Child Item

php Authentication issues

Hi, Hoping to get a helping hand here. So this is the story. I try to authenticate from localhost (MAMP)

1. trouble when the user allows access and I look in the connected apps of that user I see "No access - App folder deleted (Pending)" on access type. Wondering if this has something to do with the next issue
2. when trying to get the user token it says: {"error_description": "No auth function available for given request", "error": "invalid_request"}

So this is my (testing code):

<p><a href="https://www.dropbox.com/oauth2/authorize?client_id=MY_APPS__APP-KEY&response_type=code&state=12345&redirect_uri=http://localhost:8888/dropbox/dropbox.php">Click here to grant access to our application</a></p>

<?php
$auth = 'MY_ACCESS_TOKEN';
    if (isset($_GET['code']) && $_GET['code'] != '' ) {
        $user_code = $_GET['code'];
    }
    echo "User code = " .$user_code . "<br />";
    if (isset($user_code)) {
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
        curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: Bearer ' . $auth, 'Content-Type: application/x-www-form-urlencoded'));
        curl_setopt($ch, CURLOPT_URL, "https://api.dropboxapi.com/oauth2/token");
        curl_setopt($ch, CURLOPT_POSTFIELDS, array('code'=> $user_code, 'client_id' => "MY_APPS_APP_KEY", 'client_secret' => "MY_APPS_APP_SECRET", 'grant_type' => $user_code, 'redirect_uri' => 'http://localhost:8888/dropbox/dropbox.php'));
        $response = curl_exec($ch);

        echo $response;
        curl_close($ch);
        fclose($fp);
        echo "<br /><br /><br />";
    }
?>

Hope someone can shed a light on this. Thanks in advance

Find more posts tagged with

API

Abuse

Comments

Greg-DB

Looking at your code, I notice a few things that need to be fixed:

- The /oauth2/token endpoint is how you exchange an authorization code for an access token, so you shouldn't be supplying an access token to it. You are sending an access token in the Authorization header though. (If you already have an access token for the user, you don't need to process the authorization flow again.)

- The 'grant_type' is supposed to be 'authorization_code'.

- You need to encode your parameters, e.g., using `http_build_query` like:

curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array(...

PSMDanny

Hi Greg,

Thanks for taking the time to try to help me out. If I follow this url:

<a href="https://www.dropbox.com/oauth2/authorize?client_id=MY_APPS__APP-KEY&response_type=code&state=12345&redirect_uri=http://localhost:8888/dropbox/dropbox.php">

I get back a code (that's the $user_code I'm refering to in my further code) to obtain an access token

If I change the curl code to this (according to your suggestion):

$ch = curl_init();
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
        curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
        curl_setopt($ch, CURLOPT_URL, "https://api.dropboxapi.com/oauth2/token");
        curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(array('code'=> $user_code, 'client_id' => "MY_APPS_APP_KEY", 'client_secret' => "MY_APPS_APP_SECRET", 'authorization_code' => $user_code, 'redirect_uri' => 'http://localhost:8888/dropbox/dropbox.php')));
        $response = curl_exec($ch);

I get the response:
{"error": "invalid_client: Invalid client_id or client_secret"}

The client_id and client_secret are taken from https://www.dropbox.com/developers/apps/info my aps page. Is there still something wrong in the curl code or am I missing something else?

BTW If I use the url from above to get access to the app, the app can bee seen in the personal account -> connected apps with message:
Access Type - No access - App folder deleted (Pending)

Is there also something wrong with auth url or is this normal behavior.

Thanks again.

Best Regards,
Danny

PSMDanny

Some more information:

I downloaded a php library called DropPHP entered my app key and app secret and I got the same error:
"invalid_client: Invalid client_id or client_secret

that made me think to create another app and try again with the new credentials. Guess what: it worked. So with the creation of my first app something must have gone wrong on dropbox's end with creating the right credentials (key and secret).

So now I can continue my further development. Thanks for your time...!!!