CODEWITHSUNDEEP
javascriptdropbox
jchristof
jchristof

Reputation: 2834

Accessing Dropbox app from browser

I'm trying to test connecting to a Dropbox app (created on my account) from a web page running on localhost. I've chosen to generate an authorization code rather than using the redirect. It seems that any code that's generated and displayed on the code page (https://www.dropbox.com/1/oauth2/authorize_submit) produces an error in the console when I try to access the app folder's metadata:

window.open('https://www.dropbox.com/1/oauth2/authorize?client_id=<appId>&response_type=code');

POST https://api.dropboxapi.com/1/metadata/auto/ 401 (Unauthorized)
DropboxCloud @ DropboxCloud.js:8
(anonymous) @ MainWindowStandalone.js:45
DropboxCloud.js:10 {"error": "The given OAuth 2 access token doesn't exist or has expired."}

However, if I use an authorization code generated on the Dropbox app page I a can successfully reach the folder :

DropboxCloud.js:10 {"hash": "68a0fc8c0c5670ff10e8e98b7fefcde8", "thumb_exists": false, "bytes": 0, "path": "/", "is_dir": true, "icon": "folder", "root": "app_folder", "contents": [], "size": "0 bytes"}

My code:

var request = new XMLHttpRequest();

        const url = 'https://api.dropboxapi.com/1/metadata/auto/';
        request.open('post', url, true);
        request.setRequestHeader('Authorization', 'Bearer ' + accessToken);
        request.setRequestHeader('Content-Type', 'application/json');

        request.send();
        request.onload = () => {
            console.log(request.response);
        };

I'd like to grant others access using the code generation page to help me test my app. What else do I need to make it work?

Upvotes: 0

Views: 222

Answers (1)

Greg
Greg

Reputation: 16930

The issue here is that "authorizations codes" are not the same as "access tokens", and cannot be used interchangeably.

When you retrieve a token using the OAuth 2 "token" flow, or via the "Generate" button on the app's page on the App Console, that gives you an actual Dropbox API OAuth 2 access token. That can be used to make API calls, such as to /1/metadata.

The string you get back from /oauth2/authorize when you use the OAuth 2 "code" flow is only an authorization code. That can't itself be used to make API calls. It is a temporary code that you can exchange for an access token, using /oauth2/token.

(Also, note that Dropbox API v1, such as /1/metadata, is deprecated.)

Upvotes: 1

Related Questions