cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Update: Find information on Dropbox support during COVID-19 here
Close
cancel
Showing results for 
Search instead for 
Did you mean: 

Getting HTTP 401 on for access_token one some server

David S.309 New member | Level 1
New member | Level 1

Hi guys,

We came across a strange issue, when trying to get a access token the the OAuth1 API, the successive calls to "request_token" and "authorize" are working fine, but its is time to access "https://api.dropbox.com/1/oauth/access_token", we receive an Unauthorized/401 response for the POST.

What is the more strange is that the exact same code is used on at least one other server without any issues.

Do you have an idea of what can cause this ? Thanks.

 

David.

 

5 Replies 5

Re: Getting HTTP 401 on for access_token one some server

Dropboxer
Dropboxer

It's difficult to say off hand. Can you share some sample requests/responses showing the issue in detail? Be sure to redact secret values, but please include the headers/bodies. Thanks in advance! 

Re: Getting HTTP 401 on for access_token one some server

David S.309 New member | Level 1
New member | Level 1

Hi Gregory,

Thanks for your quick response:

We call to:

https://api.dropbox.com/1/oauth/access_token?oauth_consumer_key=sbbviyc3ydrd8n4&oauth_nonce=MTY5MDU3MDQ5MzY1MDk2OTYwMA==&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1452581278&oauth_token=UCrgcXsS1mbVjiKX&oauth_token_secret=YYYYY&oauth_version=1.0&oauth_signature=l0H7LPwqnAwwa1cEDhnJpCr13nQ%3D

The Request header:

Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Connection keep-alive
Cookie language=fr; _ga=GA1.2.148585141.1451996517; JSESSIONID=19B84D1F6D6592685286D7FF53B5071F
DNT 1
Host ocrqa.iriscloud.irislink.com
Referer https://www.dropbox.com
User-Agent

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0

 

The Response header:

Connection close
Content-Language fr
Content-Length 4241
Content-Type text/html;charset=utf-8
Date Tue, 12 Jan 2016 06:47:59 GMT
Server Apache-Coyote/1.1

 

As we use a Java servlet to perform POST/GET, the issue arise when post to the URL above when trying to fetch the response:

Small code sample:

URL iurl = new URL(url);

HttpURLConnection uc = null;
uc = (HttpURLConnection) iurl.openConnection(Proxy.NO_PROXY);
uc.setAllowUserInteraction(true);
uc.setInstanceFollowRedirects(true);
uc.setUseCaches(false);
uc.setRequestProperty("Connection", "close");
uc.setRequestProperty("User-Agent", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)");
uc.setRequestMethod("POST");
uc.setDoOutput(false);
 uc.connect();

 

Is that what you need ?

 

Br,

 

David

 

Re: Getting HTTP 401 on for access_token one some server

Dropboxer
Dropboxer

A few things to note:

- Are those all of the response headers? E.g., is there a X-Dropbox-Request-Id header?

- What's the response body?

- The response server headers contain unexpected values. E.g., the server header says "Apache-Coyote/1.1", but "nginx" is expected. Is it possible something is interfering with your connection?

- You're using HMAC-SHA1 signing, which can be hard to implement and debug. We highly recommend using PLAINTEXT instead. This blog post may be helpful.

- You're supplying a oauth_token_secret parameter, which isn't expected.

 

Re: Getting HTTP 401 on for access_token one some server

David S.309 New member | Level 1
New member | Level 1

Hi,

In fact, we use a Java servlet (in a Apache Tomcat) to perform the call/Authorization flow.

I will look to get the Response Header more precisely. I will also look to use PLAINTEXT instead of HMAC-SHA1. The only things that bothers the team I'm in is that the existing code works flawlessly on at least two other servers.

I will post the response headers field value asap.

 

Thanks for your time.

 

David.

Re: Getting HTTP 401 on for access_token one some server

David S.309 New member | Level 1
New member | Level 1

Hi,

 

Re-writing the OAuth part to use authorization header (instead of URL parameters) and using PLAINTEXT instead of HMAC-SHA1 for the signature have solved the issue.

Thanks for you time and quick answers !

 

Br,

 

David.

Work Smarter with Dropbox

The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.

Sound good? Let's get started.
Who's talking

Top contributors to this post

What do Dropbox user levels mean?
Need more support?