0

I'm trying to get the dropbox access_token, but the only response I get is "No auth function available for given request", and I don't know why. I've tried changing and adding every way that went through my mind to get the access code or at least a different error.

The code is the next:

generateAccessToken(accessCode: string){
    const body = 'code=' + accessCode + '&grant_type=authorization_code&redirect_uri=' + environment.publicURL;
    const httpHeaders = new HttpHeaders({
      Authorization: 'Basic ' + btoa(environment.clientIdDropbox + ':' + environment.clientSecretDropbox)
    });
    const url = 'https://api.dropbox.com/oauth2/token'
    this._http.post(url, body, {headers: httpHeaders})
    .subscribe(res => {
      //CODE AFTER GETTING THE CODE
    });
  }

I have to add that I've tried doing what I think is the exact same request on Postman and it works as intended.

UPDATE

I've seen with a sniffer that something is apparently overwriting the Basic authorization header with a Bearer authorization header.

José Manuel Rosales Varela
  • 1
  • 2
  • Have you tried to use an HTTP sniffer such as Wireshark (https://www.wireshark.org/)? Maybe this can help you compare the output between your program and Postman. – Jason D Dec 18 '20 at 11:57
  • I'll try to do this, but I'm not too familiar with any sniffer. – José Manuel Rosales Varela Dec 18 '20 at 12:19
  • I see you've added "something is apparently overwriting the Basic authorization header with a Bearer authorization header". That would definitely break the call, since the app key and secret values from the original `Basic` `Authorization` header are needed to validate the call. I don't see in the provided code where/why that would be occurring, so you'll need to debug your `_http` client. – Greg Dec 18 '20 at 15:57
  • Alternatively, in case it helps work around the issue, you can supply the app key and secret as parameters `client_id` and `client_secret`, like you do for the `code` parameter, to avoid using the `Authorization` header, per [the docs](https://www.dropbox.com/developers/documentation/http/documentation#oauth2-token). – Greg Dec 18 '20 at 15:57

1 Answers1

0

From various other questions on this matter I see that your type of error appears if the service side (drop box) doesn't know which type of token you are requesting or if the token is simply wrong. The error message appears to be very generic. So I guess in your case you fill the "Authorization" header ("Basic .."), but the secret is wrong/missing.

See this similar other question on stackoverflow (it uses standard authenication flow, though):

No auth function available for given request

Peter Branforn
  • 1,679
  • 3
  • 17
  • 29
  • The thing is that I printed the headers with a console.log and copied and pasted it on Postman's authorization header and it works just fine from there. I've tried with Bearer instead of Basic too, and it didn't even change the error message. – José Manuel Rosales Varela Dec 18 '20 at 12:00
  • I would expect that, the security APIs must not provide more details to prevent analysis of the error from an attackers side, so changing from BASIC to BEARER will not give you more details. The second guess from my side would be to review the redirect_uri, it might to be wrong then: can't you test with a static url before using parameters there? Usually a redirect URL must match including HTTP(s) and complete path (attention "/" separators at the end). – Peter Branforn Dec 18 '20 at 12:09
  • I tried what you just said and nothing, I keep getting the same error, and that URL that I'm using is registered and all in the dropbox app console, so I don't think that could be the problem. – José Manuel Rosales Varela Dec 18 '20 at 12:21
  • Now the Peter is out of ideas :-/. – Peter Branforn Dec 18 '20 at 13:03