You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
sarahModulo
3 years agoExplorer | Level 3
Qt OAuth get refresh token
Hi, I try to get my refresh token after going throw the basic authentification flow with PKCE. Here my code : connect(m_auth, &QAbstractOAuth2::authorizationCallbackReceived,[=](const QVariant...
- 3 years ago
Please note that when calling /oauth2/token, you should not include an access token. The /oauth2/token endpoint can be used to exchange an authorization code for an access token and optional refresh token, or to use a refresh token to get a new access token. It does not itself expect or accept an access token as input. When calling /oauth2/token, the "Authorization" header is a way to supply the app key and secret, as an alternative to the client_id and client_secret parameters. You can find more information in the documentation for /oauth2/token, as well as this blog post which contains a useful example.
You should only set the redirect_uri parameter on /oauth2/token if you used a redirect_uri on /oauth2/authorize when retrieving the authorization code, and if so, it must exactly match that redirect_uri value.
Greg-DB
3 years agoDropbox Staff
This error message is indicating that the request contained both an "Authorization" header as well as the client_id and/or client_secret parameter. While Dropbox accepts the app key and secret in either, you should only use one or the other. That is, the request needs to contain either only the "Authorization" header or only the client_id and client_secret parameters.
In your code, I see you are setting the "client_id" and "client_secret" parameters. I don't see you explicitly setting the "Authorization" header, so it looks like you're either setting it in some other version or part of the code not shown here, or it's being set by your network client automatically. Either way, you'll need to debug that you make sure you only set one or the other. We can't provide support for Qt/QNetworkReply in particular though, as it's not made by Dropbox.
By the way, you have a typo in "authorizatioon_code"; it should be "authorization_code".
- sarahModulo3 years agoExplorer | Level 3
In postman I have the same issus if I set an Access Token in Authorization part.
Here the post request "https://api.dropboxapi.com/oauth2/token?code=<AuthorizationCode>&grant_type=authorization_code&client_id=<api_id>&client_secret=<api_secret>"
error
{"error": "invalid_request","error_description": "Can't use \"Authorization\" header and \"client_secret\" arg together."}if I remove client_id and client_secret from the post requestpost request : "https://api.dropboxapi.com/oauth2/token?code=<AuthorizationCode>&grant_type=authorization_code"error{"error": "invalid_request","error_description": "The request parameters do not match any of the supported authorization flows. Please refer to the API documentation for the correct parameters."}If I remove my Access Token in Authorization partwith post request "https://api.dropboxapi.com/oauth2/token?code=<AuthorizationCode>&grant_type=authorization_code&client_id=<api_id>&client_secret=<api_secret>"error{"error": "invalid_grant","error_description": "redirect_uri mismatch"}But Callback URL is the one I set in my dropBox Api... Should I put an other redirect_uri ? And which one ? And where should I set it ? In Param section or Authorization section ?- Greg-DB3 years agoDropbox Staff
Please note that when calling /oauth2/token, you should not include an access token. The /oauth2/token endpoint can be used to exchange an authorization code for an access token and optional refresh token, or to use a refresh token to get a new access token. It does not itself expect or accept an access token as input. When calling /oauth2/token, the "Authorization" header is a way to supply the app key and secret, as an alternative to the client_id and client_secret parameters. You can find more information in the documentation for /oauth2/token, as well as this blog post which contains a useful example.
You should only set the redirect_uri parameter on /oauth2/token if you used a redirect_uri on /oauth2/authorize when retrieving the authorization code, and if so, it must exactly match that redirect_uri value.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,911 PostsLatest Activity: 2 hours agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!