Re: dbx.auth not working / getAccessTokenFromCode giving 400 response?

bffy_smmmers · ‎03-05-2021

I'm trying to access the `getAccessTokenFromCode` method and I keep receiving a 400 error. On top of that, I can't seem to write the code and get it to work in the way it's written in the Auth example from the JavaScript SDK. `dbx.auth` does not work for me whether I construct an instance of Dropbox or DropboxAuth.

When i call `dbx.GetAccessTokenFromCode(redirectURI, code)`, I get a 400 response. I'm using the latest version (9.2.0). Furthermore, I read that `getAccessTokenFromCode` accepts null as a value in redirect uri as of version 5.0 and that doesn't work for me here either. Any help is so much appreciated. Thanks!

Example (Leaving a lot out since all I want to show is that token.result.refresh_token doesn't exist for me, just token.result.

const dbx = new Dropbox(config);

dbx.auth
.getAccessTokenFromCode(redirectUri, code)
.then(token => {
console.log(`Token Result:${JSON.stringify(token)}`);
dbx.auth.setRefreshToken(token.result.refresh_token);
dbx
.usersGetCurrentAccount()
.then(response => {
console.log('response', response);
})

What I have to do is use the DropboxAuth class - which still doesn't work. (I'm using TypeScript, if it matters)
const dbx = new DropboxAuth(config)

try {
const data = await dbx.getAccessTokenFromCode('some redirectURL',code)
} catch (err){
console.log(err.message)
}

Greg-DB · ‎03-08-2021

I'm not sure I follow your message, but you should specify it in both places. The /oauth2/authorize page redirect_uri parameter specifies where to send the user after they authorize the app, and the 'redirectUri' you pass to 'getAccessTokenFromCode' is just a string sent up in a /oauth2/token API call to verify that it matches.

View solution in original post

Greg-DB · ‎03-08-2021

First, can you clarify where/how you're attempting to run this? For instance, are you running this on a node backend, or browser frontend?

Also, can you share the full error/output you're getting? Whenever the API replies with a 400 it should include more error information along with it. It may help to print out the full error like 'console.log(err)' instead of just 'console.log(err.message)'.

Can you also double check that v9.2.0 was successfully installed? Perhaps it failed and you're still on an old version.

bffy_smmmers · ‎03-08-2021

Hi Greg, It's on a node backend. Positive that i am on the latest version - I even aliased the npm package to make sure.

The full error is below. I just want to point out two things now that I see the error type - I have all of the redirect uri's listed correctly and accurately in the app console. I've tried it so many different ways and i keep getting the same error. I also am confused why when I go to authorize, dropbox doesnt allow me to choose which user I want to sign in as. It just prompts me to allow access as whoever I am currently signed into dropbox with (vs something like google API where I select which account I want to use) is this just a normal part of the auth flow?

  name: 'DropboxResponseError',
  status: 400,
  headers: Headers {
    [Symbol(map)]: [Object: null prototype] {
      'content-security-policy': [Array],
      'content-type': [Array],
      date: [Array],
      server: [Array],
      'content-encoding': [Array],
      vary: [Array],
      'x-dropbox-response-origin': [Array],
      'x-dropbox-request-id': [Array],
      connection: [Array],
      'transfer-encoding': [Array]
    }
  },
  error: {
    error_description: 'redirect_uri mismatch',
    error: 'invalid_grant'
  }
}

Greg-DB · ‎03-08-2021

Thanks! So the error message in this case is "redirect_uri mismatch", which indicates that the 'redirectUri' you're passing to 'getAccessTokenFromCode' doesn't match the redirect_uri value on the /oauth2/authorize URL used to retrieved the authorization code. It needs to either be omitted in both places, or otherwise match exactly.

Can you share the 'redirectUri' value you're using, as well as the /oauth2/authorize URL?

Also, regarding your other question, if you have "linked accounts" you'll be prompted to choose which to connect to the app. Otherwise, you can use the "Sign out" link in the account dropdown on the app authorization page to sign out of the current account and then sign in to another to authorize the app there.

bffy_smmmers · ‎03-08-2021

Thanks Greg. By making them the same redirect uri I got it working. My worry is /was that the current redirect uri is another endpoint that creates a session and stores information in the DB. By setting that redirect URI in both places I was worried that that endpoint would get called twice and create duplicates or show up as `null` in the second call. Does that make sense?

Greg-DB · ‎03-08-2021

I'm not sure I follow your message, but you should specify it in both places. The /oauth2/authorize page redirect_uri parameter specifies where to send the user after they authorize the app, and the 'redirectUri' you pass to 'getAccessTokenFromCode' is just a string sent up in a /oauth2/token API call to verify that it matches.

bffy_smmmers · ‎03-08-2021

Gotcha - that makes sense to me now. I was thinking that the redirect_uri passed into `getAccessTokenFromCode` actually does get called. thanks!

bffy_smmmers · ‎03-12-2021

hi @Greg-DB - me again.. for some reason i am not actually able to see the "linked account" screen. to switch users, or to even authorize the app. when i go through the auth flow i am just automatically redirected and authorized. unless i sign out of dropbox in a different window. is there someting in the code i need to update here?

static async getAuthUrl(state: string😞 Promise<string> {

const dbx = newOAuthInstance();

const res = await dbx.getAuthenticationUrl(

REDIRECT_URI,

state,

'code',

'offline',

);

return res.toString();

}

Greg-DB · ‎03-12-2021

If you're signed in to an account that has already authorized the app, you may not be explicitly asked to authorize it again, and may instead just be redirected through the flow automatically. Check out the 'force_reapprove' parameter on /oauth2/authorize.

bffy_smmmers · ‎03-12-2021

Also, @Greg-DB im using the JavaScript SDK. I dont see how to inject forceReapprove/force_reapprove with the current methods im using on node backend (getAuthenticationUrl, getAccessTokenFromCode).