Child Item

/oauth2/authorize (code flow) redirects to http://www.dropbox.com/home instead of redirect_uri

This OAuth2 problem appeared recently in our app (published a year ago). It closely resembles another user's forum post from 4 years ago: OAuth2 redirects to Dropbox.com instead of my redirect URI | The Dropbox Community

We use /oauth2/authorize (code flow) with redirect_uri to a localhost port. The auth flow still works great in these "routine" cases when Dropbox's authorization webpage appears:

User was not previously signed in to Dropbox, so signs in, then clicks Allow or Cancel.
User was previously signed in to Dropbox, so clicks Allow or Cancel.

Our problem is that it no longer works in this one case:

User was previously signed in to Dropbox, but signs out, then signs in again (as the same or different user) in the same window. Instead of the Allow/Cancel prompt, the user is redirected to www.dropbox.com/home. (It's as if the sign-out causes the server to forget that it's still running an auth flow for our client.)

I have put breakpoints in our localhost port listener, and can verify that no error is returned; it's left waiting for an error or auth code. I mention this because that was the cause of the earlier forum user's problem (a booboo in their listener).

In case you're able to inspect server logs, our app's Dropbox key is enrtqx0um3pxntl.

Thanks!

Find more posts tagged with

API

Abuse

Comments

DB-Des

Hi @barbicels

Could you share a short screencast showing the issue? Please ensure the Network tab of the browser's developer tools first so we can see what requests are occurring.

Spencer H

Hi @barbicels ,

Thank you for sharing this issue, we've been able to replicate this internally and our engineering team is aware of the issue. We'll follow up here once we have an update.

barbicels

Thank you! I look forward to a resolution of this issue. Much appreciated.