cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
What’s new: end-to-end encryption, Replay and Dash updates. Find out more about these updates, new features and more here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Missing query parameter 'state'

Labels:

Missing query parameter 'state'

Riccardo A.
New member | Level 1
‎05-08-2015 07:09 AM

I use Dropbox Core API to work with Dropbox. And I impement recently hwioauthbundle in Symfony for a fast authentication. Before this all function upload,download,list files work well. But I have this error :

/dropbox-auth-finish: bad request: Missing query parameter 'state'

It seems that the $_GET array doesn't contain state value, but I try to set this parameter with some values but it didn't work. And now I don't know what do. In the HTTP Response there isn't state parametrer.

If you know something, answer here.

list($accessToken,$userId, $urlState) = $this->webAuth->finish($_GET);

$this->dbxClient = new dbx\Client($accessToken, "PHP-Example/1.0");

Thank you

Labels:
  • 0 Likes
  • 4 Replies
  • 2,307 Views
0 Likes
4 Replies 4

Rich
Super User II
‎05-08-2015 12:42 PM

Moved to the API forum.

0 Likes

Greg-DB
Dropbox Staff
‎05-08-2015 08:03 PM

[Cross-linking for reference: https://stackoverflow.com/questions/30106962/dropbox-bad-request-missing-query-parameter-state ]

The WebAuth.finish method checks the state value included on the redirect to your redirect_uri when the user is sent back to your app by Dropbox during the OAuth 2 app authorization flow. (This protects against CSRF attacks.) This error indicates that your $_GET array doesn't include state.

To track down where the issue is, I'd check a few things to see where the state value is lost:

  • does the full URL for /dropbox-auth-finish when the user is redirected back to your app have the state parameter?
  • does the app authorization URL your app sends the user to (which should start with https://www.dropbox.com/1/oauth2/authorize) have the state parameter?
0 Likes

Riccardo A.
New member | Level 1
‎05-12-2015 08:13 PM

I tried to insert a "state" parameter in the authorizaion_url like the Core API Document said.
But I don't know what's the value to pass.
The response said that it's "dropbox-auth-finish: CSRF mismatch: Expected" but I'm using a fixed authorization_url .
There is a way to eceed this parameter???

Thank you
Sorry for the delay
:)

0 Likes

Greg-DB
Dropbox Staff
‎05-12-2015 10:11 PM

The state value is generated by the PHP SDK for you, and is passed through the OAuth app authorization flow. You shouldn't have to set it yourself. I'm not familiar with hwioauthbundle, but it's possible it's consuming it before you can get to it. Can you post the details I asked for in my last reply? Can you post the relevant code?

Also, what do you mean when you say you're "using a fixed authorization_url"? The authorization URL should be generated (e.g., using WebAuth.start) when the user wants to link to your app.

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    Riccardo A. New member | Level 1
  • User avatar
    Rich Super User II
What do Dropbox user levels mean?