error: invalid code verifier

mk29

Hi. I'm developing a C++ application that needs to connect to Dropbox. I'm stuck at implementing OAuth. As documentation suggests:

code_challenge String?(min_length=43, max_length=128) Part of the PKCE flow, the challenge should be an SHA-256 (S256) encoded value of a string that will serve as the code_verifier of the corresponding /oauth2/token call. Can can also be set to plain (plain).

My understanding was that this means I need to generate a random string with minimum 43 characters and hash it using SHA-256 and that will give me code_challenge. But when I call /oauth2/token I get this error:

 

 

 

 

{"error_description": "invalid code verifier", "error": "invalid_grant"}

 

 

 

 

Then found this article that says this is the correct way to calculate code_challenge:

 

 

 

 

Base64UrlEncode(SHA256Hash(code_verifier))

 

 

 

 

Which means I had to take an extra step and encode the hashed value. Tried this but the same message is returned. These are the values I'm sending:

 

 

 

 

code_verifier -> 2LORVR1BWsWNkUuLISmv28MR44bYCiq39mU5m8QuzKM
code_challenge -> YzY0Y2EwZTRlZDgwMTUwZWYxMzE2ZDQwZTJkMjQ0NWUxMDVlN2JlZWU2M2EzMjM3NjVmZTVhZmM2YzZlMjgyNw

 

 

 

 

 I have checked my code_challenge with online calculators and it's correct. I would appreciate it if someone could explain to me why I am getting this error.

Greg-DB

That code_challenge value does not appear to be correct for that code_verifier value. I tried plugging "2LORVR1BWsWNkUuLISmv28MR44bYCiq39mU5m8QuzKM" into https://tonyxu-io.github.io/pkce-generator/ as the "Code Verifier" and got a "Code Challenge" of "xkyg5O2AFQ7xMW1A4tJEXhBee-7mOjI3Zf5a_GxuKCc".

 

Also, make sure you're using the "Code Challenge" on the /oauth2/authorize URL, and are passing the "Code Verifier" to /oauth2/token, and not the other way around.