I'm trying to integrate a spring boot application with Dropbox, the application is working perfectly locally however I have this error "No CSRF Token loaded from session store." in production. I'm using SDK 4.0.0.
Note: The application works a few times in production but the error continues most of the time
Based on the context and version number you supplied, it sounds like the you're using the official Dropbox API v2 Java SDK. Can you also share the relevant code snippet(s) (but don't include any access/refresh token(s)), as well as the steps you're following when this issue occurs? Thanks in advance!
Thanks! So it looks like you're hitting this error condition in the Dropbox Java SDK when calling finishFromRedirect here:
DbxAuthFinish response = pkceWebAuth.finishFromRedirect(redirectUri, new DbxStandardSessionStore(request.getSession(), sessionKey), request.getParameterMap());
This occurs when DbxStandardSessionStore.get returns null, which relies on the passed in session and sessionKey. It looks like you are passing in the same sessionKey, so the issue may be with the session itself.
Is there any reason the session in your web app's session may not be persisting that attribute? You may want to print out the session, or step through with a debugger to inspect the DbxStandardSessionStore/HttpServletRequest/HttpSession. Be sure to redact any sensitive values from any output you share here of course.