Hello, I faced many issues in generating access token First, I have here access code generated <REDACTED>Second trying to execute this curl : curl https://api.dropbox.com/oauth2/token \ -d code=<REDACTED> \ -d grant_type=authorization_code \ -d redirect_uri=https://api.dropbox.com/oauth2/token \ -u <REDACTED> It prints every time : {"error": "invalid_grant","error_description": "redirect_uri mismatch"}However I have here the redirected links

Hi Mostafa Ezzat,Let's try some authentication process step by step. 🙂 It may succeed.At the beginning make sure you have your App key and App secret at hand from App Console page. Select desired application there and once got there in and scroll to field "App key" and "App secret" (for the secret "Show" should be used) keep the browser window accessible, so would be able take a look there when needed.Next, open a new browser window and put into address line following:https://www.dropbox.com/oauth2/authorize?token_access_type=offline&response_type=code&client_id=<App key>Where "<App key>" is the one from you previous browser window. Next the confirmation you will get a code (alphanumeric sequence). The same could be received automatic when redirect URL is in use (either direct or PKCE code flow), but here we will perform it in such a way for clarity.Next step will be to "materialize" the received code. In a terminal window execute following curl command:curl https://api.dropbox.com/oauth2/token -d code=<received code> -d grant_type=authorization_code -u <App key>:<App secret> Where "<received code>" is the code shown up in the second browser window after confirmation. "<App key>" and "<App secret>" come from the first browser window. As a result you will get in your terminal something like:{"access_token": "sl.abcdefg123456789AbCdEf-GHijKLmn0U", "token_type": "bearer", "expires_in": 14400, "refresh_token": "oDfT54975DfGh12345KlMnOpQrSt01a", "scope": "account_info.read files.content.read etc.", "uid": "123456789", "account_id": "dbid:ABCDEF5g8HijklMNopQ2Rs5tUV_wxy5z_YO4"}Of course, you will receive different values filling the pattern. Here "sl.abcdefg123456789AbCdEf-GHijKLmn0U" is access token you can use in every regular API call for "14400" second since current moment until expires. "oDfT54975DfGh12345KlMnOpQrSt01a" is your refresh token. The one that will never expire (or till revoke). When currently received access token expires, you can perform following curl call:curl https://api.dropbox.com/oauth2/token -d grant_type=refresh_token -d refresh_token=oDfT54975DfGh12345KlMnOpQrSt01a -u <App key>:<App secret>Where "oDfT54975DfGh12345KlMnOpQrSt01a" is the refresh token "materialized" from code at the beginning. "<App key>" and "<App secret>" come again from the first browser window. As a result you will get in your terminal something like:{"access_token": "sl.abcdefg123456789AbCdEf-OPqrSTuv1W", "token_type": "bearer", "expires_in": 14400}Again "sl.abcdefg123456789AbCdEf-OPqrSTuv1W" is an access token usable in regular API calls for "14400" seconds (i.e. 4 hours). The last call need to be used every time you need valid access token and the previous one got expired. For the test here you don't have to wait 4 hours. You can call it immediately. 😉 Completes everything successfully? Every time you do receive access token, it can be use for as many seconds as denoted in "expires_in" field. The access token itself is a ASCII chars sequence and you should be ready to process such a sequence as presented (including different length). Hope this gives direction and clarifies matter with the step by step processing.

Forum Discussion

Mostafa Ezzat

Explorer | Level 4

3 years ago

Issue in generating access token

Hello, I faced many issues in generating access token

First, I have here access code generated <REDACTED>

Second trying to execute this curl :

curl https://api.dropbox.com/oauth2/token \     -d code=<REDACTED> \     -d grant_type=authorization_code \     -d redirect_uri=https://api.dropbox.com/oauth2/token \     -u <REDACTED>

It prints every time :
{
"error": "invalid_grant",
"error_description": "redirect_uri mismatch"
}
However I have here the redirected links

API

Здравко
3 years ago
Hi Mostafa Ezzat,
Let's try some authentication process step by step. 🙂 It may succeed.
At the beginning make sure you have your App key and App secret at hand from App Console page. Select desired application there and once got there in and scroll to field "App key" and "App secret" (for the secret "Show" should be used) keep the browser window accessible, so would be able take a look there when needed.
Next, open a new browser window and put into address line following:
https://www.dropbox.com/oauth2/authorize?token_access_type=offline&response_type=code&client_id=<App key>
Where "<App key>" is the one from you previous browser window. Next the confirmation you will get a code (alphanumeric sequence). The same could be received automatic when redirect URL is in use (either direct or PKCE code flow), but here we will perform it in such a way for clarity.
Next step will be to "materialize" the received code. In a terminal window execute following curl command:
curl https://api.dropbox.com/oauth2/token -d code=<received code> -d grant_type=authorization_code -u <App key>:<App secret>
Where "<received code>" is the code shown up in the second browser window after confirmation. "<App key>" and "<App secret>" come from the first browser window. As a result you will get in your terminal something like:
{"access_token": "sl.abcdefg123456789AbCdEf-GHijKLmn0U", "token_type": "bearer", "expires_in": 14400, "refresh_token": "oDfT54975DfGh12345KlMnOpQrSt01a", "scope": "account_info.read files.content.read etc.", "uid": "123456789", "account_id": "dbid:ABCDEF5g8HijklMNopQ2Rs5tUV_wxy5z_YO4"}
Of course, you will receive different values filling the pattern. Here "sl.abcdefg123456789AbCdEf-GHijKLmn0U" is access token you can use in every regular API call for "14400" second since current moment until expires. "oDfT54975DfGh12345KlMnOpQrSt01a" is your refresh token. The one that will never expire (or till revoke).

When currently received access token expires, you can perform following curl call:
curl https://api.dropbox.com/oauth2/token -d grant_type=refresh_token -d refresh_token=oDfT54975DfGh12345KlMnOpQrSt01a -u <App key>:<App secret>
Where "oDfT54975DfGh12345KlMnOpQrSt01a" is the refresh token "materialized" from code at the beginning. "<App key>" and "<App secret>" come again from the first browser window. As a result you will get in your terminal something like:
{"access_token": "sl.abcdefg123456789AbCdEf-OPqrSTuv1W", "token_type": "bearer", "expires_in": 14400}
Again "sl.abcdefg123456789AbCdEf-OPqrSTuv1W" is an access token usable in regular API calls for "14400" seconds (i.e. 4 hours). The last call need to be used every time you need valid access token and the previous one got expired. For the test here you don't have to wait 4 hours. You can call it immediately. 😉 Completes everything successfully?

Every time you do receive access token, it can be use for as many seconds as denoted in "expires_in" field. The access token itself is a ASCII chars sequence and you should be ready to process such a sequence as presented (including different length).

Hope this gives direction and clarifies matter with the step by step processing.

Greg-DB
Dropbox Staff
3 years ago
The "redirect_uri mismatch" error indicates that this call failed because the redirect_uri used on /oauth2/authorize to get that authorization code does not match the redirect_uri used when calling /oauth2/token. These two values need to match exactly. Or, if you didn't set redirect_uri on /oauth2/authorize, you should likewise omit it when calling /oauth2/token as well.

Also, note that the four dropbox.com/dropboxapi.com URIs you have registered for your app are part of Dropbox itself, and would not be redirect URIs you use for your app. For example, https://api.dropbox.com/oauth2/token is the endpoint for retrieving access tokens after the user has authorized the app; it is not a redirect URI for your app. The redirect URI would be some address that your app controls where it can receive the authorization result. Or as noted above, you can omit a redirect URI entirely.

You can find more information on how this flow works in the OAuth Guide and authorization documentation.
- Mostafa Ezzat
  Explorer | Level 4
  3 years ago
  I'll present the new steps I've taken
  First : I replaced app key value with mine and I got the code
  
  https://www.dropbox.com/oauth2/authorize?client_id=<APP_KEY>&token_access_type=offline&response_type=code
  
  second
  
  curl https://api.dropbox.com/oauth2/token \ -d code=<AUTHORIZATION_CODE> \ -d grant_type=authorization_code \ -d redirect_uri=<REDIRECT_URI> \ -u <APP_KEY>:<APP_SECRET>
  
  and replaced with my values
  
  curl https://api.dropbox.com/oauth2/token \ -d code=<REDACTED> \ -d grant_type=authorization_code \ -d redirect_uri=https://www.dropbox.com/oauth2/authorize?client_id=2hver24zt8u8zdv&token_access_type=offline&response_type=code \ -u <REDACTED>
  
  it prints this error
  
  { "error": "invalid_request", "error_description": "unknown field \"token_access_type\"" }
  
  I also tried Auth URL for code flow and prints the same error, Do I miss something? Thanks in advance.
  
  curl https://api.dropbox.com/oauth2/token \ -d code=<REDACTED> \ -d grant_type=authorization_code \ -d redirect_uri=https://www.dropbox.com/oauth2/authorize?client_id=<APP_KEY>&response_type=code \ -u <REDACTED>
  - Greg-DB
    Dropbox Staff
    3 years ago
    I see you're not setting a redirect_uri on /oauth2/authorize, so you should also not set a redirect_uri when calling /oauth2/token. Remove that '-d redirect_uri=...' from your /oauth2/token call and try again.
    
    By the way, as a matter of security, do not post your authorization code or app secret.

About Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,877 PostsLatest Activity: 12 months ago

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!

Forum Discussion

Issue in generating access token

About Dropbox API Support & Feedback

Related Content

Issues with shared folder access and quota usage on Dropbox Basic plan

Issues with website functionality

Re: Using Magento 2 to import images and get a timeout or access permissions error

Re: Dropbox keeps going back to the top of the folder when scrolling via VoiceOver on iOS 18.

Access

Recent Discussions

get_shared_link_metadata API problem with the new '/scl' folder links.

Trying to download a file, but no file is being downloaded.

Dropbox internal error occured - Resolution

How to add the entire team to team folder by api

API Upload .HEIC and convert to JPG