We came across a strange issue, when trying to get a access token the the OAuth1 API, the successive calls to "request_token" and "authorize" are working fine, but its is time to access "https://api.dropbox.com/1/oauth/access_token", we receive an Unauthorized/401 response for the POST.
What is the more strange is that the exact same code is used on at least one other server without any issues.
Do you have an idea of what can cause this ? Thanks.
It's difficult to say off hand. Can you share some sample requests/responses showing the issue in detail? Be sure to redact secret values, but please include the headers/bodies. Thanks in advance!
Thanks for your quick response:
We call to:
The Request header:
The Response header:
As we use a Java servlet to perform POST/GET, the issue arise when post to the URL above when trying to fetch the response:
Small code sample:
URL iurl = new URL(url);
HttpURLConnection uc = null;
uc = (HttpURLConnection) iurl.openConnection(Proxy.NO_PROXY);
uc.setRequestProperty("User-Agent", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)");
Is that what you need ?
A few things to note:
- Are those all of the response headers? E.g., is there a X-Dropbox-Request-Id header?
- What's the response body?
- The response server headers contain unexpected values. E.g., the server header says "Apache-Coyote/1.1", but "nginx" is expected. Is it possible something is interfering with your connection?
- You're using HMAC-SHA1 signing, which can be hard to implement and debug. We highly recommend using PLAINTEXT instead. This blog post may be helpful.
- You're supplying a oauth_token_secret parameter, which isn't expected.
In fact, we use a Java servlet (in a Apache Tomcat) to perform the call/Authorization flow.
I will look to get the Response Header more precisely. I will also look to use PLAINTEXT instead of HMAC-SHA1. The only things that bothers the team I'm in is that the existing code works flawlessly on at least two other servers.
I will post the response headers field value asap.
Thanks for your time.
Re-writing the OAuth part to use authorization header (instead of URL parameters) and using PLAINTEXT instead of HMAC-SHA1 for the signature have solved the issue.
Thanks for you time and quick answers !
The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.Sound good? Let's get started.