cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dropbox Scoped App issues

Dropbox Scoped App issues

ixperience
New member | Level 2

Looks like the recently released Scoped App functionality is not yet fully flaw-free.

 

I was just creating a new test app, and because it is recommended to use a 'Scoped app' I chose this. 

  • I chose 'App Folder' as a starting point, does not really matter in this case
  • Gave my app a relevant name, nothing special

This step worked out just fine. After that, it was time for setting the more advanced stuff. As I am using Laravel to connect to Dropbox, I like to use Access Tokens, and therefore I chose 'Long lived' and clicked 'Generate'. The token is generated just fine. A folder is also made in my dropbox where the app sits just fine*.

 

Now, here it comes. I try to connect with my Laravel app, and obviously this does not work because I need to set permissions. I got a 'Bad Request' error, so I came back to the Dropbox console and clicked 'Permissions'. Here, I set the permissions to my wish, like 'files.content.read', 'files.content.write', 'files.metadata.read' and 'files.metadata.write'. Now, we would assume that these permissions are now added and we can do at least a read. Let's try...

To my surprise we get the following error: {".tag": "missing_scope", "required_scope": "files.metadata.read"}

This is strange! Because as you can see, we have set the permissions in our app.

 

Now, of course, this doesn't make stop trying, so we try another approach.

I deleted the app, and I create it again. Because, maybe, the token needs to be made after I set the permissions, who knows?

So, now I create a new app, with the same initial settings as before. But now, in the App page, I first set the permissions instead of first creating the API key. So, I have set my permissions, and then go back to the App main page and click Generate to generate a key. Guess what? I get the following error: "You must be a team administrator to perform this operation."

 

 

Now, Dropbox people, I would like some help with this.... 

For now, I will be using the old traditional Legacy Api app functionality, but I think this issue needs to be resolved...

 

* Which is also strange, the app's folder DID NOT GET CREATED until I clicked the 'Generate' key and this only was in the first scenario....

1 Reply 1

Greg-DB
Dropbox Staff

Thanks for writing this up!

 

Regarding the app folder creation: the actual app folder in a connected account does not get created until the account is connected to the app. That is, just creating the app registration won't automatically create the app folder itself. That occurred when you generated a token because that was the first time the app was actually connected to your account as a user of the app. 

 

Regarding the 'Bad Request' error: make sure you print out the HTTPS response body itself, as it will contain more specific information about why the call failed. In this case, it sounds like it was likely because you didn't have the necessary scoped enabled for the app.

 

Regarding the 'missing_scope' error: Just enabling a particular scope for an app does not retroactively add authorization for that scope to existing access tokens. You'd need to process the authorization flow (either the OAuth flow or using the "Generate" button) again to authorize an access token with any newly enabled scopes.

 

Regarding the "You must be a team administrator to perform this operation." error:  That indicates that you selected one or more "team" scopes, which can only be authorized by a team admin. Also, note that the 'files.permanent_delete' scope automatically requires the 'team_data.member' scope, so you can't use 'files.permanent_delete' from a non-team account, and so enabling the the 'files.permanent_delete' scope will also cause that.

 

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?