We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
ancso
3 years agoHelpful | Level 6
Can't get PKCE access token uses javascript fetch request
I am trying to utilize the PKCE in a background script of chrome extension example shows the following: curl https://api.dropbox.com/oauth2/token \
-d code=<AUTHORIZATION_CODE> \
-d grant_typ...
- 3 years ago
yes!
that was the problem
my apologies I missed these arguments in the request URLhowever,
i am now getting the error{error: 'invalid_grant', error_description: 'invalid code verifier'}
The URL includes both code_challenge and code_challenge_method
and looks like:https://www.dropbox.com/oauth2/authorize?response_type=code&client_id=<client_id>&code_challenge=<code_challenge>&code_challenge_method=S256
and the parameters sent to oauth2/token are:client_id=<client_id>&grant_type=authorization_code&code=<auth code from dropbox>&code_verifier=<128 char verifier>
i also made sure that <code challenge> is a SHA256 hash of <128 char verifier> by testing it at https://emn178.github.io/online-tools/sha256.html
what am i missing?
ancso
Helpful | Level 6
according to the de tools all parameters are sent
could it be that one of them is simply of wrong type?
if so I suppose it will be the calculation of the code_verifier
for such a small task i did not want to import a library so i have the following code:
var code_verifier = '';
var codeChallenge = '';
/**
*
*/
setDropboxCodes(){
var codes = {};
const base64Encode = (str) => {
return str.toString('base64')
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/=/g, '');
}
codeVerifier = base64Encode(getRandomString(128));
var code256 = _self.sha256(codes['codeVerifier'])
.codeChallenge = base64Encode(code256);
}
/**
*
*/
getRandomString(length) {
var randomChars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
var result = '';
for ( var i = 0; i < length; i++ ) {
result += randomChars.charAt(Math.floor(Math.random() * randomChars.length));
}
return result;
}
Greg-DB
3 years agoDropbox Staff
Could you elaborate on what you mean when you say "according to the de tools all parameters are sent"? For instance, could you show the request (headers and body) that your client is sending? Be sure to redact any sensitive values themselves though.
If a parameter was being sent in the correct format but had an incorrect value, the API should respond with a different message than the one you're getting.
Also, it's worth mentioning that I'm not running this in the context of a Chrome extension, so that may be contributing to the difference.
- ancso3 years agoHelpful | Level 6
since its SSL i am unable to use wireshrk/tcpdump
In the Chrome's dev tools, under the payload tab i can see the following (raw data):client_id=<15 chars clienid>&grant_type=authorization_code&code=<43 chars code>&code_verifier=<128 chars code_verifier>
all codes include only lower&Upper case letters and numbers
i also tested this string at https://reqbin.com/req/v0crmky0/rest-api-post-example and got the same result- Greg-DB3 years agoDropbox Staff
Could you show both the headers and body for both the request and response? The Chrome developer tools should enable you to see both.
- ancso3 years agoHelpful | Level 6
the headers:
because it is a chrome extension the body is not in it
there is a tab called payload instead:i tried to use the above string in https://reqbin.com/req/v0crmky0/rest-api-post-example and got the same error
looks like the issue is not with the chrome extension, probably something to do with the data in the body
Thanks
Avner
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,877 PostsLatest Activity: 12 months agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!