You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
Daniel G.70
2 years agoExplorer | Level 4
Long time registered app not allowing Oauth authentication.
Anyone know why all of a sudden a dropbox registered app that's been working fine for years would suddenly show
{"error": "invalid_scope", "error_description": "Non-scoped apps cannot specify token...
- 2 years ago
[Cross-linking for reference: https://stackoverflow.com/questions/75738278/non-scoped-apps-cannot-specify-token-scopes-when-using-dropbox-api-oauth ]
From your description, it sounds like you have a legacy non-scoped app from before we switched to registering new apps as scoped apps.
We recently fixed a bug where the API would allow non-scoped apps to specify scopes using the 'scope' parameter when calling /oauth2/token with 'grant_type=refresh_token'. Scopes don't apply to non-scoped apps so this is supposed to be rejected with the error you're seeing.
To correct this, you should either:
- not provide the 'scope' parameter when calling /oauth2/token for the non-scoped app, or
- migrate your non-scoped app to use scopes, which you can do using the "Permissions" tab of the app's page on the App Console.
Option b would be preferred. You can find more information on the migration here.
Greg-DB
Dropbox Staff
[Cross-linking for reference: https://stackoverflow.com/questions/75738278/non-scoped-apps-cannot-specify-token-scopes-when-using-dropbox-api-oauth ]
From your description, it sounds like you have a legacy non-scoped app from before we switched to registering new apps as scoped apps.
We recently fixed a bug where the API would allow non-scoped apps to specify scopes using the 'scope' parameter when calling /oauth2/token with 'grant_type=refresh_token'. Scopes don't apply to non-scoped apps so this is supposed to be rejected with the error you're seeing.
To correct this, you should either:
- not provide the 'scope' parameter when calling /oauth2/token for the non-scoped app, or
- migrate your non-scoped app to use scopes, which you can do using the "Permissions" tab of the app's page on the App Console.
Option b would be preferred. You can find more information on the migration here.
Daniel G.70
2 years agoExplorer | Level 4
This was indeed exactly the issue. We never did migrate to a scoped app. And we do specify scopes on the wire.
That was the source of the issue and the fixes you propose did work. Thankyou!
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,915 PostsLatest Activity: 20 hours agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!