Child Item

redirect_uri mismatch with unknown cause php

I was using my php curl to request a token from the api. I set up my parameter array correctly. However, I get this error in return :{"error_description": "redirect_uri mismatch", "error": "invalid_grant"}400

This was my implementation:

$dropbox_url = "https://api.dropboxapi.com/oauth2/token";
$timeout = 40;
$app_key = key;
$app_secret = secret;
try {
$d1curl = curl_init();
$http_headers = array(
	"Authorization: Basic " . base64_encode($app_key . ":" . $app_secret),
	"Content-Type: application/x-www-form-urlencoded"
	);
$parameters = array(
	'code' => $code,
	'grant_type' => 'authorization_code',
	'redirect_uri' => url	
);
curl_setopt($d1curl, CURLOPT_URL, $dropbox_url);
curl_setopt($d1curl, CURLOPT_TIMEOUT, $timeout);
curl_setopt($d1curl, CURLOPT_HTTPHEADER, $http_headers);
curl_setopt($d1curl, CURLOPT_POST, true);
curl_setopt($d1curl, CURLOPT_POSTFIELDS, http_build_query($parameters));
curl_setopt($d1curl, CURLOPT_RETURNTRANSFER, true);
$_SESSION['code'] = $_GET['code'];
$_SESSION['token'] = curl_exec($d1curl);
$http_request = curl_getinfo($d1curl, CURLINFO_HTTP_CODE);
echo $_SESSION['token'];
echo $http_request;
curl_close($d1curl);
}
catch(Exception $e) {
	echo curl_error($d1curl);
	curl_close($d1curl);
}

I copied and pasted it right out of my api console to double check the url itself.

Find more posts tagged with

API

Abuse

Accepted answers

Greg-DB

Regarding your first question, yes, the "redirect_uri" value you specified on /oauth2/authorize should be the same "redirect_uri" value you then send to /oauth2/token.

I'm not sure I understand your second question though. You can re-use your redirect URI for each authorization, but note that each particular authorization code you get back can only be used once. You should exchange each authorization code via /oauth2/token once. The /oauth2/token endpoint will return an access token that you can store and re-use to make API calls for that user without further manual user intervention though.

All comments

Greg-DB

Can you share the full /oauth2/authorize URL you used to get the authorization code you're exchanging, as well as the redirect URI you're sending with this /oauth2/token call (your 'url' variable in the above code)?

Those need to match exactly. Keep in mind that you might have multiple different redirect URIs registered for your app, but you should use whichever one you used in the /oauth2/authorize URL, if any.

FSUInnovation

So Simply Take the redirect uri I used when I sent the user to the oauth path earlier and refactor my php page to use that page again? Will I be able to supply a parameter of some kind so that I can reuse that redirect uri without repeating the previous step in my auth process again?

Greg-DB

Regarding your first question, yes, the "redirect_uri" value you specified on /oauth2/authorize should be the same "redirect_uri" value you then send to /oauth2/token.