Greg-DB Dropbox Community Moderator

@"Ekaterina-T" Thanks for the feedback!

@"hb-dev" No, unfortunately there's no news on this request.

We don't have any specific resources or samples for Xamarin in particular unfortunately. I'll pass this along as a feature request but I can't promise if or when that might be implemented. The authorization flow is covered in the OAuth Guide and authorization documentation though. If something in the Dropbox API/OAuth flow…

@"sanchitcop19" Thanks for the note! I'll ask the team to clarify this in the UI there.

Dropbox does not support processing the OAuth app authorization flow in a web view. The OAuth app authorization flow should be processed in the user's system browser. See here for more information: https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize

That looks like a valid long-lived access token. Can you double check that this is the exact string being used? Can you share the rest of the relevant code where this is used for reference? By the way, note that access tokens enable access to Dropbox accounts, so for the sake of security, you should never share access…

@"benfsmith" While the Dropbox API does offer the ability to programmatically create (temporary) direct links, the documentation notes "This URL should not be used to display content directly in the browser.". I can't speak to whether or not this would happen to work for your use case in practice, but Dropbox doesn't…

Thanks for the feedback! I'll share this with the team.

@"M Anwar Bajwa" A refresh token is not something Dropbox support staff can provide for you. This process is supposed to be built in to the third party app itself. You should reach out to the developer of the third party app you're using for any help with that app.

@"pablorgz" Dropbox is migrating to issuing only short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information here. Can you clarify what you mean when you say "This dont work now"? For example, please share: * the name and version number of the platform and…

[Cross-linking for reference: https://stackoverflow.com/questions/70837899/dropbox-login-username-and-password-filds-hidden-xamarin-native ] Please note that the official Dropbox API v2 .NET SDK does not officially support Xamarin. Given that, and the version number you mentioned, it sounds like you're referring to the…

I see that you're getting the error "The given OAuth 2 access token is malformed". This error message should indicate that the access token being provided by the client (generally supplied as a "Bearer" value in the "Authorization" header of the HTTPS request sent by the third party app) is not of a valid Dropbox access…

Thanks for the detailed report! I'm raising this with the team. I'll follow up here once I have an update on this.

@"Ridvan_" You originally posted this in a thread where this issue seemed to be related to the use of a proxy. It sounds like that's not relevant in your case though, so I've split your post to its own thread. Anyway, I see you're getting an ETIMEDOUT error from the fetch network client. An ETIMEDOUT error like this should…

Thanks for following up. I'm glad to hear you got this working. I just wanted to report that we've fixed the SwiftyDropbox documentation.

Thanks for clarifying. In that case, please have the developer contact us directly if they need help implementing this. The specifics will depend on their existing code, platform, language, etc. They can contact us privately here if they prefer.

It sounds like you're referring to the "access token". You can get a new access token by processing the app authorization flow again. Doing so would produce a new access token, though I can't guarantee if it would or wouldn't also start with a "-". You should initiate the app authorization flow however you did originally.…

To clarify, are you the programmer or an end-user of the app in question? If you are not the programmer of the app, you'll need to reach out to them for help. For reference, the "offline" flow itself works, but it is something that would need to be implemented by the programmer of the app. In any case, the creation of new…

The "direct" links do expire after four hours, but the "preview" links shouldn't expire automatically. The "preview" links can be invalidated manually, e.g., by revoking the link or deleting the file. If you're seeing a "preview" link break unexpectedly, would you be able to share a sample so we can investigate? If so,…

Dropbox is switching to issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens, so this is expected. You can find more information on this migration here. That being the case, you will get a short-lived access token by default. (You can identify a short-lived access token by the…

Dropbox is switching to issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. Developers of existing third party apps received advanced noted of this change by email. More information can be found here. Apps can still get long-term access by requesting "offline" access though,…

Thanks for writing this up. First, for reference, can you let me know what version of SwiftyDropbox you have installed? If you're not using the latest version, currently v8.2.1, please upgrade to that and let me know if you're still seeing this issue. If so, please also share the snippet of code you're running to do the…

It looks like the different clients are producing different requests. For the requests that are failing with a 400 status code, print out the raw response body. The response body should contain a more useful error message indicating what the issue is. For the call where you are getting that "%PDF-1.4..." data back, that…

The API v2 JavaScript SDK supports both browser and node environments, so I recommend checking out that code.

The S256 method can be difficult to implement exactly correctly in code, and that tool you linked to is made by a third party so I can't say if it's producing exactly the format required for the OAuth 2 flow. You can refer to the code in the official Dropbox API v2 JavaScript SDK where this is done though. Alternatively,…

Thanks! That's helpful. I believe I see what's causing this now. Can you check what /oauth2/authorize URL you're using? Since you're trying to use the PKCE flow, you need to include the code_challenge and code_challenge_method parameters. If you don't include those though, this effectively becomes the non-PKCE flow, in…

Using that payload (though plugging in my own test client ID since you redacted yours), I still didn't get that error on https://reqbin.com/req/v0crmky0/rest-api-post-example . I instead got "code doesn't exist or has expired" as expected, since authorization codes are single-use and expire after a few minutes. Here's a…

Thanks. In particular I was most looking for the "Content-Type" header which will affect how the body is read, but that seems to be set correctly in your screenshot. Were you also setting that to "application/x-www-form-urlencoded;charset=UTF-8" when using https://reqbin.com/req/v0crmky0/rest-api-post-example ? That could…

Здравко is correct, it looks like your code/client is just sending the wrong "Content-Type" request header, and these endpoints don't take any parameters, so that header isn't required anyway. You mentioned you are attempting to set the header correctly, but it's possible whatever HTTPS client you're using is overriding…

Could you show both the headers and body for both the request and response? The Chrome developer tools should enable you to see both.