URI misatch

Julie P.22 · ‎08-12-2015

Hello,

I code a web service in .net/C# and I use the oauth2.

I succeed to do the authorization :
https://www.dropbox.com/1/oauth2/authorize
with params : client_id, state, response_type and redirect_uri

My redirect_uri is a call to another part of my web service.
Inside, I call the next step :
https://api.dropbox.com/1/oauth2/token
with params : code, grant_type, client_id, client_secretand redirect_uri

It fails. The error message is "redirect_uri mismatch". I've checked multiple times and it is the same in my request and in my dropbox app.

I use two differents uri for the first (authorize) and second (token) request (both saved in my dropbox app), is it the problem?

If I use the same uri, how can I distinct the first and second callback ?

Thanks to your help.

Julie P.22 · ‎08-12-2015

Ok, I've understood...

I can use differents redirect_uri, but...

for the "https://www.dropbox.com/1/oauth2/authorize", I must to wait for the callback on redirect_uri.

for the "https://api.dropbox.com/1/oauth2/token", I must do a GetResponse() not wait for the callback over the redirect_uri.

Why must I add a redirect_uri on the second call if it isn't used ?

Thank you to enlighten me.

Greg-DB · ‎08-12-2015

The redirect_uri parameter on /oauth2/token is documented as:

Only used to validate that it matches the original /oauth2/authorize , not used to redirect again.

I believe that's a security feature of OAuth 2, from the spec here:

https://tools.ietf.org/html/rfc6749#section-4.1.3

URI misatch

URI misatch

Top contributors to this post