You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

sarahModulo's avatar
sarahModulo
Explorer | Level 3
3 years ago

Qt OAuth get refresh token

Hi,

 

I try to get my refresh token after going throw the basic authentification flow with PKCE.

Here my code :

connect(m_auth, &QAbstractOAuth2::authorizationCallbackReceived,[=](const QVariantMap data){
  if (false == data.isEmpty())
  {
     QString authCode = data.value("code").toString();
     if(!authCode.isEmpty())
     {
        qDebug() << authCode; //GOT an authentification Code
        QVariantMap parameters;
        parameters.insert("code", authCode);
        parameters.insert("grant_type","authorizatioon_code");
        parameters.insert("client_id",apiKey);
        parameters.insert("client_secret",apiSecret);

        QNetworkReply *reply = m_auth->post("https://api.dropboxapi.com/oauth2/token",parameters);
        connect(reply, &QNetworkReply::finished,this,&MyClass::getRefreshToken);
     }
  }
});

void MyClass::getRefreshToken()
{
    auto reply = qobject_cast<QNetworkReply*>(sender());
    Q_ASSERT(reply);

    const auto data = reply->readAll();
    qDebug() << "data " << data;
}

 

I got this error :

"{\"error\": \"invalid_request\", \"error_description\": \"Can't use \\\"Authorization\\\" header and \\\"client_secret\\\" arg together.\"}"

  • Greg-DB's avatar
    Greg-DB
    3 years ago

    Please note that when calling /oauth2/token, you should not include an access token. The /oauth2/token endpoint can be used to exchange an authorization code for an access token and optional refresh token, or to use a refresh token to get a new access token. It does not itself expect or accept an access token as input. When calling /oauth2/token, the "Authorization" header is a way to supply the app key and secret, as an alternative to the client_id and client_secret parameters. You can find more information in the documentation for /oauth2/token, as well as this blog post which contains a useful example.

     

    You should only set the redirect_uri parameter on /oauth2/token if you used a redirect_uri on /oauth2/authorize when retrieving the authorization code, and if so, it must exactly match that redirect_uri value.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    This error message is indicating that the request contained both an "Authorization" header as well as the client_id and/or client_secret parameter. While Dropbox accepts the app key and secret in either, you should only use one or the other. That is, the request needs to contain either only the "Authorization" header or only the client_id and client_secret parameters.

     

    In your code, I see you are setting the "client_id" and "client_secret" parameters. I don't see you explicitly setting the "Authorization" header, so it looks like you're either setting it in some other version or part of the code not shown here, or it's being set by your network client automatically. Either way, you'll need to debug that you make sure you only set one or the other. We can't provide support for Qt/QNetworkReply in particular though, as it's not made by Dropbox.

     

    By the way, you have a typo in "authorizatioon_code"; it should be "authorization_code".

  • Здравко's avatar
    Здравко
    Legendary | Level 20

    sarahModulo wrote:

    ...

    ...
            QNetworkReply *reply = m_auth->post("https://api.dropboxapi.com/oauth2/token",parameters);
    ...

     

    I got this error :

    "{\"error\": \"invalid_request\", \"error_description\": \"Can't use \\\"Authorization\\\" header and \\\"client_secret\\\" arg together.\"}"


    Hi sarahModulo,

    Yes, that's normal. The post method you're using implies authentication (i.e. includes 'Bearer' authentication). You are doing something the class you're using already implements. 😉 You're repeating in your code something already done! This explains the received error message. Read the documentation with bit more care.

    Use the same post method to only call all regular API calls (i.e. the calls intended to use 'Bearer' authentication), not to call intended to receive any kind of token (as you are using incorrectly now).

    Hope this gives direction.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,910 PostsLatest Activity: 4 days ago
333 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!