Implicit Grant Returns Access Denied unless localhost

Question

Background page: https://blogs.dropbox.com/developers/2013/07/using-oauth-2-0-with-the-core-api/ So I'm trying to use the implicit grant method of login as I have always done before. However, for some reason whenever I change the redirect url from: 'http://localhost:3000/loginredirect/' to my actual cloudfront url, it stops working. To be more specific this url when used with the cloudfront url: https://www.dropbox.com/1/oauth2/authorize?client_id= key>&response_type=token&redirect_uri=&state= Does not show me the Dropbox window asking me to grant access to my app, instead it shows me: AccessDenied Access Denied Also the loginredirect url for both localhost and cloudfront url is set on the app settings side. Not sure what's wrong, it's worked just fine before... If you have any tips on what might be happening, it'd be greatly appreciated! Thank you for your time!

Greg-DB · Accepted Answer

What's the URL of the page where you see the 'AccessDenied' output? That doesn't look like the format for an error from Dropbox. Is it your redirect URI itself? If so, I'm afraid I can't offer much help, as that would be an issue with your page, so you'd have to investigate what's happening there to cause that error.

cloudlife · Accepted Answer

The access denied url is on my cloudfront loginredirect url. However, there's also a difference in the way it works from Dropbox's side too.

When I'm using the implicit grant from localhost, I actually get a Dropbox page-Request for access to app folder every time I log in. However, when I use the cloudfront redirect url, it skips this page completely going straight to a access denied page.

I don't see why there was a difference in behavior from Dropbox as well.

In addition, I never defined this access denied page. It's also spitting out a RequestId and HostId.

-----------------------
SOLVED: It was an issue with the routing of the loginredirect page and the way it's managed by AWS, since it's a single page application. (To further elaborate just in case someone else runs into the same problem, essentially all urls need to point back to the index.html page. Due to limitations on the implicit grant and running a single page application)

The difference in Dropbox behavior persists even now that it's working. So apparently localhost and real redirect urls are treated differently.

Thanks for trying to help!