cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Invalid grant type during authorization with dropbox-oauth2

Labels:

Invalid grant type during authorization with dropbox-oauth2

TheKrominator
Explorer | Level 3
‎05-06-2020 08:28 AM

I am using the passport authenticate with 'dropbox-oauth2' to get my login token and receive my Bearer. This worked fine until about midday yesterday when it started sending me this : error_description: 'code has already been used',
error: 'invalid_grant'

 

To get the Dropbox authorization screen, I use this :

app.get('/dropboxLogin', passport.authenticate('dropbox-oauth2'));

app.get('/auth/dropbox/callback',
passport.authenticate('dropbox-oauth2', { failureRedirect: '/', params:{'response_type':'token'} }),
function(req, res)
{
// Successful authentication, redirect home.
res.render('index', { title:'Dropbox Login', body:res});
});

 

Once I've received my token I run : axios({
method : 'post',
url : 'https://api.dropboxapi.com/oauth2/token',
params :
{
code : request.body.code,
grant_type : 'authorization_code',
redirect_uri : 'http://localhost:9000/callback',
client_id : '##############',
client_secret : '##############'
}
})

 

Thats when I get the error. 

Labels:
  • 0 Likes
  • 2 Replies
  • 2,143 Views
0 Likes
2 Replies 2

Greg-DB
Dropbox Staff
‎05-06-2020 08:55 AM

Dropbox OAuth 2 authorization codes can each only be used once. (You should just use the authorization code once, but you can store and re-use the resulting access token.)

 

The "code has already been used" error message should just indicate that the authorization code you're supplying has already been used. I just gave the flow a try and it seems to be working as expected for me.

 

Can you double check you're not accidentally re-using the authorization code, or perhaps accidentally issuing the /oauth2/token request more than once?

0 Likes

TheKrominator
Explorer | Level 3
‎05-06-2020 11:27 AM

I've learned that my router file was no longer being called. This caused my '/' command to not run and would return that strange error. Now, that I've reconnected my authorization routes, it is running correctly again.

0 Likes
Need more support?