cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

error: invalid code verifier

Labels:

error: invalid code verifier

mk29
Explorer | Level 3
‎09-06-2021 05:48 AM

Hi. I'm developing a C++ application that needs to connect to Dropbox. I'm stuck at implementing OAuth. As documentation suggests:

code_challenge String?(min_length=43, max_length=128) Part of the PKCE flow, the challenge should be an SHA-256 (S256) encoded value of a string that will serve as the code_verifier of the corresponding /oauth2/token call. Can can also be set to plain (plain).

My understanding was that this means I need to generate a random string with minimum 43 characters and hash it using SHA-256 and that will give me code_challenge. But when I call /oauth2/token I get this error:

 

 

 

 

{"error_description": "invalid code verifier", "error": "invalid_grant"}

 

 

 

 

Then found this article that says this is the correct way to calculate code_challenge:

 

 

 

 

Base64UrlEncode(SHA256Hash(code_verifier))

 

 

 

 

Which means I had to take an extra step and encode the hashed value. Tried this but the same message is returned. These are the values I'm sending:

 

 

 

 

code_verifier -> 2LORVR1BWsWNkUuLISmv28MR44bYCiq39mU5m8QuzKM
code_challenge -> YzY0Y2EwZTRlZDgwMTUwZWYxMzE2ZDQwZTJkMjQ0NWUxMDVlN2JlZWU2M2EzMjM3NjVmZTVhZmM2YzZlMjgyNw

 

 

 

 

 I have checked my code_challenge with online calculators and it's correct. I would appreciate it if someone could explain to me why I am getting this error.

Labels:
  • 0 Likes
  • 3 Replies
  • 1,217 Views
0 Likes
3 Replies 3

Greg-DB
Dropbox Staff
‎09-06-2021 08:02 AM

That code_challenge value does not appear to be correct for that code_verifier value. I tried plugging "2LORVR1BWsWNkUuLISmv28MR44bYCiq39mU5m8QuzKM" into https://tonyxu-io.github.io/pkce-generator/ as the "Code Verifier" and got a "Code Challenge" of "xkyg5O2AFQ7xMW1A4tJEXhBee-7mOjI3Zf5a_GxuKCc".

 

Also, make sure you're using the "Code Challenge" on the /oauth2/authorize URL, and are passing the "Code Verifier" to /oauth2/token, and not the other way around.

0 Likes

mk29
Explorer | Level 3
‎09-06-2021 10:42 PM

Thanks for fast reply.

How strange! I used this link for sha256 and then copied the output to base64url encoder to check my chode_challange and it was ok. I guess I'm missing something here.

And for the second part of your answer, I'm doing exactly as you said.

0 Likes

Greg-DB
Dropbox Staff
‎09-07-2021 08:05 AM

I confirmed that https://tonyxu-io.github.io/pkce-generator/ generates a correct code challenge that Dropbox accepts, so it sounds like there's something wrong in the process you were using.

 

It looks like the issue is that the "SHA-256 hash calculator" is presenting the hash with hex encoding, which should not be used in the process of generating the code challenge. The app needs to base64URL-encode the binary value, not the hex-encoded value.

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    mk29 Explorer | Level 3
What do Dropbox user levels mean?