Curious about A, B, C, and D drives? Learn what they mean and how to use them effectively with Dropbox in this handy guide! - check it out now!
Forum Discussion
Dropbox OAuth2 Issue: Scope Parameter Handling
According to OAuth2 Authorization documentation, the scope parameter is nullable, and as per RFC 6749, parameters without a value must be treated as omitted, with unrecognized parameters ignored.
However, Dropbox's OAuth2 implementation returns the following error when the scope parameter is included:
Error:
"error": "invalid_request",
"error_description": "unknown field \"scope\""
This behavior violates OAuth2 standards, as unrecognized parameters should not cause a failure.
- DB-Des
Dropbox Engineer
Hi Vivek_Yadav,
Including the scope parameter without value in the Auth URL does omit it and allows authorization to continue.
For example, the following two Auth URLs work without issues:
- https://www.dropbox.com/oauth2/authorize?client_id=<APP_KEY>&response_type=code&scope
- https://www.dropbox.com/oauth2/authorize?client_id=>APP_KEY>&response_type=code&scope=
In order to further investigate the error you have reported, please reply with:
- the steps to reproduce the issue, including relevant code snippet(s), but don't include any access or refresh token(s)
- the full text of any error or unexpected output
Hi DB-Des
This happens when we send the token request with grant type as authorization code and empty scope parameter i.e. without a value.
Based on the RFC, Dropbox should be ignoring parameters they don't recognize as valid, not failing the request.
Last para of RFC 6749 - The OAuth 2.0 Authorization Framework
Hi DB-Des, Any update on this?
- DB-Des
Thank you for following up. At this time, we don’t have any updates to share. Please rest assured that we’ll reach out to you as soon as we have any developments to report.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
