cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Issue in generating access token

Issue in generating access token

Mostafa Ezzat
Explorer | Level 4
Go to solution

Hello, I faced many issues in generating access token 

 

First, I have here access code generated <REDACTED>


Second trying to execute this curl : 

curl https://api.dropbox.com/oauth2/token \     -d code=<REDACTED> \     -d grant_type=authorization_code \     -d redirect_uri=https://api.dropbox.com/oauth2/token \     -u <REDACTED>

 It prints every time : 
{
"error": "invalid_grant",
"error_description": "redirect_uri mismatch"
}
However I have here the redirected links 

MostafaEzzat_0-1650622387439.png

 

31 Replies 31

Greg-DB
Dropbox Staff
Go to solution

@Mostafa Ezzat I see Здравко very helpfully offered a detailed walk-through of this flow. Please let us know if this still isn't working for you.

Mostafa Ezzat
Explorer | Level 4
Go to solution

Thanks for all it's working

FARO
New member | Level 2
Go to solution

Hi Здравко

 

It's possible obtain the code in this call :

 

https://www.dropbox.com/oauth2/authorize?token_access_type=offline&response_type=code&client_id=<App key>

permanently? When I send a request, the code is only available for a first time, when I used in a future call, the code is invalid.

 

Thanks for all

 

Здравко
Legendary | Level 20
Go to solution

@FARO wrote:

... When I send a request, the code is only available for a first time, when I used in a future call, the code is invalid.

...


Hi @FARO,

🙂How long you expect a code to be used?! 🧐

Let's see. If you forget your credentials to some service and there is a option to receive a recovery code throughout a registered phone number with SMS (for example), how many times you can use received code??? 🤔 Would be reliable and secure if such code can be used for multiple recovering? (such codes are usually relatively short and simple, so easy to use, but to guess too) 😯 That's why such codes are "single shot" (i.e. one time use) and usually for limited time.

The code you are talking about is a member of the same "team" of codes. It's used for one time authorization (together with all other provided information). The refresh token you are receiving on call authenticated successfully with this code can be used multiple times, not the code itself! 😉 Take care! As far as I can guess, according your description, you ignored actual refresh token all the time. Don't ignore it, but keep and use it on followup access token refresh (exactly as mentioned - follow it exactly and don't try to interpret and modify, if your aren't sure what exactly you are doing).

Hope this clarifies matter.

Greg-DB
Dropbox Staff
Go to solution

@FARO Здравко is correct; that code is an "authorization code", which can only be used once each. You should process that and instead store and re-use the "refresh token", which can be used repeatedly. Check out the OAuth Guide and authorization documentation for more information.

matthewknill
Explorer | Level 3
Go to solution

I'm  getting the following error:

{
    "error""invalid_request",
    "error_description""Bad \"Authorization\" header: 'ascii' codec can't decode byte 0xe2 in position 15: ordinal not in range(128)"
}

Здравко
Legendary | Level 20
Go to solution

Hi @matthewknill,

The message, you posted, is clear enough - your authorization header is malformed. Are you certain your header matches the pattern:

Authorization: Bearer <Your access token here>

According to the data in your post, it's not. 🤔 How exactly have you formatted it?

Hope this gives direction.

matthewknill
Explorer | Level 3
Go to solution

I've followed process exactly then used the following to get the refresh token:

curl https://api.dropbox.com/oauth2/token \
-d code=<Access Code> \
-d grant_type=authorization_code \
-u <App key>:<App secret>

Здравко
Legendary | Level 20
Go to solution

In such a case it sounds like some copy/paste error. Make sure that everything enlabeled like "<something>" is replaced exactly to what the something means! 🤷 Don't put anything more or less there. That's it.

matthewknill
Explorer | Level 3
Go to solution

Hmm, I thought I did copy it accurately but maybe not, I did it again and it seemed to work.

 

Thanks and sorry for the hassle...

Need more support?