we are accessing having a problem in URL we have a file named xyx (1).jpg while passing this to server we are getting response as Unauthorized Access. May I Know how to pass this request to Server?
Here am using DropBox API for Winrt C#.
My guess would be that the library you're using makes request with OAuth 1 with an HMAC signature, and the signing code has a bug relating to URL encoding. Does the error happen for all files that have parentheses in it?
Can you tell us what library you're using? (Ideally, give us a link to it.)
Yes Error happens for all files with that name.
And this is the code we are using to retrieve the thumbnails of images.
public async Task<string> getThumbnailUrl(string path) { string url = string.Empty; try { WebProvider objWebProvider = new WebProvider(); var uri = DriveUtilities.GenerateSignature(new Uri(string.Format(AppConstants.DropBox_GetMediaItem, path), UriKind.RelativeOrAbsolute), "GET", DropBox_AccessToken, DropBox_AccessTokenSecret); uri = await objWebProvider.GETRequest(uri).ConfigureAwait(false); if (!string.IsNullOrEmpty(uri) && !uri.Equals(AppConstants.Unauthorized)) { DropBoxThumbnail result = JsonConvert.DeserializeObject<DropBoxThumbnail>(uri); if (result != null) url = result.url; } else { path = WebUtility.UrlEncode(path); var newuri = DriveUtilities.GenerateSignature(new Uri(string.Format(AppConstants.DropBox_GetMediaItem, path), UriKind.RelativeOrAbsolute), "GET", DropBox_AccessToken, DropBox_AccessTokenSecret); newuri = await objWebProvider.GETRequest(newuri).ConfigureAwait(false); if (!string.IsNullOrEmpty(newuri) && !newuri.Equals(AppConstants.Unauthorized)) { DropBoxThumbnail result = JsonConvert.DeserializeObject<DropBoxThumbnail>(newuri); if (result != null) url = result.url; } else { } } } catch { url = path; } return url; }
Yes we are using HMAC-SHA1 Signature.
The bug is presumably in GenerateSignature, but I don't see that code. Is that something you wrote, or is it from a library you're using?
GenerateSignature
If at all possible, I'd recommend switching to OAuth 2, or at least https://blogs.dropbox.com/developers/2012/07/using-oauth-1-0-with-the-plaintext-signature-method/. Both are simpler than using HMAC signatures, so you're less likely to have this kind of bug.
Yes exactly what you are saying. Some times the login also not possible with that api. Could you please help me out.
Hi This is Code for Generating Signature.
public static string GenerateSignature(Uri uri, string Method, string DropBox_AccessToken, string DropBox_AccessTokenSecret) { var oAuth = new OAuthBase(); var nonce = oAuth.GenerateNonce(); var timeStamp = oAuth.GenerateTimeStamp(); string parameters; string normalizedUrl; var signature = oAuth.GenerateSignature(uri, AppConstants.DropBoxConsumerKey, AppConstants.DropBoxConsumerSecret, DropBox_AccessToken, DropBox_AccessTokenSecret, Method, timeStamp, nonce, OAuthBase.SignatureTypes.HMACSHA1, out normalizedUrl, out parameters); //signature = HttpUtility.UrlEncode(signature); signature = WebUtility.UrlEncode(signature); StringBuilder requestUri = new StringBuilder(uri.ToString()); requestUri.AppendFormat("?oauth_consumer_key={0}&", AppConstants.DropBoxConsumerKey); if (!string.IsNullOrEmpty(DropBox_AccessToken)) requestUri.AppendFormat("oauth_token={0}&", DropBox_AccessToken); requestUri.AppendFormat("oauth_nonce={0}&", nonce); requestUri.AppendFormat("oauth_timestamp={0}&", timeStamp); requestUri.AppendFormat("oauth_signature_method={0}&", "HMAC-SHA1"); requestUri.AppendFormat("oauth_version={0}&", "1.0"); requestUri.AppendFormat("oauth_signature={0}", signature); return requestUri.ToString(); }
We're getting closer. :-)
It looks like the actual signature is created via oAuth.GenerateSignature. Is that code you wrote or a library you're using? Could you share that code?
oAuth.GenerateSignature
Here the code is .
public string GenerateSignature(Uri url, string consumerKey, string consumerSecret, string token, string tokenSecret, string httpMethod, string timeStamp, string nonce, SignatureTypes signatureType, out string normalizedUrl, out string normalizedRequestParameters) { normalizedUrl = null; normalizedRequestParameters = null; string signatureBase = string.Empty; string secretBase = string.Empty; switch (signatureType) { case SignatureTypes.PLAINTEXT: return UrlEncode(string.Format("{0}&{1}", consumerSecret, tokenSecret)); //signatureBase = GenerateSignatureBase(url, consumerKey, token, tokenSecret, httpMethod, timeStamp, nonce, HMACSHA1SignatureType, out normalizedUrl, out normalizedRequestParameters); case SignatureTypes.HMACSHA1: signatureBase = GenerateSignatureBase(url, consumerKey, token, tokenSecret, httpMethod, timeStamp, nonce, HMACSHA1SignatureType, out normalizedUrl, out normalizedRequestParameters); secretBase = string.Format("{0}&{1}", UrlEncode(consumerSecret), string.IsNullOrEmpty(tokenSecret) ? " : UrlEncode(tokenSecret)); var crypt = MacAlgorithmProvider.OpenAlgorithm(MacAlgorithmNames.HmacSha1); var buffer = CryptographicBuffer.ConvertStringToBinary(signatureBase, BinaryStringEncoding.Utf8); var keyBuffer = CryptographicBuffer.ConvertStringToBinary(secretBase, BinaryStringEncoding.Utf8); var key = crypt.CreateKey(keyBuffer); var sigBuffer = CryptographicEngine.Sign(key, buffer); return CryptographicBuffer.EncodeToBase64String(sigBuffer); case SignatureTypes.RSASHA1: throw new NotImplementedException(); default: throw new ArgumentException("Unknown signature type", "signatureType"); } }
I searched for little bits of that code, and I'm pretty sure that code comes from this project: https://code.google.com/p/oauth/. Is that right? Are you using that library? Have you asked the owners of that library for help?
It does look like that library supports PLAINTEXT signatures, so I still recommend switching to that so you don't need to debug this particular encoding problem.
yes exactly we are using that one only. So you recommend me to use PlainText Signature with oAuth1. Thank you for your response if i have any problem get back to you again.
I edited your post to remove the signature, but you may want to get a new app key and secret now that yours has been published here.
The signature that you originally posted looks broken... it should have an ampersand (&) at the end of it. (When URL-encoded, and ampersand ends up being a %26.) See https://blogs.dropbox.com/developers/2012/07/using-oauth-1-0-with-the-plaintext-signature-method/ for an example.
Hi I used PLAINTEXT but now it is not showing even single image thumbnail. but when i clicked on it it showing full image .
If I understand you correctly, you're no longer getting an "unauthorized access" error at all. Is that right?
If so, please explain the new issue you're seeing. Include the relevant code, what you expected to happen, and what actually happened.
No but now am getting Unauthorized Exception in case of showing thumbnails we are using this url( https://api-content.dropbox.com/1/thumbnails/auto ) It is always giving us above mentioned exception. How to get Thumbnails of Images from dropbox.
So you're still getting an "unauthorized error" message? Is this on all paths or still just the ones that include parentheses? Are you still using HMAC signing, or have you switched to PLAINTEXT?
Is it only /thumbnails that fails, or do other endpoints also fail?
/thumbnails
Am using PLAINTEXT only. Yes it fails only for Thumbnails.
It is on all paths but only for Thumbnails.
Please share code for a call that works (something other than /thumbnails) and a call that doesn't work (/thumbnails).
For Thumbnails
string url = DriveUtilities.GenerateSignature( new Uri(string.Format(AppConstants.DropBox_GetThumbnail, item.serverFileId), UriKind.RelativeOrAbsolute), "GET", drive.AccessToken, drive.RefreshToken); Stream fileStream = await FileHelper.getFileInputStream(url); if (fileStream != null) { try { if (fileStream.Length > 0) await FileSaveToStorage(fileStream, file); handler(fileStream); } catch (Exception ex) { } }
for full image we are using this code (working)
WebProvider objWebProvider = new WebProvider(); string size = "?size=" + await CommonFunctions.GetThumbnailSize(DriveType.DROPBOX); var uri = DriveUtilities.GenerateThumbviewSignature( new Uri(string.Format(AppConstants.DropBox_GetThumbnail, path) + size, UriKind.RelativeOrAbsolute), "GET", DropBox_AccessToken, DropBox_AccessTokenSecret); url = uri.ToString();
I'm confused.
What's the difference between DriveUtilities.GenerateSignature and DriveUtilities.GenerateThumbviewSignature?
DriveUtilities.GenerateSignature
DriveUtilities.GenerateThumbviewSignature
And why does one piece of code use item.serverFileId and the other path? (Is the "serverFileId" the path?)
item.serverFileId
path
And both snippets seem to use AppConstants.DropBox_GetThumbnail as the base URL, but I thought the second code snippet was supposed to be retrieving the full image (not a thumbnail).
AppConstants.DropBox_GetThumbnail
Yes the second one is for getting full image. No need to confuse we used same method but only the name is different here path and item.serverField means name of that particular image. In both cases everything is same except the URL. The url is different for full view image and thumbnail.
What's the value of AppConstants.DropBox_GetThumbnail?
DropBox_GetThumbnail = "https://api-content.dropbox.com/1/thumbnails/auto{0}"; {0} means we are appending image information here.
Both code snippets use AppConstants.DropBox_GetThumbnail. So they both seem to be requesting thumbnails.
Another issue I noticed: the first code snippet passes drive.AccessToken and drive.RefreshToken. Dropbox doesn't use a refresh token. Presumably you should be passing the access token secret as the second parameter.
drive.AccessToken
drive.RefreshToken
Okay. Thanks for your support.
Hi Actually I sent you wrong code regarding success case.
Here it am sending you again.
WebProvider objWebProvider = new WebProvider(); // path = WebUtility.UrlEncode(path); var uri = DriveUtilities.GenerateSignature( new Uri(string.Format(AppConstants.DropBox_GetMediaItem, path), UriKind.RelativeOrAbsolute), "GET", DropBox_AccessToken, DropBox_AccessTokenSecret); uri = await objWebProvider.GETRequest(uri).ConfigureAwait(false); if (!string.IsNullOrEmpty(uri) && !uri.Equals(AppConstants.Unauthorized)) { DropBoxThumbnail result = JsonConvert.DeserializeObject<DropBoxThumbnail>(uri); if (result != null) url = result.url; }
Are you still having trouble, or is your code working now?
Yes I have trouble in thumbnails.
