Child Item

400 BadRequest from .Net client when using refresh tokens

We are using the .Net SDK client vs 6.14. We primarily use the Files.GetMetadataSync and Files.SaveUrlAsync api calls. We call the API with a variety of long-lived accessTokens and refreshTokens depending on when our customer initiated their Dropbox connection with us. On a number of recent customers who we setup with refreshTokens, we receive a 400 BadRequest HttpRequestException on every API call we make. We configure the DropboxClient with the refreshToken and our AppKey and AppSecret, leaving the accessToken handling up to the DropboxClient. From the returned stack trace, we see the 400 BadRequest is NOT coming in regards to our API call, but rather from the internal oauth calls the library is making to get an AccessToken.

Can you tell us why we are getting the 400 BadRequest from internal oauth calls and what we can do to rectify it?

Here is the stack trace:

at HttpResponseMessage System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at async Task<bool> Dropbox.Api.DropboxRequestHandler.RefreshAccessToken(string[] scopeList)
at async Task<bool> Dropbox.Api.DropboxRequestHandler.CheckAndRefreshAccessToken()
at async Task<Result> Dropbox.Api.DropboxRequestHandler.RequestJsonStringWithRetry(string host, string routeName, string auth, RouteStyle routeStyle, string requestArg, Stream body)
at async Task<TResponse> Dropbox.Api.DropboxRequestHandler.Dropbox.Api.Stone.ITransport.SendRpcRequestAsync<TRequest, TResponse, TError>(TRequest request, string host, string route, string auth, IEncoder<TRequest> requestEncoder, IDecoder<TResponse> responseDecoder, IDecoder<TError> errorDecoder)
at async Task<SaveUrlResponse>

Find more posts tagged with

API

Abuse

Accepted answers

Greg-DB

There are a number of scenarios that can cause the refresh to fail like this, such as:

missing/incorrect/malformed refresh token
revoked refresh token (e.g., when the user unlinks the app via https://www.dropbox.com/account/connected_apps , etc.)
missing/incorrect/malformed app key
incorrect/malformed app secret
missing app secret (if the refresh token was retrieved using the non-PKCE flow)

The response body on that 400 error response would contain a more specific error message, though the .NET SDK unfortunately does not currently expose that. There's an open request to update it to do so.

So, make sure you're supplying the correct values. Since it sounds like this is only happening for a few users though, but for all calls for those users, it may be that the refresh tokens for those users are revoked, in which case you should have the users relink the app to get a new one.

All comments

Greg-DB

There are a number of scenarios that can cause the refresh to fail like this, such as:

missing/incorrect/malformed refresh token
revoked refresh token (e.g., when the user unlinks the app via https://www.dropbox.com/account/connected_apps , etc.)
missing/incorrect/malformed app key
incorrect/malformed app secret
missing app secret (if the refresh token was retrieved using the non-PKCE flow)

Intellicode Mangement Systems

Any examples on how the DropboxClient needs to be constructed for refresh tokens?

Greg-DB

@ Intellicode Mangement Systems Yes, for the official Dropbox API v2 .NET SDK, you can find an example of getting and using a refresh token in the OauthBasic example (non-PKCE, meant for server-side apps) as well as in the OAuthPKCE example (PKCE, meant for client-side apps)

Intellicode Mangement Systems

Response status code does not indicate success: 400 (Bad Request).

Still the reponse I am geting no luck!!!

Greg-DB

@ Intellicode Mangement Systems This isn't enough information for me to offer guidance on why that may be failing for you. I understand you have a support ticket open with more information though, so we'll review that and follow up with you there soon.

Intellicode Mangement Systems

Please I am doing everything send by the support team step by step but no luck.

Greg-DB

@ Intellicode Mangement Systems Your support ticket is currently open so it will be reviewed and receive further help soon.