Child Item

OAuth2 access token request - Basic authentication not working

I am trying to integrate Dropbox in my webservice. However I decided to use a direct integration instead of any APIs as I need a limited number of functions only and not used to code object orientated in PHP.

For any reason my authentication token handling is not working. I figured out, something is wrong with the basic authentifiation, as some other functions which should work with basic as well as bearer authentification do only work with the last one mentioned.

function dropboxAuthentication($code){

    global $authToken;
    $parameters['code']=$code;
    $parameters['grant_type']="authorization_code";
    $parameters['redirect_uri']="https://myurl.com/file.php";

    // Create the context for the request
    $context = stream_context_create(array(
        'http' => array(
            'method' => 'POST',
            'header' => 'Authorization: {Basic '.base64_encode("my app id:my app secret").'}\r\n'.
                'Content-Type: application/json\r\n',
            'content' => json_encode($parameters)
       )
    ));

    // Send the request
    $response = file_get_contents('https://api.dropboxapi.com/oauth2/token', FALSE, $context);

    // Check for errors
    if($response === FALSE){
        die('Error');
    }

    // Decode the response
    $result=json_decode($response, TRUE);
    return $result['code'];

}

The file accessed after the login calls the function with the temporary code given. The temporary code is received well.

The result is always

Error

I checked the response code which is a HTTP Error 400.

Thank you very much for your support!

Find more posts tagged with

API

Abuse

Accepted answers

Greg-DB

Thanks! The API is indicating that the request wasn't valid. This particular error message isn't too specific, but it seems to be indicating that the necessary information wasn't given.

Looking through your code, you appear to be sending the parameters as JSON. The /oauth2/token endpoint expects application/x-www-form-urlencoded POST parameters though (with the app key and secret in particular optionally sent in the Authorization header instead).

Please update your code to send the rest of the parameters as application/x-www-form-urlencoded POST parameters instead.

All comments

Greg-DB

What is the content of the body for 400 HTTP response? It should contain a more useful error message.

pineapps

Greg K. schrieb:
What is the content of the body for 400 HTTP response? It should contain a more useful error message.

For me however, this is not really useful:

I did a

echo implode($http_response_header);

Returns

HTTP/1.1 400 Bad RequestServer: nginxDate: Fri, 05 Jan 2018 20:33:52 GMTContent-Type: application/jsonConnection: closeX-Dropbox-Request-Id: 864d06461b2bc9f132a4cfa44ca9f2a5X-Frame-Options: DENYContent-Security-Policy: sandbox; frame-ancestors 'none'X-Content-Type-Options: nosniffContent-Disposition: attachment; filename='error'

Maybe, this is more usefull for you Thank you in advance!

Greg-DB

That appears to be the response headers only. Can you print the response body?

pineapps

Greg K. schrieb:
That appears to be the response headers only. Can you print the response body?

I managed to get additional information from the HTTP request:

{"url":"https:\/\/api.dropboxapi.com\/oauth2\/token","content_type":"application\/json","http_code":400,"header_size":385,"request_size":350,"filetime":-1,"ssl_verify_result":0,"redirect_count":0,"total_time":0.287188,"namelookup_time":0.004172,"connect_time":0.018384,"pretransfer_time":0.053378,"size_upload":23,"size_download":97,"speed_download":337,"speed_upload":80,"download_content_length":-1,"upload_content_length":23,"starttransfer_time":0.287049,"redirect_time":0,"redirect_url":"","primary_ip":"162.125.66.7","certinfo":[],"primary_port":443,"local_ip":"85.13.153.199","local_port":45981}

Last data received

{"error_description": "No auth function available for given request", "error": "invalid_request"}

Greg-DB

Thanks! The API is indicating that the request wasn't valid. This particular error message isn't too specific, but it seems to be indicating that the necessary information wasn't given.

Please update your code to send the rest of the parameters as application/x-www-form-urlencoded POST parameters instead.

pineapps

Greg K. schrieb:
Thanks! The API is indicating that the request wasn't valid. This particular error message isn't too specific, but it seems to be indicating that the necessary information wasn't given.

Looking through your code, you appear to be sending the parameters as JSON. The /oauth2/token endpoint expects application/x-www-form-urlencoded POST parameters though (with the app key and secret in particular optionally sent in the Authorization header instead).

Please update your code to send the rest of the parameters as application/x-www-form-urlencoded POST parameters instead.

This helps me very much!

I tried to fix this with a simple but dirty solution

$response = file_get_contents('https://my_app_id:my_app_key@api.dropboxapi.com/oauth2/token', FALSE, http_build_query($parameters));

Which seems to be almost working (at least detects if I am missing parameters, so the authentication seems to work).

The result of the function http_build_query is

code=authcodegoeshere&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fmydomain.com%2Ffile.php

and should be in the correct format.

The updated error says this:

:{"error_description": "unknown field \"var1\"", "error": "invalid_request"}

Thank you very much for your help!

Edit: Got it! Created a new complex function accessing the data with curl. Thank you very much for your help, this helped me very much!