We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here. 

Forum Discussion

FSUInnovation's avatar
FSUInnovation
Explorer | Level 4
5 years ago

redirect_uri mismatch with unknown cause php

I was using my php curl to request a token from the api. I set up my parameter array correctly. However, I get this error in return :{"error_description": "redirect_uri mismatch", "error": "invalid_grant"}400

This was my implementation:

$dropbox_url = "https://api.dropboxapi.com/oauth2/token";
$timeout = 40;
$app_key = key;
$app_secret = secret;
try {
$d1curl = curl_init();
$http_headers = array(
	"Authorization: Basic " . base64_encode($app_key . ":" . $app_secret),
	"Content-Type: application/x-www-form-urlencoded"
	);
$parameters = array(
	'code' => $code,
	'grant_type' => 'authorization_code',
	'redirect_uri' => url	
);
curl_setopt($d1curl, CURLOPT_URL, $dropbox_url);
curl_setopt($d1curl, CURLOPT_TIMEOUT, $timeout);
curl_setopt($d1curl, CURLOPT_HTTPHEADER, $http_headers);
curl_setopt($d1curl, CURLOPT_POST, true);
curl_setopt($d1curl, CURLOPT_POSTFIELDS, http_build_query($parameters));
curl_setopt($d1curl, CURLOPT_RETURNTRANSFER, true);
$_SESSION['code'] = $_GET['code'];
$_SESSION['token'] = curl_exec($d1curl);
$http_request = curl_getinfo($d1curl, CURLINFO_HTTP_CODE);
echo $_SESSION['token'];
echo $http_request;
curl_close($d1curl);
}
catch(Exception $e) {
	echo curl_error($d1curl);
	curl_close($d1curl);
}

 I copied and pasted it right out of my api console to double check the url itself.

  • Greg-DB's avatar
    Greg-DB
    5 years ago

    Regarding your first question, yes, the "redirect_uri" value you specified on /oauth2/authorize should be the same "redirect_uri" value you then send to /oauth2/token.

    I'm not sure I understand your second question though. You can re-use your redirect URI for each authorization, but note that each particular authorization code you get back can only be used once. You should exchange each authorization code via /oauth2/token once. The /oauth2/token endpoint will return an access token that you can store and re-use to make API calls for that user without further manual user intervention though.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    Can you share the full /oauth2/authorize URL you used to get the authorization code you're exchanging, as well as the redirect URI you're sending with this /oauth2/token call (your 'url' variable in the above code)?

    Those need to match exactly. Keep in mind that you might have multiple different redirect URIs registered for your app, but you should use whichever one you used in the /oauth2/authorize URL, if any.

     

    • FSUInnovation's avatar
      FSUInnovation
      Explorer | Level 4

      So Simply Take the redirect uri I used when I sent the user to the oauth path earlier and refactor my php page to use that page again? Will I be able to supply a parameter of some kind so that I can reuse that redirect uri without repeating the previous step in my auth process again?

      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Staff rankDropbox Staff

        Regarding your first question, yes, the "redirect_uri" value you specified on /oauth2/authorize should be the same "redirect_uri" value you then send to /oauth2/token.

        I'm not sure I understand your second question though. You can re-use your redirect URI for each authorization, but note that each particular authorization code you get back can only be used once. You should exchange each authorization code via /oauth2/token once. The /oauth2/token endpoint will return an access token that you can store and re-use to make API calls for that user without further manual user intervention though.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,876 PostsLatest Activity: 6 hours ago
325 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!