cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Issue in generating access token

Issue in generating access token

Mostafa Ezzat
Explorer | Level 4
Go to solution

Hello, I faced many issues in generating access token 

 

First, I have here access code generated <REDACTED>


Second trying to execute this curl : 

curl https://api.dropbox.com/oauth2/token \     -d code=<REDACTED> \     -d grant_type=authorization_code \     -d redirect_uri=https://api.dropbox.com/oauth2/token \     -u <REDACTED>

 It prints every time : 
{
"error": "invalid_grant",
"error_description": "redirect_uri mismatch"
}
However I have here the redirected links 

MostafaEzzat_0-1650622387439.png

 

1 Accepted Solution

Accepted Solutions

Здравко
Legendary | Level 20
Go to solution

Hi @Mostafa Ezzat,

Let's try some authentication process step by step. 🙂 It may succeed.

At the beginning make sure you have your App key and App secret at hand from App Console page. Select desired application there and once got there in and scroll to field "App key" and "App secret" (for the secret "Show" should be used) keep the browser window accessible, so would be able take a look there when needed.

Next, open a new browser window and put into address line following:

https://www.dropbox.com/oauth2/authorize?token_access_type=offline&response_type=code&client_id=<App key>

Where "<App key>" is the one from you previous browser window. Next the confirmation you will get a code (alphanumeric sequence). The same could be received automatic when redirect URL is in use (either direct or PKCE code flow), but here we will perform it in such a way for clarity.

Next step will be to "materialize" the received code. In a terminal window execute following curl command:

curl https://api.dropbox.com/oauth2/token -d code=<received code> -d grant_type=authorization_code -u <App key>:<App secret>

 Where "<received code>" is the code shown up in the second browser window after confirmation. "<App key>" and "<App secret>" come from the first browser window. As a result you will get in your terminal something like:

{"access_token": "sl.abcdefg123456789AbCdEf-GHijKLmn0U", "token_type": "bearer", "expires_in": 14400, "refresh_token": "oDfT54975DfGh12345KlMnOpQrSt01a", "scope": "account_info.read files.content.read etc.", "uid": "123456789", "account_id": "dbid:ABCDEF5g8HijklMNopQ2Rs5tUV_wxy5z_YO4"}

Of course, you will receive different values filling the pattern. Here "sl.abcdefg123456789AbCdEf-GHijKLmn0U" is access token you can use in every regular API call for "14400" second since current moment until expires. "oDfT54975DfGh12345KlMnOpQrSt01a" is your refresh token. The one that will never expire (or till revoke).

 

When currently received access token expires, you can perform following curl call:

curl https://api.dropbox.com/oauth2/token -d grant_type=refresh_token -d refresh_token=oDfT54975DfGh12345KlMnOpQrSt01a -u <App key>:<App secret>

Where "oDfT54975DfGh12345KlMnOpQrSt01a" is the refresh token "materialized" from code at the beginning. "<App key>" and "<App secret>" come again from the first browser window. As a result you will get in your terminal something like:

{"access_token": "sl.abcdefg123456789AbCdEf-OPqrSTuv1W", "token_type": "bearer", "expires_in": 14400}

Again "sl.abcdefg123456789AbCdEf-OPqrSTuv1W" is an access token usable in regular API calls for "14400" seconds (i.e. 4 hours). The last call need to be used every time you need valid access token and the previous one got expired. For the test here you don't have to wait 4 hours. You can call it immediately. 😉 Completes everything successfully?

 

Every time you do receive access token, it can be use for as many seconds as denoted in "expires_in" field. The access token itself is a ASCII chars sequence and you should be ready to process such a sequence as presented (including different length).

 

Hope this gives direction and clarifies matter with the step by step processing.

View solution in original post

31 Replies 31

Greg-DB
Dropbox Staff
Go to solution

The "redirect_uri mismatch" error indicates that this call failed because the redirect_uri used on /oauth2/authorize to get that authorization code does not match the redirect_uri used when calling /oauth2/token. These two values need to match exactly. Or, if you didn't set redirect_uri on /oauth2/authorize, you should likewise omit it when calling /oauth2/token as well.

 

Also, note that the four dropbox.com/dropboxapi.com URIs you have registered for your app are part of Dropbox itself, and would not be redirect URIs you use for your app. For example, https://api.dropbox.com/oauth2/token is the endpoint for retrieving access tokens after the user has authorized the app; it is not a redirect URI for your app. The redirect URI would be some address that your app controls where it can receive the authorization result. Or as noted above, you can omit a redirect URI entirely.

 

You can find more information on how this flow works in the OAuth Guide and authorization documentation.

Mostafa Ezzat
Explorer | Level 4
Go to solution

I'll present the new steps I've taken 
First : I replaced app key value with mine and I got the code 

https://www.dropbox.com/oauth2/authorize?client_id=<APP_KEY>&token_access_type=offline&response_type=code

second 

curl https://api.dropbox.com/oauth2/token \     -d code=<AUTHORIZATION_CODE> \     -d grant_type=authorization_code \     -d redirect_uri=<REDIRECT_URI> \     -u <APP_KEY>:<APP_SECRET>

  and replaced with my values 

 

 

curl https://api.dropbox.com/oauth2/token \     -d code=<REDACTED> \     -d grant_type=authorization_code \     -d redirect_uri=https://www.dropbox.com/oauth2/authorize?client_id=2hver24zt8u8zdv&token_access_type=offline&response_type=code  \     -u <REDACTED>

 

 


 it prints this error
 

 

 

{
    "error": "invalid_request",
    "error_description": "unknown field \"token_access_type\""
}

 

 

 

I also tried Auth URL for code flow and prints the same error, Do I miss something? Thanks in advance. 

 

curl https://api.dropbox.com/oauth2/token \     -d code=<REDACTED> \     -d grant_type=authorization_code \     -d redirect_uri=https://www.dropbox.com/oauth2/authorize?client_id=<APP_KEY>&response_type=code
 \     -u <REDACTED>

 

Greg-DB
Dropbox Staff
Go to solution

I see you're not setting a redirect_uri on /oauth2/authorize, so you should also not set a redirect_uri when calling /oauth2/token. Remove that '-d redirect_uri=...' from your /oauth2/token call and try again.

 

By the way, as a matter of security, do not post your authorization code or app secret.

Mostafa Ezzat
Explorer | Level 4
Go to solution

Thanks It works after removing -d from the code. 

I just have another problem that the generate access code lasts for one request within an hour, So how can I make a request to generate a one with each request along with the access token like parsing the content of this link and get the result then use it for curl request. or should I use refresh token  Thanks in advance. 

https://www.dropbox.com/oauth2/authorize?client_id=<APP_KEY>&response_type=code

 

Greg-DB
Dropbox Staff
Go to solution

The authorization code can only be used once. Once you use it to get an access token and optional refresh token by calling /oauth2/token with 'grant_type=authorization_code', you can throw away the authorization code and store and re-use the access token and optional refresh token instead.

 

You can use a refresh token to get new short-lived access tokens on demand without manual user interaction by calling /oauth2/token with 'grant_type=refresh_token' as shown under "Example: refresh token request".

Mostafa Ezzat
Explorer | Level 4
Go to solution

I'm trying to get refresh token from the given example but what string value should I give to REFRESH_TOKEN parameter I tried to use my past access token but it prints this error

 

"error_description": "refresh token is malformed"

 

I don't know even if the past token is the right parameter 


curl https://api.dropbox.com/oauth2/token \     -d grant_type=refresh_token \     -d refresh_token=<REFRESH_TOKEN> \     -u <APP_KEY>:<APP_SECRET>

And as a Plan B I want to generate access code with a Curl request so is that possible? 

Greg-DB
Dropbox Staff
Go to solution

The REFRESH_TOKEN value should be the 'refresh_token' returned by /oauth2/token when you called /oauth2/token with 'grant_type=authorization_code'. That's different from the 'access_token'; the two are not interchangeable.

Mostafa Ezzat
Explorer | Level 4
Go to solution

I'm sorry for this but it doesn't work, I also tried with no quotes  refresh_token=refresh_token it prints this error 

 

    "error_description": "The request parameters do not match any of the supported authorization flows. Please refer to the API documentation for the correct parameters."

 

 

curl https://api.dropbox.com/oauth2/token \     -d grant_type=refresh_token \     -d refresh_token='refresh_token' \     -u mykey:mykey


 May I ask something if this the return of the refresh token but the access_token is totally different size from the one which genrated by the first curl so is that normal with this access token I'll be able to execute some curl codes? . Thanks in advance 

{ "access_token": "sl.abcd1234efg",   "expires_in": "13220",   "token_type": "bearer",   }
 

Здравко
Legendary | Level 20
Go to solution

Hi @Mostafa Ezzat,

Let's try some authentication process step by step. 🙂 It may succeed.

At the beginning make sure you have your App key and App secret at hand from App Console page. Select desired application there and once got there in and scroll to field "App key" and "App secret" (for the secret "Show" should be used) keep the browser window accessible, so would be able take a look there when needed.

Next, open a new browser window and put into address line following:

https://www.dropbox.com/oauth2/authorize?token_access_type=offline&response_type=code&client_id=<App key>

Where "<App key>" is the one from you previous browser window. Next the confirmation you will get a code (alphanumeric sequence). The same could be received automatic when redirect URL is in use (either direct or PKCE code flow), but here we will perform it in such a way for clarity.

Next step will be to "materialize" the received code. In a terminal window execute following curl command:

curl https://api.dropbox.com/oauth2/token -d code=<received code> -d grant_type=authorization_code -u <App key>:<App secret>

 Where "<received code>" is the code shown up in the second browser window after confirmation. "<App key>" and "<App secret>" come from the first browser window. As a result you will get in your terminal something like:

{"access_token": "sl.abcdefg123456789AbCdEf-GHijKLmn0U", "token_type": "bearer", "expires_in": 14400, "refresh_token": "oDfT54975DfGh12345KlMnOpQrSt01a", "scope": "account_info.read files.content.read etc.", "uid": "123456789", "account_id": "dbid:ABCDEF5g8HijklMNopQ2Rs5tUV_wxy5z_YO4"}

Of course, you will receive different values filling the pattern. Here "sl.abcdefg123456789AbCdEf-GHijKLmn0U" is access token you can use in every regular API call for "14400" second since current moment until expires. "oDfT54975DfGh12345KlMnOpQrSt01a" is your refresh token. The one that will never expire (or till revoke).

 

When currently received access token expires, you can perform following curl call:

curl https://api.dropbox.com/oauth2/token -d grant_type=refresh_token -d refresh_token=oDfT54975DfGh12345KlMnOpQrSt01a -u <App key>:<App secret>

Where "oDfT54975DfGh12345KlMnOpQrSt01a" is the refresh token "materialized" from code at the beginning. "<App key>" and "<App secret>" come again from the first browser window. As a result you will get in your terminal something like:

{"access_token": "sl.abcdefg123456789AbCdEf-OPqrSTuv1W", "token_type": "bearer", "expires_in": 14400}

Again "sl.abcdefg123456789AbCdEf-OPqrSTuv1W" is an access token usable in regular API calls for "14400" seconds (i.e. 4 hours). The last call need to be used every time you need valid access token and the previous one got expired. For the test here you don't have to wait 4 hours. You can call it immediately. 😉 Completes everything successfully?

 

Every time you do receive access token, it can be use for as many seconds as denoted in "expires_in" field. The access token itself is a ASCII chars sequence and you should be ready to process such a sequence as presented (including different length).

 

Hope this gives direction and clarifies matter with the step by step processing.

Need more support?