You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
1575475
3 years agoExplorer | Level 3
Error when adding team members to an initally created team folder via http endpoint
I'm making REST calls to the DBX HTTP endpoint from within SAP. My app has full dbx access and all possible rights.
Creating a team folder works flawlessly but when trying to add members to that folder via the /sharing/add_folder_member API I get a strange error:
Error in call to API function "sharing/add_folder_member": Invalid authorization value in HTTP header "Authorization": "Basic <some base64 string>"
Expecting "Bearer <oauth2-access-token>"
I do provide an bearer oauth2 access token for app authentication (app ) and my user id (as admin) for the "Dropbox-API-Select-Admin" header parameter.
Also a list of users to be added to the team folder.
As soon as I make the REST call something unexpected happens: A popup window appears and I have to enter my dbx credentials.
After that above error occurs.
Things I don't get at all:
- why I have to authenticate myself as admin since an app access token is provided and the app has full dbx access and all possible rights?
- why the bearer token is ignored?
How can I fix this? Please advise.
Thanks,
Jan
P.S.: I just tried to access the endpoint using curl
curl -X POST https://api.dropboxapi.com/2/sharing/add_folder_member \
--header 'Authorization: Bearer <created access token using refresh token>' \
--header 'Dropbox-API-Select-Admin: dbid:<my team member id>' \
--header 'Content-Type: application/json' \
--data '{"shared_folder_id":"<team folder id>","members":[{"member":{".tag":"dropbox_id","dropbox_id":"dbid:<my user id>"},"access_level":{".tag":"editor"}}],"quiet":false,"custom_message":"Test"}'
and got "missing scope ..." and "required scope sharing/write"
1575475 Apologies for the lack of clarity here. For team folders in particular, you need to add members via groups; you can't add them individually. I'll ask the team to see if we can clarify this in the documentation and error response.
For example, you would set the "members" parameter like:
"members":[{"member":{".tag":"dropbox_id","dropbox_id":"GROUPIDHERE"}}]
You can get group IDs from /2/team/groups/list, etc.
- ЗдравкоLegendary | Level 20
1575475 wrote:... I get a strange error:
Error in call to API function "sharing/add_folder_member": Invalid authorization value in HTTP header "Authorization": "Basic <some base64 string>"
Expecting "Bearer <oauth2-access-token>"I do provide an bearer oauth2 access token for app authentication (app ) and my user id (as admin) for the "Dropbox-API-Select-Admin" header parameter.
...
Hi 1575475,
As seems, you thought "Bearer" authentication got provided, but you have "Basic" authentication provided actually (something incompatible). Review your algorithm. There is a mistake (most probably typing inaccuracy).
1575475 wrote:...
curl -X POST https://api.dropboxapi.com/2/sharing/add_folder_member \
--header 'Authorization: Bearer <created access token using refresh token>' \
--header 'Dropbox-API-Select-Admin: dbid:<my team member id>' \
--header 'Content-Type: application/json' \
--data '{"shared_folder_id":"<team folder id>","members":[{"member":{".tag":"dropbox_id","dropbox_id":"dbid:<my user id>"},"access_level":{".tag":"editor"}}],"quiet":false,"custom_message":"Test"}'and got "missing scope ..." and "required scope sharing/write"
This means, either you miss "sharing/write" for your application or you have limited scopes on application authorization or on access token receiving. Make sure you have "sharing/write" everywhere (miss even on one place and the scope gets inactive) or remove limiting of scopes on authorization and on token receiving (if applicable) - in such a case token scopes set will match exactly on what's selected, for the application, in application console. Take in mind too that a change in scopes is NOT retroactive - you have to re-authenticate so the change can take effect.
Good luck.
- 1575475Explorer | Level 3
Hi Здравко,
thank you for your response.
The app I use has all rights possible (just for development, will revoke unneeded ones later on).
But I still don't get the point why I'm getting a popup to authorize to DBX.
I do have provided a new Bearer Token to authenticate my app, so why do I have to authenticate myself as Admin, too? Is this normal?
REST calls should be performed pretty much in the background without user interaction.
Since the authentication as Admin (user) is always of type "Basic" (username:password encoded in Base64) the DBX API might get this wrong.
Any futher suggestions? Thank you in advance.
I'd rather post my code here, but doubt anybody can interpret ABAP (SAP programming language) 🙂
Best,
Jan
- 1575475Explorer | Level 3
Sdrastwuj Sdrawko,
I used to learn Russian at school, just about 50 years ago, but almost forgot everything 🙂 At least I'm still able to "decipher" cyrillic letters.
Thank you for your response. I already answered yesterday but somehow this post has vanished.
Ok, let me pls start over:
The DBX app I created has all rights on the Dropbox, I'll revoke some of them after finishing development.
My biggest problem actually is that the following dialog pops up everytime I make a call using the "Dropbox-API-Select-Admin" header parameter.
(Translation: Please enter your user name and password)
This obviously is where I've to authorize myself as DBX/Team Admin. Unfortunately I wasn't able to find anything in the documentation that this particular authorization is needed at all, since I do provide a valid app "Bearer" token. So my question is: Is this the normal behavior?
This applies to all endpoints where I try to tamper with one of the team folders (like adding members).
IMHO this happens:
Authorization as a user is always done using "Basic" authorization method with "username:password" as Base64 string.
So, this might be the problem. But again, why above popup appears? IMHO this is wrong!
Any suggestions? Thank you & Doswidania 🙂
Jan
- ЗдравкоLegendary | Level 20
1575475 wrote:Sdrastwuj Sdrawko,
I used to learn Russian at school, just about 50 years ago, but almost forgot everything 🙂 At least I'm still able to "decipher" cyrillic letters.
...
😁 Здравей Йан,
I have no idea where you decide from that I'm Russian. If the only reason are Cyrillic letters, what alphabet is in use in US for instance? Is it American or English alphabet? The same in Australia, some parts of Canada, etc. By the way, Cyrillic is so much Russian as English alphabet is US (i.e. it's just used there 😉). Go to the nearest big library (if you like "offline" confirmation) and ask staff there to direct you to historical documents about Cyrillic or just search online. 🙂 Did you find out where Cyrillic originates from? In addition, why € banknotes include Cyrillic name? Is this in favor of Russian? 😁 Maybe not.
On the actual question, You didn't still provided how actually you make calls to API end points. Seems like the software, you are using, gets confuse somehow and it does definitely not include official supported Dropbox SDK. Whatever is this software, it brings up the message you posted above - there is no way API itself to do the same. Read more carefully your tools documentation, how such calls can be performed in particular context. Most probably you have skipped something required by the platform you are working on.
1575475 wrote:...
This obviously is where I've to authorize myself as DBX/Team Admin. Unfortunately I wasn't able to find anything in the documentation that this particular authorization is needed at all, since I do provide a valid app "Bearer" token. So my question is: Is this the normal behavior?
...
This is definitely not a normal behavior. You are looking on wrong documentation! As I mentioned before, take a look on you tools documentation.
1575475 wrote:...
Authorization as a user is always done using "Basic" authorization method with "username:password" as Base64 string.
So, this might be the problem. But again, why above popup appears? IMHO this is wrong!
...
This is definitely problem! Seems your environment changes it. Read your environment documentation (or ask supplier for support) why that happens.
About the "rights":
1575475 wrote:...
The DBX app I created has all rights on the Dropbox, I'll revoke some of them after finishing development.
...
Did you confirmed your scopes (rights) on authorization? Alternatively you can skip this part which means "accept everything". If you pointed something and particular scope is not there, this means the same scope becomes inactive.
Надявам се, че горното дава насоки. 😉
- Greg-DBDropbox Staff
1575475 To confirm, I concur with that Здравко has helpfully shared here. The sharing/add_folder_member endpoint requires that an access token is sent as a "Bearer" token in the "Authorization" header, but it looks like your app is prompting for and sending a username and password as "Basic" authorization instead, which is incorrect. I can't offer support for your software/platform itself, so you'll need to troubleshoot it to see why it is attempting "Basic" authorization instead of "Bearer" authorization.
- 1575475Explorer | Level 3
Hi Sdrawko, hi Greg,
@Sdrawko:
If you read my post carefully, I never meant that you're Russian 🙂 I just learned the cyrillic alphabet as side effect when learning Russian at school.
And, I know that some baltic countries (and maybe others) also use the cyrillic alphabet. But even in such country you have a chance to communicate using Russian.
Anyway I've to sincerely apologize for the confusion.Back to business:
I'm using HTTP endpoints only (using REST calls) so no "real" SDK will apply.
The programming language I use is called "ABAP Objects", which is SAP only.Example:
Endpoint https://api.dropboxapi.com/2/sharing/add_folder_memberIn order to add a user to that folder I have to use the "Dropbox-API-Select-Admin: <TEAM_MEMBER_ID>" header parameter as stated here:
https://www.dropbox.com/developers/documentation/http/documentation#sharing-add_folder_membercurl example using the admin authorization is here:
https://www.dropbox.com/developers/reference/auth-types#admin-authenticationcurl -X POST "https://api.dropboxapi.com/2/users/get_current_account" \
--header "Authorization: Bearer <OAUTH2_ACCESS_TOKEN>" \
--header "Dropbox-API-Select-Admin: <TEAM_MEMBER_ID>"I'm performing the following steps:
- create REST API class instance
- open http connection
- fetch new oauth2 token using my secret refresh token (refresh token was generated when authorizing the app the first time) and set header field
->http header field = "Authorization: Bearer <oauth2 token>"
- create header field for admin authorization
->http header field = "Dropbox-API-Select-Admin: dbmid<my team member id>"
- create "request" class instance
- set "Content-Type" to "application/json" via request class (this actually generates the corresponding "Content-Type" header parameter)
- build json string with info about new user, team folder etc.
- set json as request data
- make POST request
- create "response" class instance
- get server response & status
- evaluate response & status
- close http connectionAll these steps work flawlessly making REST calls to other endpoints (without admin auth.).
Unfortunately there seems to be no useful example in the documentation making use of the "Dropbox-API-Select-Admin" parameter.
At least I wasn't able to find one.So, please understand: I cannot see any reason why I'm getting this popup, since I DO send a Bearer token.
Here's the ABAP-Objects code with some comments:
...
IF lo_rest_client IS BOUND. "check if class instance has been created
"lo_auth is an instance of a class which handles oauth2 tokens
lo_auth->get_bearer_auth_name_value( IMPORTING es_bearer_auth = ls_auth_bearer ). "fetch new oauth2 token (or use last token if not expired)
IF ls_auth_bearer IS NOT INITIAL.
lo_rest_client->set_request_header( iv_name = ls_auth_bearer-name "Authorization
iv_value = ls_auth_bearer-value ). "Bearer <oauth2 token>
lo_rest_client->set_request_header( iv_name = /karon/cl_dropbox_co=>mc_dbx_par_api_select_admin "Dropbox-API-Select-Admin
iv_value = lv_dbx_team_admin ). "dbmid:<team member id>
lo_rest_client->set_request_header( iv_name = /karon/cl_dropbox_co=>mc_url_par_request_uri "~request_uri
iv_value = `/2/sharing/share_folder` ).
lo_request_entity = lo_rest_client->create_request_entity( ).
lo_request_entity->set_content_type( iv_media_type = /karon/cl_dropbox_co=>mc_content_json ). "application/json
lo_request_entity->set_string_data( iv_data = lv_json ). "json string with parameters
lo_rest_client->post( io_entity = lo_request_entity ).
...The only reason why I'm sending a Basic token is as response of the authorization popup I'm constantly getting.
IMHO the question is not why I'm getting an error (which is pretty much clear), but why this popup appears.REST calls to endpoints which require the "Dropbox-API-Select-User" parameter also work without a hitch.
Best regards,
Jan- ЗдравкоLegendary | Level 20
1575475 wrote:...
IMHO the question is not why I'm getting an error (which is pretty much clear), but why this popup appears....
Exactly, that's why you have to redirect your question to platform provider or read the documentation.
As a good troubleshooting step if possible, dump and evaluate raw communication between your client application and server. There might be a useful communication details you may ignored. You can compare the dump to expected format in API explorer (push "Show Code" and select "HTTP request"). You have to add "Dropbox-API-Select-Admin" header as a extra header (through "Show Headers"). I believe such info can be useful for your platform provider too, to figure out what's wrong with your HTTP request.
Good luck.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,915 PostsLatest Activity: 7 hours agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!