Hi. I'm developing a C++ application that needs to connect to Dropbox. I'm stuck at implementing OAuth. As documentation suggests:
code_challenge String?(min_length=43, max_length=128) Part of the PKCE flow, the challenge should be an SHA-256 (S256) encoded value of a string that will serve as the code_verifier of the corresponding /oauth2/token call. Can can also be set to plain (plain).
My understanding was that this means I need to generate a random string with minimum 43 characters and hash it using SHA-256 and that will give me code_challenge. But when I call /oauth2/token I get this error:
That code_challenge value does not appear to be correct for that code_verifier value. I tried plugging "2LORVR1BWsWNkUuLISmv28MR44bYCiq39mU5m8QuzKM" into https://tonyxu-io.github.io/pkce-generator/ as the "Code Verifier" and got a "Code Challenge" of "xkyg5O2AFQ7xMW1A4tJEXhBee-7mOjI3Zf5a_GxuKCc".
Also, make sure you're using the "Code Challenge" on the /oauth2/authorize URL, and are passing the "Code Verifier" to /oauth2/token, and not the other way around.
It looks like the issue is that the "SHA-256 hash calculator" is presenting the hash with hex encoding, which should not be used in the process of generating the code challenge. The app needs to base64URL-encode the binary value, not the hex-encoded value.