the V1 endpoint is going to disappear at end of June I'd like to start using the V2 endpoint for the migration as you suggested above.

But since the user isn't logged in using V2 yet, I can't seem to get the V2 endpoint to work - possibly something wrong with authorisation.

Here's the request when I use the V2 endpoint:

POST /2/auth/token/from_oauth1 HTTP/1.1
Host: api.dropbox.com
Content-Type: application/json
User-Agent: MYAPP CFNetwork/760.6.3 Darwin/15.6.0 (x86_64)
Connection: keep-alive
Proxy-Connection: keep-alive
Accept: */*
Accept-Language: en-us
Content-Length: 86
Accept-Encoding: gzip, deflate
Authorization: Bearer <TOKEN>
Pragma: no-cache
Cache-Control: no-cache

{
  "oauth1_token" : "yyy",
  "oauth1_token_secret" : "zzz"
}

And the response:

HTTP/1.1 400 Bad Request
Server: nginx
Date: Sun, 12 Mar 2017 15:14:19 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 115
Connection: keep-alive
X-Dropbox-Request-Id: a4f6b0905dc3cbe249fd52576f0aacc5
Expires: 0
Cache-Control: no-cache

Error in call to API function "auth/token/from_oauth1": Invalid HTTP header "Authorization": expecting "Basic" auth

Am I doing something wrong? What do I put for the "Authorization" header - I'm not sure what to add for <TOKEN> since at this point I don't have a V2 token.

Many thanks

Greg-DB · ‎03-13-2017

You don't need to be already authorized for API v2 to use this endpoint. This endpoint just requires the app key, secret, and OAuth 1 access token (key and secret), not an OAuth 2 access token.

The issue you're running in to is that /2/auth/token/from_oauth1 uses "app authentication" (i.e., you should provide the app key and secret as Basic auth to authorize the HTTP call itself) but you're trying to use "user authentication" (i.e., you're trying to provide a Bearer token to authorize the API call itself). The expected authentication type is a field in the documentation here:

https://www.dropbox.com/developers/documentation/http/documentation#auth-token-from_oauth1

You can find information on the different authentication types, e.g., "app authentication", here:

https://www.dropbox.com/developers/reference/auth-types#app

(This is a bit confusing in this case, since the /2/auth/token/from_oauth1 endpoint expects "app authentication", but also happens to take an access token key/secret as parameters to the API call.)

So, for your HTTP request, you should instead use an Authorization header like this:

Authorization: Basic <base64(APP_KEY:APP_SECRET)>

The app authentication documentation elaborates on that example.

We're also working on building this in to SwiftyDropbox itself, but that's not ready quite yet.

Dearbhla · ‎03-14-2017

Greg

That worked great. I knew I was doing something wrong.

Many thanks!

OneLoginAdmin · ‎01-25-2018

This endpoint (https://api.dropbox.com/2/auth/token/from_oauth1) is pretending to use old app authentication?

Authorization: Basic <Base64(key:secret)>

Even if is part of APIV2, do I need to configure something on the app to enable V2?

Cause I verified my data and all was good, I have my app_id, app_secret, my oauth_key, and my oauth_secret, but I'm receiving:

invalid_oauth1_token_info

I played with my authorization header, so I could say authorization was good

Greg-DB · ‎01-26-2018

@OneLoginAdmin I'm not sure I understand what you mean when you say it "is pretending to use old app authentication?". The /2/auth/token/from_oauth1 endpoint is an API v2 endpoint that uses app authentication. That means it requires the app key and secret as Basic credentials, and takes the OAuth 1 access token key and secret as parameters in JSON in the request body.

You don't need to enable anything to use that endpoint. You would just need the four valid distinct values: app key, app secret, OAuth 1 access token key, OAuth 1 access token secret.

The invalid_oauth1_token_info error indicates that the OAuth 1 access token you're supplying is not valid. You only need to use this endpoint if you have old valid OAuth 1 access tokens (i.e., from API v1) that you need to migrate to OAuth 2, e.g., for use with API v2. Where did you get your OAuth 1 access token? Are you sure it's still valid? Please double check that you're sending the correct values. If everything is correct, please share the code that isn't working as expected so we can take a look.

OneLoginAdmin · ‎01-26-2018

I'm pretty sure they are valid I just generated them recently and then I hit endpoint using postman:

Greg-DB · ‎01-26-2018

Thanks! I just tried this and it appears this endpoint isn't working for Dropbox Business API apps. I'll ask the team to investigate whether or not we can add support for Dropbox Business API apps to this endpoint.

Greg-DB · ‎05-30-2018

@OneLoginAdmin This endpoint now supports Dropbox Business API apps.

Migration from v1 to v2 API - automatic token upgrade

Migration from v1 to v2 API - automatic token upgrade

Top contributors to this post