Implementing OAuth on Dropbox API Python

Question

I'm trying to add a user to the development users of my dropbox app. In order to do so, it seems like I have to connect to the endpoints /token/from_oauth1 or/and /oauth2/token to generate their access token. I'm new with using APIs and struggling to understand how to implement OAuth/OAuth2 into my code. I'm using the requests library do so.

Here is a sample of what I've tried but hasn't been working for me:

import requests
import json

url = "https://api.dropboxapi.com/2/auth/token/from_oauth1"

headers = {
    "Authorization": "Basic <APP_KEY>:<APP_SECRET>",
    "Content-Type": "application/json"
}

data = {
    "oauth1_token": "<DROPBOX_USERNAME>",
    "oauth1_token_secret": "<DROPBOX_PASSWORD>"
}

r = requests.post(url, headers=headers, data=json.dumps(data))

But I receive the error b'Error in call to API function "auth/token/from_oauth1": Invalid value in HTTP header "Authorization": "Basic <APP_KEY>:<APP_SECRET>"'

APP_KEY and APP_SECRET are obviously replaced with their corresponding strings.

Am I right to be calling /token/from_oauth1 rather than /oauth2/token . If so, where am I going wrong with this request?

Answer 1

If you're starting a new integration with the Dropbox API, you should not use /2/auth/token/from_oauth1 . That's only for use with existing OAuth 1 access tokens, which you would only have received from an old integration with Dropbox API v1, which is now retired.

If you're starting now, you'll just be using Dropbox API v2 with OAuth 2 access tokens only.

To implement the OAuth app authorization flow to get OAuth 2 access tokens for use with Dropbox API v2, you should use the following:

• https://www.dropbox.com/oauth2/authorize ( documented here )
• https://api.dropboxapi.com/oauth2/token ( documented here )

I also recommend reviewing the OAuth Guide .

In any case, you should never directly handle the Dropbox username and password directly.

Also, since you're using Python, I highly recommend using the official Dropbox API v2 Python SDK , as it will do most of the work for you. It has helpers for processing the OAuth flow, such as DropboxOAuth2Flow and DropboxOAuth2FlowNoRedirect .

Here's a minimal example of processing the Dropbox OAuth 2 "code" flow using just requests :

import requests

app_key = "APP_KEY_HERE"
app_secret = "APP_SECRET_HERE"

# build the authorization URL:
authorization_url = "https://www.dropbox.com/oauth2/authorize?client_id=%s&response_type=code" % app_key

# send the user to the authorization URL:
print 'Go to the following URL and allow access:'
print(authorization_url)

# get the authorization code from the user:
authorization_code = raw_input('Enter the code:\n')

# exchange the authorization code for an access token:
token_url = "https://api.dropboxapi.com/oauth2/token"
params = {
    "code": authorization_code,
    "grant_type": "authorization_code",
    "client_id": app_key,
    "client_secret": app_secret
}
r = requests.post(token_url, data=params)
print(r.text)