Child Item

OAuth2 Flow in Chrome App fails

Hi,

I'm working on a ChromeOS App that integrates with Dropbox. I can't get the OAuth2 token flow to work using chrome.identity.launchWebAuthFlow. Rolling my own version of that API to do the token flow works.

The most suspicious thing I see in the browser logs is that there is a GET to /oauth2/authorize that gets aborted. First there is a GET to ttps://www.dropbox.com/oauth2/authorize?client_id=redacted&force_reapprove=true&redirect_uri=https%3A%2F%2Fwww.dropbox.com%2F1%2Foauth2%2Fdisplay_token&response_type=token, then a GET to https://www.dropbox.com/oauth2/authorize?client_id=redacted&response_type=token&redirect_uri=https://www.dropbox.com/1/oauth2/display_token&force_reapprove=true, that gets aborted and immediately reissued. My hypothesis is that when that request is aborted, the launchWebAuthFlow API assumes that the login process has failed and gives up.

Additional information about my use case:
* I have 2-factor authentication, using Google Authenticator, configured for my account

Any thoughts or advice would be appreciated.

Find more posts tagged with

API

Abuse

Comments

Greg-DB

First, for reference, are you using the official Dropbox API v2 JavaScript SDK?

Looking at the two URLs you shared, the differences appear to be: (unless something got lost in formatting when posting to the forum)

the URL parameter order
the URL parameter encoding

Can you try initially supplying the URL exactly as it is the second, reformatted version? I believe it's technically wrong to supply it like that since the 'redirect_uri' URL parameter isn't properly URL encoded, but it may be useful for the sake of troubleshooting to see if that helps.

kp8080

I tried using the official SDK to get the login URL. Same symptoms. When I have some time I'll see if I can try the reformatted URL.