We're making changes to the Community, so you may have received some notifications - thanks for your patience and welcome back. Learn more here.
Forum Discussion
Mismatched redirect URI
I am using the following link to generate an authorization code for the code flow process:
https://www.dropbox.com/oauth2/authorize?client_id=CLIENT_ID&response_type=code&token_access_type=offline&redirect_uri=https://dev.crm.DOMAIN.com/api/v1/Dropbox/Oauth2
I replaced the client ID and domain due to privacy. The process works as expected without the redirect URI. In addition, I can successfully generate an access token using Postman by connecting to my API through the redirect URI with the code as one of the parameters, which validates my API's behavior.
After granting access to the app, here is what is shown in the browser's address bar:
https://dev.crm.DOMAIN.com/api/v1/Dropbox/Oauth2?code=EIk...vr0
Here is what my API receives:
[2023-02-19 16:32:44] DEBUG: [{"code":"EIk...vr0"}] []
Using the code, I create a request as follows:
private function generateAccessToken($code) {
$data = array(
"client_id=<CLIENT_ID>",
"client_secret=<CLIENT_SECRET>",
"grant_type=authorization_code",
"code={$code}",
);
$data = implode("&", $data);
$headers = array('Content-Type: application/x-www-form-urlencoded');
$url = "https://api.dropboxapi.com/oauth2/token";
$response = $this->curl->post($url, $headers, $data);
if($response["code"] != 200) {
$GLOBALS["log"]->error("access token error", $response);
throw new Error("Error while retrieving access token");
}
return $response["data"];
}
Here is the response:
[2023-02-19 16:30:13] ERROR: access token error {400, "error":"invalid_grant", "error_description":"redirect_uri mismatch"}
Here is what is registered in the Dropbox app console:
I can't figure out what the problem is.
FrustratedUser3, When you use redirect URI to receive a code, you have to use the same URI as a parameter in the call to /oauth2/token (the 'redirect_uri' parameter). 🙂 In spite this parameter is optional in general, it becomes mandatory with code received through redirect URI and the value should match this URI. As can be seen, it's skipped in your code. 😉 That's where your issue comes from. Here "mismatch" probably means empty/missing doesn't match to the actual.
Good luck.
FrustratedUser3, When you use redirect URI to receive a code, you have to use the same URI as a parameter in the call to /oauth2/token (the 'redirect_uri' parameter). 🙂 In spite this parameter is optional in general, it becomes mandatory with code received through redirect URI and the value should match this URI. As can be seen, it's skipped in your code. 😉 That's where your issue comes from. Here "mismatch" probably means empty/missing doesn't match to the actual.
Good luck.
The oauth2 guide does not make that clear, but you're right. I added redirect_uri to the parameters as follows:
if(isset($code)) { $data[] = "grant_type=authorization_code"; $data[] = "code={$code}"; $data[] = "redirect_uri={$this->cfg->get("siteUrl")}/api/v1/Dropbox/Oauth2"; } else { $data[] = "grant_type=refresh_token"; $data[] = "refresh_token={$this->cfg->get("dropboxRefreshToken")}"; }It works. Thanks.
For anyone else who gets stuck on this, here is the relevant documentation:
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
