dropbox-sdk-dotnet icon indicating copy to clipboard operation
dropbox-sdk-dotnet copied to clipboard

Published 20 hours ago verified publisher icon dropbox

OAuth PKCE getting access token is not working

Open jppgmx opened this issue 2 years ago • 3 comments

Before you start Have you checked StackOverflow, previous issues, and Dropbox Developer Forums for help? Yes

What is your question? I'm using the OAuth PKCE example to receive an access token, everything works fine, however an HttpListenerException is thrown saying: Access is denied. For that I changed the LoopbackHost value (127.0.0.1) to localhost, that worked, but in System.Diagnostics.Process.Start() it threw a Win32Exception saying it cannot find the specified file.

So some questions to try:

  1. For Windows, which address is suitable for LoopbackHost?
  2. What could change in System.Diagnostics.Process.Start()? Do you have any alternative to open the URL?
  3. Executing these two actions above, will something change in the HttpListener structure? (I'm referring to those two redirection methods defined in Program.cs)

Versions

  • What version of the SDK are you using? 6.36.0
  • What version of the language are you using? ASP .NET Core 5 (Blazor Server Side Application) and latest C# Language for .NET 5
  • What platform are you using? Windows 7

Additional context That existing SDK example I refer to was added 2 years ago and this SDK is up to date, I think something has changed. (Wouldn't it be better to update all examples?)

jppgmx avatar Nov 27 '22 13:11 jppgmx

The LoopbackHost is used to make the redirect URI, and in practice can be whatever works for your use case to receive the authorization result, as long as you register it for the app as noted there.

As for the issue, it appears to be the same as https://github.com/dropbox/dropbox-sdk-dotnet/pull/299 . We haven't merged that in to the SDK, but give that a try to see if it resolves the issue for you.

greg-db avatar Nov 28 '22 22:11 greg-db

As for the issue, it appears to be the same as #299 .

I looked at the aforementioned problem and the opening of the URI worked. As I mentioned in the problem, I use ASP .NET Core, so to handle redirection, I created an MVC controller.

[ApiController]
    [Route("ieiApi/[controller]/[action]")]
    public class RedirectController : Controller
    {
        public RedirectController()
        {
           //Do stuff... (e.g Assign variables)
        }

        public IActionResult Index()
        {
            return BadRequest();
        }

        [HttpGet]
        public IActionResult Authorize([Bind("code")] string code, [Bind("state")] string state)
        {
            //Do stuff for check state and return code internally.
            return Ok();
        }
}

In the constructor of a service that uses DropboxClient, I added:

public Service(IHttpContextAccessor accessor)
{
    //Get base uri.
    var baseUri = accessor.HttpContext.Request.Host.Value;
    //Combine com redirect path
    string redirectURI = $"{baseUri}/ieiApi/Redirect/Authorize";

    //Do stuff com redirectUri....
}

Now, I was in doubt with the authorize URI, is it possible to make it so that, when opened, it goes straight to redirect? Without asking permission for the user?

jppgmx avatar Dec 07 '22 18:12 jppgmx

@JPPlaysGamer It's not possible to force it to do so, but Dropbox will automatically redirect the user to the redirect URI without having them manually click through under certain conditions, such as if they've already authorized the app, they don't have multiple accounts to pick from, and the redirect URI uses https.

In any case, it's worth noting that you don't need to process the app authorization flow every time. Access tokens and refresh tokens can be stored and re-used without sending the user through the flow again.

greg-db avatar Dec 07 '22 19:12 greg-db