Child Item

OAuth2 access token request invalid - grant_type expecting \"authorization_code"\

Hi,

I am trying to obtain an acces token by converting the authorization code. I followed both documentation available in the following links:

https://www.dropbox.com/developers-v1/core/docs#oa2-token

https://blogs.dropbox.com/developers/2013/07/using-oauth-2-0-with-the-core-api/

This is the code I am runing after being redirected from Dropbox page:

<?php 
if (isset($_GET['code'])) {

    echo 'UserCode -> ' . $_GET['code'];

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
    curl_setopt($ch, CURLOPT_URL, "https://api.dropboxapi.com/oauth2/token");
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array('code'=> $_GET['code'], 'client_id' => "5n5**********aw", 'client_secret' => "zq**********tn8", 'grant_type' => $_GET['code'], 'redirect_uri' => 'http://localhost/optiSurface-dropbox/login.php')));

    $response = curl_exec($ch);

    echo '<pre>';
    var_dump($response);
    echo '</pre>';

}else{
	header('Location: http://localhost/optiSurface-dropbox/curl-auth1.php');
}

However, I am receiving a error message as follow:

string(154) "{"error_description": "\"grant_type\": got \"L22mWRF0R0AAAAAAAAAGt4o3aW761b9KrBSPgX6OugA\", expecting \"authorization_code\"", "error": "invalid_request"}"

As the error message says, it was expecting the authorization code. I am unsure what variable/data to use in this parameter.

Reading the documentation, I noted that is the same value from code attribute:

curl https://api.dropbox.com/oauth2/token \
    -d code=<AUTHORIZATION_CODE> \
    -d grant_type=authorization_code \
    -d redirect_uri=<REDIRECT_URI> \
    -u <APP_KEY>:<APP_SECRET>

How can I fix this problem?

Thank you in advance!

Find more posts tagged with

API

Abuse

Accepted answers

Greg-DB

The "grant_type" parameter value should literally be the string "authorization_code", and only the "code" parameter value should be the authorization code string you received.

That is to say, your parameter line should like something like this instead:

    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array('code'=> $_GET['code'], 'client_id' => "5n5**********aw", 'client_secret' => "zq**********tn8", 'grant_type' => "authorization_code", 'redirect_uri' => 'http://localhost/optiSurface-dropbox/login.php')));

By the way, you linked to the old version of the documentation. For reference, the current version is here: https://www.dropbox.com/developers/documentation/http/documentation#oauth2-token

lrduques

Problem solved!!

I just realized it's not necessary to include the complete path from the URL. Since the app has permission to access just it's own folder, I just included the file path itself.

So my json file it's like this:

{
    "path": "/text.txt",
    "include_media_info": false,
    "include_deleted": false,
    "include_has_explicit_shared_members": false
}

Thank you!!

All comments

Greg-DB

The "grant_type" parameter value should literally be the string "authorization_code", and only the "code" parameter value should be the authorization code string you received.

That is to say, your parameter line should like something like this instead:

    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array('code'=> $_GET['code'], 'client_id' => "5n5**********aw", 'client_secret' => "zq**********tn8", 'grant_type' => "authorization_code", 'redirect_uri' => 'http://localhost/optiSurface-dropbox/login.php')));

By the way, you linked to the old version of the documentation. For reference, the current version is here: https://www.dropbox.com/developers/documentation/http/documentation#oauth2-token

lrduques

Thank you Greg!

I am trying to list the files (/get_metadata) in my app folder but for some reason I can't set up the correct path. Take a look at this message:

{"error_summary": "path/not_found/", "error": {".tag": "path", "path": {".tag": "not_found"}}}

The app folder was automatically created by Dropbox, and after that I created a txt file named text.txt inside it. As you can see, this is the path:

However, when I send the /get_metadata request via curl I receive the error message that the path dosen't exist.

This is the json file - named getMetadata.json - with the parameters:

{
    "path": "/home/Aplicativos/optisurface",
    "include_media_info": false,
    "include_deleted": false,
    "include_has_explicit_shared_members": false
}

This is the curl request I am using:

<?php 

require_once 'Functions/functions.php';

$token = getToken($_SESSION['uid']);

$data  = file_get_contents('json/getMetadata.json');

	$ch = curl_init();

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: Bearer ' . $token[0]->itoken, 'Content-Type: application/json'));
    curl_setopt($ch, CURLOPT_URL, "https://api.dropboxapi.com/2/files/get_metadata");
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);

    $response = curl_exec($ch);

    echo '<pre>';
    print_r($response);
    echo '</pre>';

 ?>

Can you help me saying what am I doing wrong?

lrduques

Meanwhile, I used the /list_folder request since it supports root path just by leaving it empty "".

{"entries": [{".tag": "file", "name": "text.txt", "path_lower": "/text.txt", "path_display": "/text.txt", "id": "id:WEoRMx3RGMAAAAAAAAAAJg", "client_modified": "2019-03-08T00:23:18Z", "server_modified": "2019-03-08T00:23:18Z", "rev": "012000000012ec82090", "size": 5, "content_hash": "fe362d76b941f8f883e360e1a7bd26c78d4252c8229621711d6857846a2285f8"}], "cursor": "AAGNZvzM-WGZO5F9XFCBcrTUsT6mhUTRHnnY12-dD6lPgRK-hUZFzy8zMvgbnPMBuvKpIFY-1-QTfe0m_qpJMEE0hUs-JHq_gvzY1gGg2zIEblN0sE8MaGJnnyI_9a5dTi8CwzzfjgwL86mZtZL6UbMi", "has_more": false}

But I really want to understand why /get_metadata ins't working because in future code I'll need to access specifics paths.

Thank you in advance!

lrduques

Problem solved!!

I just realized it's not necessary to include the complete path from the URL. Since the app has permission to access just it's own folder, I just included the file path itself.

So my json file it's like this:

{
    "path": "/text.txt",
    "include_media_info": false,
    "include_deleted": false,
    "include_has_explicit_shared_members": false
}

Thank you!!

Greg-DB

I'm glad to hear you already sorted this out.

To confirm, yes, when using an app with the app folder permission, the paths you use should be relative to the app folder itself. You can get these path values programmatically from other Metadata objects in the 'path_lower' field, e.g., as returned by /2/files/list_folder.