We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
redirect_uri mismatch with unknown cause php
I was using my php curl to request a token from the api. I set up my parameter array correctly. However, I get this error in return :{"error_description": "redirect_uri mismatch", "error": "invalid_grant"}400
This was my implementation:
$dropbox_url = "https://api.dropboxapi.com/oauth2/token";
$timeout = 40;
$app_key = key;
$app_secret = secret;
try {
$d1curl = curl_init();
$http_headers = array(
"Authorization: Basic " . base64_encode($app_key . ":" . $app_secret),
"Content-Type: application/x-www-form-urlencoded"
);
$parameters = array(
'code' => $code,
'grant_type' => 'authorization_code',
'redirect_uri' => url
);
curl_setopt($d1curl, CURLOPT_URL, $dropbox_url);
curl_setopt($d1curl, CURLOPT_TIMEOUT, $timeout);
curl_setopt($d1curl, CURLOPT_HTTPHEADER, $http_headers);
curl_setopt($d1curl, CURLOPT_POST, true);
curl_setopt($d1curl, CURLOPT_POSTFIELDS, http_build_query($parameters));
curl_setopt($d1curl, CURLOPT_RETURNTRANSFER, true);
$_SESSION['code'] = $_GET['code'];
$_SESSION['token'] = curl_exec($d1curl);
$http_request = curl_getinfo($d1curl, CURLINFO_HTTP_CODE);
echo $_SESSION['token'];
echo $http_request;
curl_close($d1curl);
}
catch(Exception $e) {
echo curl_error($d1curl);
curl_close($d1curl);
}
I copied and pasted it right out of my api console to double check the url itself.
Regarding your first question, yes, the "redirect_uri" value you specified on /oauth2/authorize should be the same "redirect_uri" value you then send to /oauth2/token.
I'm not sure I understand your second question though. You can re-use your redirect URI for each authorization, but note that each particular authorization code you get back can only be used once. You should exchange each authorization code via /oauth2/token once. The /oauth2/token endpoint will return an access token that you can store and re-use to make API calls for that user without further manual user intervention though.
- Greg-DB
Dropbox Staff
Can you share the full /oauth2/authorize URL you used to get the authorization code you're exchanging, as well as the redirect URI you're sending with this /oauth2/token call (your 'url' variable in the above code)?
Those need to match exactly. Keep in mind that you might have multiple different redirect URIs registered for your app, but you should use whichever one you used in the /oauth2/authorize URL, if any.
So Simply Take the redirect uri I used when I sent the user to the oauth path earlier and refactor my php page to use that page again? Will I be able to supply a parameter of some kind so that I can reuse that redirect uri without repeating the previous step in my auth process again?
- Greg-DB
Regarding your first question, yes, the "redirect_uri" value you specified on /oauth2/authorize should be the same "redirect_uri" value you then send to /oauth2/token.
I'm not sure I understand your second question though. You can re-use your redirect URI for each authorization, but note that each particular authorization code you get back can only be used once. You should exchange each authorization code via /oauth2/token once. The /oauth2/token endpoint will return an access token that you can store and re-use to make API calls for that user without further manual user intervention though.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
