Re: Authorization code flow no longer works?

Vladimir V.1 · ‎12-27-2016

I am posting all required parameters to https://api.dropboxapi.com/oauth2/token but the servers keeps returning a very vague error:

REQUEST:

POST https://api.dropbox.com/oauth2/token HTTP/1.1
Accept: */*
Content-Type: application/json; charset=utf-8
Content-Length: 221
User-Agent: Adobe Photoshop Lightroom
Host: api.dropbox.com
Cache-Control: no-cache
{"client_id":"algt6407ye2ni5g","client_secret":"[***redacted***]","code":"qNW__3Oy_LgAAAAAAAAJPFofykpnyM-z9TB2CnveLSw","grant_type":"authorization_code","retirect_uri":"lightroom://com.alloyphoto.lightroom.export.dropbox"}

RESPONSE:

HTTP/1.1 400 Bad Request
Server: nginx
Date: Wed, 28 Dec 2016 00:37:38 GMT
Content-Type: application/json
Content-Length: 97
Connection: keep-alive
User-Agent: 
X-Dropbox-Request-Id: 5d5f1e75ac3b4712ccf212dd60636603
{"error_description": "No auth function available for given request", "error": "invalid_request"}

In fact, this code worked successfully very recently. Has something been changed? What am I doing wrong? Please help.

Greg-DB · ‎12-27-2016

Thanks for the report! The request payload for /oauth2/token is expected to be delivered with a content type of "application/x-www-form-urlencoded", per RFC 6749 Section 4.1.3. It's possible we may have also been accepting "application/json" though. We'll look into it, but in the meantime, you can switch to "application/x-www-form-urlencoded", which I've confirmed is working as expected.

Also, for reference, but api.dropbox.com and api.dropboxapi.com are supported for this endpoint.

View solution in original post

Vladimir V.1 · ‎12-27-2016

Just noticed a typo in the request code (retirect_uri), should be redirect_uri. But it is still not working.

Vladimir V.1 · ‎12-27-2016

Next I realized I was hitting the wrong endpoint, needs to be https://api.dropboxapi.com, not https://api.dropbox.com.

Unfortunately I am still getting the same error.

Greg-DB · ‎12-27-2016

Thanks for the report! The request payload for /oauth2/token is expected to be delivered with a content type of "application/x-www-form-urlencoded", per RFC 6749 Section 4.1.3. It's possible we may have also been accepting "application/json" though. We'll look into it, but in the meantime, you can switch to "application/x-www-form-urlencoded", which I've confirmed is working as expected.

Also, for reference, but api.dropbox.com and api.dropboxapi.com are supported for this endpoint.

Greg-DB · ‎12-28-2016

I can't seem to find if/when we accepted JSON on this endpoint. Are you sure this previously worked with that content type?

In any case, x-www-form-urlencoded is the right way to call this. Is that working for you?

Vladimir V.1 · ‎12-28-2016

Hi Greg,

I think you are right, I recently updated a large chunk of the code when I migrated my plugin from API v1 to v2. The v2 documentation states that RPC enpoints on the api.dropboxapi.com domain accept arguments as JSON in the request body. For that reason I made all API calls to submit the payload in JSON, and that is where the code flow stopped working (which I didn't notice immediately). Either the documentation needs to be very explicit about the expected content type of that call, or the backend needs to be updated to accept JSON and thus provide claimed consistency. If I had a choice I'd go for option #2 as there is probably no valid reason for that particular endpoint not to recognize JSON.

Anyway, thanks for your prompt attention to this issue, I got the code working by reverting the call to form-urlencoded format.

Greg-DB · ‎12-28-2016

Thanks for confirming that. I'm glad to hear this is sorted out.

The OAuth endpoints are a little different than the API endpoints, so I'll ask the team to clarify the documentation at least.

SauravAnand · ‎09-11-2017

Hi Vladimir,

Glad to hear about the fix. I'm also working on migration from V1 to V2 API. Can you please provide code block of GetAccessToken() using new end point "https://api.dropboxapi.com/oauth2/token".

That would be really helpful.

Thank you.