cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Check out the Dropbox cheat sheet for getting started in 2021 here!

Discuss Dropbox Developer & API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Exchange (manually) the authorization code for a re-usable access token fails sometimes

Exchange (manually) the authorization code for a re-usable access token fails sometimes

Explorer | Level 3

I have integrated the Dropbox API into my .NET software.

 

In order for the user to link his account with the dropbox folder used by my software,
my software gives the user a URL that he enters in his browser. The URL is something like:
www.dropbox.com/oauth2/authorize?client_id=(hidden code)&response_type=code

That will ask the user to allow the app into his account and will provide him a code similar to:

agxeeSYeS3wABBBBBBBHMWVX1Rs6fIV0BeiMM_CroNk  (fake code)

 

This code the user will type back in my software to finish the process and exchange to a permanent code.

 

The problem is that I was successful to link my own account, and one account of a colleague.
However testing with another person's dropbox failed. I attempted multiple times.

 

Remarks:

1.
Now you might be thinking why this is done manually like this...
This is because the .NET software using the dropbox runs into a small portable device with tiny screen.
I cannot open the browser there. So I provide the URL so the user can access his account in a different machine (often in a different network) and request the authorization code. Then the user goes back to my .NET app where he enters the code letter by letter.

 

2. 

My App is still in "Developer" status and has not been published. I have not linked more than 6 users to it so far. (so the 50/500 limit does not apply)

 

3.

Even though the process seems to fail, the user sees in his dropbox account one folder with my App's name.
Which indicates that the authorization succeeded up to some point.

 

I suspect that there might be security mechanisms involved there, or I might be missing something.

Is there any reason why this authentication fails? Timeouts? I will see if I can generate a detailed log.

 

3 Replies 3

Re: Exchange (manually) the authorization code for a re-usable access token fails sometimes

Dropboxer

We'll be happy to help with this, but we'll need some more information about where and how this is failing. For example, is it failing on the call to /oauth2/token, and what error response are you getting? Thanks in advance! 

Re: Exchange (manually) the authorization code for a re-usable access token fails sometimes

Explorer | Level 3

Ok so the only information I have is that when it fails, I get this message from your API:

 

Type = Dropbox.Api.OAuth2Exception
Message = invalid_grant
Source = Microsoft.Threading.Tasks
ErrorDescription = code has expired (within the last hour)

 

What I noticed was that the client had a wrong time in its clock.
After synchronizing with the internet time, it worked.

So I am assuming that your API uses the client time for the authentication, which if its true, its a very odd decision.

Could you clarify whether this is the case, or it was just a coincidence that it worked?

 

Re: Exchange (manually) the authorization code for a re-usable access token fails sometimes

Dropboxer

I don't believe the Dropbox API OAuth 2 authorization code exchange uses the client's time. In fact, the client isn't supposed to send its client time in the /oauth2/token HTTP request anyway.

 

The authorization code itself does expire though, after a few minutes (based on the Dropbox server time when the code was issued versus when it is sent back for exchange). It sounds like you just happened to use it after the expiration the first time.

Work Smarter with Dropbox

The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.

Sound good? Let's get started.
Who's talking

Top contributors to this post

What do Dropbox user levels mean?
Need more support?