Requests fail if client secret isn't added when using the javascript sdk

Question

I'm implementing the pkce flow correctly, I'm creating a dropbox object and adding the app key and refresh token, but when trying to use the check app method it will throw an exception with the error "Error in call to API function "check/app": Invalid authorization value in HTTP header/URL parameter", adding the app secret will solve this issue but I can't do that because I have to ship my app to the user, trying the same app key and refresh token in the c# sdk works and according to posts on the forum this should also work with the javascript sdk, here is my code:

Greg-DB · Accepted Answer

This is the expected behavior if attempting checkApp without an app secret; the checkApp method validates the app key and secret by calling /2/check/app which uses "App Authentication", which does require the app key and secret. So, that will fail without the app secret.

If you want to check the validity of the access token, use checkUser instead.