cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
ShowĀ Ā onlyĀ  | Search instead forĀ 
Did you mean:Ā 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
ShowĀ Ā onlyĀ  | Search instead forĀ 
Did you mean:Ā 

How do I set up Dropbox API for use on a multiple server environment/ load balancing?

Labels:

How do I set up Dropbox API for use on a multiple server environment/ load balancing?

Robin H.4
New member | Level 1
ā€Ž01-07-2016 05:17 PM

I am using the dropbox php sdk webauth fuctions to allow my customers to authorize Dropbox to allow my site to list their items in dropbox. The site just moved servers to Amazon ELB (elastic load balancing). Now that I have multiple servers I am having issues getting Dropbox to work. I will get the CSRF mismatch error (request leaves from one server and returns on another).

I have moved the session's to cookies (that's were I store the access token after the request) but I am having issues getting the authorize request working. Is there a way to make this work or do I need to build my Dropbox differently? I will post code if need be, but it pretty much follows the WebAuth example.

https://github.com/dropbox/dropbox-sdk-php/blob/master/lib/Dropbox/WebAuth.php

Thank you in advance,

Robin

Labels:
  • 0 Likes
  • 9 Replies
  • 2,429 Views
0 Likes
9 Replies 9

Greg-DB
Dropbox Staff
ā€Ž01-07-2016 06:18 PM

The following would be helpful so we can offer some insight:

- the steps to reproduce the issue

- the full text of the error/any output

- the relevant code snippet(s), including any changes you made to "move the session's to cookies"

0 Likes

Robin H.4
New member | Level 1
ā€Ž01-08-2016 07:48 PM

Gregory, my code works on a single server (it's alive in production now).

where the code sets/reads the session data, I just replaced it with cookies. Which will have no baring on handling the authorization request. The exact error is the generic 

"/dropbox-auth-finish: CSRF mismatch: expect ##########, got ########". This is because the request is leaving one server and returning on another. My logs show the request leave and return on different servers. I see no documentation on handling this work flow.

Have you built dropbox to work with multi-servers before?

0 Likes

Greg-DB
Dropbox Staff
ā€Ž01-08-2016 08:28 PM

I'm still not clear what change you made exactly regarding the cookies and sessions, but that certainly would be relevant here, as the error is indicating that the CSRF token didn't match what was expected, and the SDK stores the expected CSRF token in the session. You can see that here in the SDK where the exception is thrown:

https://github.com/dropbox/dropbox-sdk-php/blob/9db8328c6c035baa0fee48291bd8bd93bcc714b0/lib/Dropbox...

We don't have any specific documentation on how to handle this in an environment like yours, and in any case I suspect it would be specific to the environment, so I recommend looking at how the code works, and updating the your code and/or the SDK as necessary.

0 Likes

Robin H.4
New member | Level 1
ā€Ž01-08-2016 08:44 PM

I only changed the auth_finish part that retrieves the access token. I didn't change any function within the sdk. So if I change the sdk functions to use cookies instead of sessions it might fix this problem. I appreciate the insight.

If I can get the php sdk to work in a load balancing environment, can I hand it off to Dropbox and have them maintain the code officially? As more and more people are moving to services with multiple servers, I think it would be helpful.

0 Likes

Greg-DB
Dropbox Staff
ā€Ž01-08-2016 08:46 PM

If you have a patch for the SDK that you think will be useful to others, please feel free to submit a pull request on the dropbox-sdk-php project.

0 Likes

Robin H.4
New member | Level 1
ā€Ž01-08-2016 09:26 PM

If I can get to building this I would add a setting that allows the user to either use sessions or cookies.

0 Likes

Thamaraiselvam
New member | Level 1
ā€Ž07-13-2016 11:58 AM

I got the similar issue, 

i have hosted my dropbox project in a server, when multiple people try to auth use dropbox auth at same time , it creates CSRF mismatch problem.

Example 

A user comes to site and click on auth csrf set in session and redirected to dropbox page  to authorize (https://www.dropbox.com/1/oauth2/authorize) and same time another user click to auth now csrf changed and redirected to dropbox page to authorize. So when first user come to via redirected URI , CSRF MISMATCH problem occurs.

 

is there way to customize my app?

0 Likes

Greg-DB
Dropbox Staff
ā€Ž07-13-2016 01:34 PM

Thamaraiselvam, different users shouldn't be affecting each other's sessions. It sounds like the session system for your app isn't set up correctly. That's a more general problem, and so a bit outside the scope of API support though, so I'm afraid I can't offer support for that. You should refer to the documentation for your web app platform for help configuring sessions properly.

0 Likes

Thamaraiselvam
New member | Level 1
ā€Ž07-13-2016 01:47 PM

Gregory ,

Its okay, I just modified some codes in sdk, now it is working fine.

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Thamaraiselvam New member | Level 1
  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    Robin H.4 New member | Level 1
What do Dropbox user levels mean?