cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

OAuth access token type

OAuth access token type

Andrii M.
Helpful | Level 5
Go to solution

Currently during authentication retyrned URL contains token_type=bearer parameter while respective header must be Bearer (else 400 is returned).

Is that possible to return correct case in token_type so one could just use it in header? Or it is by-design and developer must always implement own mapping for auth types like bearer->Bearer ?

1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
Go to solution

According to the documentation, we only support the "bearer" token type, so any of these should be fine.

View solution in original post

5 Replies 5

Greg-DB
Dropbox Staff
Go to solution

Thanks for the post! I can't speak to the intent here, but I'll send this along to the team to see if we can get that changed. I can't make any promises as to if they will do so though.

Andrii M.
Helpful | Level 5
Go to solution

Thank you, Greg, for response.

Even it this is intensionally and won't be changed in future, I would appreciate advices of the parameter usage:

  1. Implement own mapping from types returned in the URL to proper header values (need the ful list of supported types described in documentation with stress on the correct capitalizing)
  2. Use types from URL but capitalize it (now it's my curren implementation)
  3. Always use Bearer in the auth header and ignore the type from URL

 

Greg-DB
Dropbox Staff
Go to solution

According to the documentation, we only support the "bearer" token type, so any of these should be fine.

lazedo
New member | Level 2
Go to solution

Hi Greg,

 

the api does not accept "bearer", it only accepts "Bearer".

the returned value in token_type is "bearer" and most oauth clients will use that value to compose the Authorization Header.

the result is that the Authorization being sent to subsequent requests has the Authorization header "Authorization: bearer xxxxx" instead of "Authorization: Bearer xxxxx".

 

it seems to me that, the token_type value returned should be "Bearer" instead of "bearer" if api only accepts that, or change the api to accept "bearer".

 

thoughts ?

 

Greg-DB
Dropbox Staff
Go to solution

@lazedo Thanks for the post. I'm not aware of any current plans to change this, but I'll add your vote to the request.

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    lazedo New member | Level 2
  • User avatar
    Andrii M. Helpful | Level 5
What do Dropbox user levels mean?