cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Share your feedback on the Document Scanning Experience in the Dropbox App right here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Distinction between Oauth 2 and PHP Core API (PHP SDK)

Distinction between Oauth 2 and PHP Core API (PHP SDK)

Priya M.
Explorer | Level 4
Go to solution

Hi,

 

I'm from Softaculous Ltd and we are now starting to integrate with Dropbox for Backups upload and download.

 

I want to know the difference between your PHP Core API or PHP SDK and OAUTH 2.

 

Also, do you have something as FTP stream to upload a tar.gz file in parts?

28 Replies 28

Greg-DB
Dropbox Staff
Go to solution
For the API calls itself, please refer to the samples I linked to earlier in this thread.

For the OAuth app authorization flow, you may want to see how the PHP Core SDK did it, as the OAuth 2 app authorization flow is the same for API v1 and v2:

https://github.com/dropbox/dropbox-sdk-php/blob/master/examples/web-file-browser.php#L21
https://github.com/dropbox/dropbox-sdk-php/blob/master/lib/Dropbox/WebAuth.php#L192

If you're running in to any particular issues, feel free to post the relevant code and full output.

Priya M.
Explorer | Level 4
Go to solution

Hi,

 

Thank you for your response.

 

In the documentation here:

http://dropbox.github.io/dropbox-sdk-php/api-docs/v1.1.x/class-Dropbox.WebAuth.html

 

in the code here:

$appInfo = dbx\AppInfo::loadFromJsonFile(...);

what should be mentioned as parameters in loadFromJsonFile(...)?

 

Also, I'm using the following code to fetch the user's ccess token:

function get_current_url() {
$url = @($_SERVER["HTTPS"] != 'on') ? 'http://'.$_SERVER["SERVER_NAME"] : 'https://'.$_SERVER["SERVER_NAME"];
$url .= ($_SERVER["SERVER_PORT"] != 80) ? ":".$_SERVER["SERVER_PORT"] : "";
$url .= $_SERVER["REQUEST_URI"];
return $url;
}
$url = 'https://www.dropbox.com/1/oauth2/authorize?client_id=<clientID>&response_type=code&redirect_uri='.ge...';
header("Location: ".$url);

r_print($_GET['code']);

 

I get the error:

Error (400)

It seems the app you were using submitted a bad request. If you would like to report this error to the app's developer, include the information below.

More details for developers

unknown field "code"

 

Also I'm not redirected back to the Redirect URI.

 

Can you please tell me what is missing here?

Greg-DB
Dropbox Staff
Go to solution
The loadFromJsonFile method is the way the PHP Core SDK loads configuration settings, and isn't itself relevant to the OAuth flow.

Regarding the actual error you're getting, it looks like you're supplying a 'code' URL parameter, but that's not expected. As seen in the code you supplied, there is a 'response_type' parameter for which the value should be 'code'.

If you need help with that, please supply the actual URL of the page for that error you're getting.

Priya M.
Explorer | Level 4
Go to solution

Hi,

 

>>Regarding the actual error you're getting, it looks like you're supplying a 'code' URL parameter, but that's not expected. As seen in the code you supplied, there is a 'response_type' parameter for which the value should be 'code'.

I didn't exactly understand you here. Don't we have to provide the 'code' parameter in the URL? Then how do we do that?

 

As you can see in the code snippet I provided previously, I've used 'response type' parameter as 'code' only.

 

The URL of the page where I'm writing the code is:

http://localhost/soft/softaculous/enduser/index.live.php

 

The URL to which Dropbox redirects after accessing this page is:

https://www.dropbox.com/1/oauth2/authorize?client_id=6i45k3fi9a1i9an&response_type=code&redirect_uri...

 

This asks for the Authentication permission on allowing which redirects here:

https://www.dropbox.com/1/oauth2/authorize?client_id=6i45k3fi9a1i9an&response_type=code&redirect_uri...

 

And get the error:

Error (400)

It seems the app you were using submitted a bad request. If you would like to report this error to the app's developer, include the information below.

More details for developers

unknown field "code"

Priya M.
Explorer | Level 4
Go to solution

Hi,

 

How can I get a faster support? I really need to speed up things here.. Is it possible to contact you on skype or something?

Priya M.
Explorer | Level 4
Go to solution

Hi,

 

I'm also trying to generate the oauth2 access token using the oauth1 token and token secret in the following way:

 

function converttov2($access_token){
$cheaders = array('Authorization: Bearer <ACCESS_TOKEN>', 'Content-Type: application/json', 'Dropbox-API-Arg: {"oauth1_token":"'.$access_token['t'].'", "oauth1_token_secret":"'.$access_token['s'].'"}'); $ch = curl_init('https://api.dropboxapi.com/2/auth/token/from_oauth1'); curl_setopt($ch, CURLOPT_HTTPHEADER, $cheaders); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); echo '<br />Response:'; echo $response; echo '<br />Curl Error: '.curl_error($ch); curl_close($ch); }

 

I'm getting this as output:

Response:Error in call to API function "auth/token/from_oauth1": Invalid HTTP header "Authorization": expecting "Basic" auth
Curl Error:

 

Can you please tell me what I'm doing wrong here?

Greg-DB
Dropbox Staff
Go to solution

We're not currently set up to provide phone/Skype support but I'm happy to help on the forum.

 

Anyway, you supplied this /authorize URL:

 

https://www.dropbox.com/1/oauth2/authorize?client_id=6i45k3fi9a1i9an&response_type=code&redirect_uri=http://localhost/soft/softaculous/enduser/index.live.php?state=abcdefghijklmnopqrstuvwxyz&code=ttlP27R0ozAAAAAAAAAAVlGD6hF4EEH6VXcsJYJQmxE&state=abcdefghijklmnopqrstuvwxyz

That does have a 'code' URL parameter, but it looks like it's supposed to be part of the redirect URI. It's not encoded though, so it gets sent as a parameter to the Dropbox page. Instead, you would need to encode the entire redirect URI value.

 

It looks like you have an extra redirect to /authorize anyway though, so that one shouldn't be necessary. You aren't supposed to provide the 'code' to Dropbox. Dropbox generates the authorization code and gives it to you. That is, the flow should look like this for you:

 

1. User goes to:

 

http://localhost/soft/softaculous/enduser/index.live.php

 

2. Your page there sends them to:

 

https://www.dropbox.com/1/oauth2/authorize?client_id=6i45k3fi9a1i9an&response_type=code&state=abcdef...

 

3. Once the user authorizes the app, they're sent to:

 

http://localhost/soft/softaculous/enduser/index.live.php?state=abcdefghijklmnopqrstuvwxyz&code=ttlP27R0ozAAAAAAAAAAVlGD6hF4EEH6VXcsJYJQmxE

 

4. Your app verifies the state, and uses the authorization code to get an access token.

Greg-DB
Dropbox Staff
Go to solution

If you already have an OAuth 2 access token for the user, you don't need to call /2/auth/token/from_oauth1.

 

If there is an OAuth 1 access token you want to upgrade though, the issue is that the /2/auth/token/from_oauth1 endpoint uses "app auth", so you shouldn't supply an OAuth 2 access token. That is, this line should be like:

 

$cheaders = array('Authorization: Basic <base64(APP_KEY:APP_SECRET)>',

The app auth documentation has a sample.

 

By the way, I redacted it for you, but for the sake of security, you should disable that access token that you posted. You can do so by revoking access to the app entirely, if the access token is for your account, here:

 

https://www.dropbox.com/account/security

 

Or, you can disable just this access token using the API:

 

https://www.dropbox.com/developers/documentation/http/documentation#auth-token-revoke

Priya M.
Explorer | Level 4
Go to solution

Hi,

 

Thank you for your response.

 

>>That does have a 'code' URL parameter, but it looks like it's supposed to be part of the redirect URI. It's not encoded though, so it gets sent as a parameter to the Dropbox page. Instead, you would need to encode the entire redirect URI value.

Can you please provide me with an example? Also how do you suggest we should encode the URL?

 

I followed the exact steps as specified by you in the previous response:

1. User goes to:

http://localhost/soft/softaculous/enduser/index.live.php

 

2. The page there sends them to:

https://www.dropbox.com/1/oauth2/authorize?client_id=6i45k3fi9a1i9an&response_type=code&state=abcdef...

 

3. Once the user authorizes the app,  I'm redirected to the URI:

https://www.dropbox.com/1/oauth2/authorize?client_id=6i45k3fi9a1i9an&response_type=code&state=abcdef...

 

and get the error specified previously. (unknown field "code")

 

Ideally, I should be redirected to 'http://localhost/soft/softaculous/enduser/index.live.php?state=abcdefghijklmnopqrstuvwxyz&code=ttlP27R0ozAAAAAAAAAAYNqniSjVvXFo9mOqJ4qALX4' as specified by the Redirect URI but I'm not redirected to that URI for some reason and instead getting the error.

 

In the APP, I specified the Redirect URI as: http://localhost/soft/softaculous/enduser/index.live.php

 

Awaiting your reply.

Greg-DB
Dropbox Staff
Go to solution
It looks like you have an extra redirect in the flow you have implemented. Specifically, you shouldn't be doing step 3. You should only direct the user to /oauth2/authorize once. It appears your app is directing them again a second time, including the extra 'code' parameter the second time.

This blog post may be helpful:

https://blogs.dropbox.com/developers/2013/07/using-oauth-2-0-with-the-core-api/

When encoding URL parameters, you can use whatever standard URL encoding library is available on your platform.
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    Priya M. Explorer | Level 4
What do Dropbox user levels mean?