cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
ShowĀ Ā onlyĀ  | Search instead forĀ 
Did you mean:Ā 
Community
English
Announcements
Musicians, convert your MuseScore files to PDF to play music on the go! Learn more here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
ShowĀ Ā onlyĀ  | Search instead forĀ 
Did you mean:Ā 

Re: redirect_uri mismatch with unknown cause php

Labels:

redirect_uri mismatch with unknown cause php

FSUInnovation
Explorer | Level 4
ā€Ž03-03-2020 12:18 PM
Go to solution

I was using my php curl to request a token from the api. I set up my parameter array correctly. However, I get this error in return :{"error_description": "redirect_uri mismatch", "error": "invalid_grant"}400

This was my implementation:

$dropbox_url = "https://api.dropboxapi.com/oauth2/token";
$timeout = 40;
$app_key = key;
$app_secret = secret;
try {
$d1curl = curl_init();
$http_headers = array(
	"Authorization: Basic " . base64_encode($app_key . ":" . $app_secret),
	"Content-Type: application/x-www-form-urlencoded"
	);
$parameters = array(
	'code' => $code,
	'grant_type' => 'authorization_code',
	'redirect_uri' => url	
);
curl_setopt($d1curl, CURLOPT_URL, $dropbox_url);
curl_setopt($d1curl, CURLOPT_TIMEOUT, $timeout);
curl_setopt($d1curl, CURLOPT_HTTPHEADER, $http_headers);
curl_setopt($d1curl, CURLOPT_POST, true);
curl_setopt($d1curl, CURLOPT_POSTFIELDS, http_build_query($parameters));
curl_setopt($d1curl, CURLOPT_RETURNTRANSFER, true);
$_SESSION['code'] = $_GET['code'];
$_SESSION['token'] = curl_exec($d1curl);
$http_request = curl_getinfo($d1curl, CURLINFO_HTTP_CODE);
echo $_SESSION['token'];
echo $http_request;
curl_close($d1curl);
}
catch(Exception $e) {
	echo curl_error($d1curl);
	curl_close($d1curl);
}

 I copied and pasted it right out of my api console to double check the url itself.

Labels:
  • 0 Likes
  • 3 Replies
  • 3,736 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
ā€Ž03-05-2020 10:02 AM
Go to solution

Regarding your first question, yes, the "redirect_uri" value you specified on /oauth2/authorize should be the same "redirect_uri" value you then send to /oauth2/token.

I'm not sure I understand your second question though. You can re-use your redirect URI for each authorization, but note that each particular authorization code you get back can only be used once. You should exchange each authorization code via /oauth2/token once. The /oauth2/token endpoint will return an access token that you can store and re-use to make API calls for that user without further manual user intervention though.

View solution in original post

0 Likes
3 Replies 3

Greg-DB
Dropbox Staff
ā€Ž03-03-2020 04:47 PM
Go to solution

Can you share the full /oauth2/authorize URL you used to get the authorization code you're exchanging, as well as the redirect URI you're sending with this /oauth2/token call (your 'url' variable in the above code)?

Those need to match exactly. Keep in mind that you might have multiple different redirect URIs registered for your app, but you should use whichever one you used in the /oauth2/authorize URL, if any.

 

0 Likes

FSUInnovation
Explorer | Level 4
ā€Ž03-05-2020 09:47 AM
Go to solution

So Simply Take the redirect uri I used when I sent the user to the oauth path earlier and refactor my php page to use that page again? Will I be able to supply a parameter of some kind so that I can reuse that redirect uri without repeating the previous step in my auth process again?

0 Likes

Greg-DB
Dropbox Staff
ā€Ž03-05-2020 10:02 AM
Go to solution

Regarding your first question, yes, the "redirect_uri" value you specified on /oauth2/authorize should be the same "redirect_uri" value you then send to /oauth2/token.

I'm not sure I understand your second question though. You can re-use your redirect URI for each authorization, but note that each particular authorization code you get back can only be used once. You should exchange each authorization code via /oauth2/token once. The /oauth2/token endpoint will return an access token that you can store and re-use to make API calls for that user without further manual user intervention though.

0 Likes
Need more support?