cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to know what we learned at IBC? Check out our learnings on media, remote working and more right here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

400 BadRequest from .Net client when using refresh tokens

400 BadRequest from .Net client when using refresh tokens

jfreer
Explorer | Level 4
Go to solution

We are using the .Net SDK client vs 6.14. We primarily use the Files.GetMetadataSync and Files.SaveUrlAsync api calls. We call the API with a variety of long-lived accessTokens and refreshTokens depending on when our customer initiated their Dropbox connection with us. On a number of recent customers who we setup with refreshTokens, we receive a 400 BadRequest HttpRequestException on every API call we make. We configure the DropboxClient with the refreshToken and our AppKey and AppSecret, leaving the accessToken handling up to the DropboxClient. From the returned stack trace, we see the 400 BadRequest is NOT coming in regards to our API call, but rather from the internal oauth calls the library is making to get an AccessToken.

Can you tell us why we are getting the 400 BadRequest from internal oauth calls and what we can do to rectify it?

Here is the stack trace:

 

at HttpResponseMessage System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at async Task<bool> Dropbox.Api.DropboxRequestHandler.RefreshAccessToken(string[] scopeList)
at async Task<bool> Dropbox.Api.DropboxRequestHandler.CheckAndRefreshAccessToken()
at async Task<Result> Dropbox.Api.DropboxRequestHandler.RequestJsonStringWithRetry(string host, string routeName, string auth, RouteStyle routeStyle, string requestArg, Stream body)
at async Task<TResponse> Dropbox.Api.DropboxRequestHandler.Dropbox.Api.Stone.ITransport.SendRpcRequestAsync<TRequest, TResponse, TError>(TRequest request, string host, string route, string auth, IEncoder<TRequest> requestEncoder, IDecoder<TResponse> responseDecoder, IDecoder<TError> errorDecoder)
at async Task<SaveUrlResponse>

1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
Go to solution

There are a number of scenarios that can cause the refresh to fail like this, such as:

  • missing/incorrect/malformed refresh token
  • revoked refresh token (e.g., when the user unlinks the app via https://www.dropbox.com/account/connected_apps , etc.)
  • missing/incorrect/malformed app key
  • incorrect/malformed app secret
  • missing app secret (if the refresh token was retrieved using the non-PKCE flow)

The response body on that 400 error response would contain a more specific error message, though the .NET SDK unfortunately does not currently expose that. There's an open request to update it to do so.

 

So, make sure you're supplying the correct values. Since it sounds like this is only happening for a few users though, but for all calls for those users, it may be that the refresh tokens for those users are revoked, in which case you should have the users relink the app to get a new one.

View solution in original post

7 Replies 7

Greg-DB
Dropbox Staff
Go to solution

There are a number of scenarios that can cause the refresh to fail like this, such as:

  • missing/incorrect/malformed refresh token
  • revoked refresh token (e.g., when the user unlinks the app via https://www.dropbox.com/account/connected_apps , etc.)
  • missing/incorrect/malformed app key
  • incorrect/malformed app secret
  • missing app secret (if the refresh token was retrieved using the non-PKCE flow)

The response body on that 400 error response would contain a more specific error message, though the .NET SDK unfortunately does not currently expose that. There's an open request to update it to do so.

 

So, make sure you're supplying the correct values. Since it sounds like this is only happening for a few users though, but for all calls for those users, it may be that the refresh tokens for those users are revoked, in which case you should have the users relink the app to get a new one.

Intellicode Mangement Systems
Explorer | Level 3
Go to solution

Any examples on how the DropboxClient needs to be constructed for refresh tokens?

Greg-DB
Dropbox Staff
Go to solution

@ Intellicode Mangement Systems Yes, for the official Dropbox API v2 .NET SDK, you can find an example of getting and using a refresh token in the OauthBasic example (non-PKCE, meant for server-side apps) as well as in the OAuthPKCE example (PKCE, meant for client-side apps)

Intellicode Mangement Systems
Explorer | Level 3
Go to solution

Response status code does not indicate success: 400 (Bad Request).

 

Still the reponse I am geting no luck!!!

Greg-DB
Dropbox Staff
Go to solution

@ Intellicode Mangement Systems This isn't enough information for me to offer guidance on why that may be failing for you. I understand you have a support ticket open with more information though, so we'll review that and follow up with you there soon.

Intellicode Mangement Systems
Explorer | Level 3
Go to solution

Please I am doing everything send by the support team step by step but no luck.

Greg-DB
Dropbox Staff
Go to solution

@ Intellicode Mangement Systems Your support ticket is currently open so it will be reviewed and receive further help soon.

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    Intellicode Mangement Systems Explorer | Level 3
What do Dropbox user levels mean?