stevenmaguire / oauth2-dropbox Goto Github PK

View Code? Open in Web Editor NEW

15.0 4.0 15.0 40 KB

Dropbox Provider for the OAuth 2.0 Client

License: MIT License

PHP 100.00%

oauth2-dropbox's Introduction

Dropbox Provider for OAuth 2.0 Client

This package provides Dropbox OAuth 2.0 support for the PHP League's OAuth 2.0 Client.

Installation

To install, use composer:

composer require stevenmaguire/oauth2-dropbox

Note: Due API deprecation, we dropped support to Dropbox API v1. If you need use v1, please use ^2.0.0 version constraint:

composer require "stevenmaguire/oauth2-dropbox:^2.0.0"

Usage

Usage is the same as The League's OAuth client, using \Stevenmaguire\OAuth2\Client\Provider\Dropbox as the provider.

Authorization Code Flow

$provider = new Stevenmaguire\OAuth2\Client\Provider\Dropbox([
    'clientId'          => '{dropbox-client-id}',
    'clientSecret'      => '{dropbox-client-secret}',
    'redirectUri'       => 'https://example.com/callback-url'
]);

if (!isset($_GET['code'])) {

    // If we don't have an authorization code then get one
    $authUrl = $provider->getAuthorizationUrl();
    $_SESSION['oauth2state'] = $provider->getState();
    header('Location: '.$authUrl);
    exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {

    unset($_SESSION['oauth2state']);
    exit('Invalid state');

} else {

    // Try to get an access token (using the authorization code grant)
    $token = $provider->getAccessToken('authorization_code', [
        'code' => $_GET['code']
    ]);

    // Optional: Now you have a token you can look up a users profile data
    try {

        // We got an access token, let's now get the user's details
        $user = $provider->getResourceOwner($token);

        // Use these details to create a new profile
        printf('Hello %s!', $user->getId());

    } catch (Exception $e) {

        // Failed to get user details
        exit('Oh dear...');
    }

    // Use this to interact with an API on the users behalf
    echo $token->getToken();
}

Refreshing a Token

Dropbox's OAuth implementation does not use refresh tokens. Access tokens are valid until a user revokes access manually, or until an app deauthorizes itself.

Testing

$ ./vendor/bin/phpunit

Contributing

Please see CONTRIBUTING for details.

Credits

License

The MIT License (MIT). Please see License File for more information.

oauth2-dropbox's People

Contributors

Stargazers

Watchers

Forkers

sjelfull-forks jamesfairhurst wesavetheworld iget-esoares lrf141 stephanvd mataniko josiasmontag polevaultweb jurrutten saliabodian kubaska mipapo pyovchevski-forks

oauth2-dropbox's Issues

Fix authorization URL

Authorization URL no longer works. This is the only step that requires an endpoint on www.dropbox.com. All other API requests are done via api.dropboxapi.com, content.dropboxapi.com, or notify.dropboxapi.com.

Until recently it also worked with api.dropbox.com but this is seemingly no longer the case.

There is a pull request for this fix:
#12

Invalid getResourceOwnerDetailsUrl() method

Getting the following error due to the tacked on access_token in the URL. This has apparently changed looking at their docs.

Cannot specify both an "Authorization" header and the URL/POST parameter "access_token".

Looking into a PR now.

Error fetching OAuth credentials: "bad_verification_code".

I've configured my dropbox app api key and secret, and the first step, redirecting the dropbox and authorizing the app, works fine.

But then I get the error

Error fetching OAuth credentials: "bad_verification_code".

The browser url reads

https://kpa.wip/auth/connect/controller/dropbox?code=QYjJ-r8n7_kAAAAAAACpLl9emB4C3F3KvyIL4kfjTuY&state=85be9df85521f7b910c977538ed3a573

but curiously that url is never actually called.

I've tried this coding directly from the documentation here, and also from theleague's auth client.

I'm guessing something is wrong with the 'state', but I'm not sure. And debugging is very hard because it does the redirect, then fails, and I'm not sure where to start, since that message appears to come from dropbox.

can you point me in the right direction on how to debug this? Or a demo app where I can plug in my app key and secret to see it working?

Thanks.

Release new version

The master branch works with the newest league version but has not been tagged appropriately. The last released/tagged version only works with league 0.8.

Scopes are space-delimited, not comma

The KNP OAuth bundle gets the redirect url with an array of scopes.

    #[Route('/connect/dropbox', 'connect_dropbox_start')]
    public function connectAction(ClientRegistry $clientRegistry)
    {
        // on Symfony 3.3 or lower, $clientRegistry = $this->get('knpu.oauth2.registry');

        // will redirect to Dropbox!
        return $clientRegistry
            ->getClient('dropbox') // key used in config/packages/knpu_oauth2_client.yaml
            ->redirect([
                'files.content.write', 'account_info.write'// the scopes you want to access (this fails)
            ]);
    }

Those scopes are being passed to dropbox as a comma-delimited list, but they should be space-delimited.

scope String? This parameter allows your user to authorize a subset of the scopes selected in the App Console. Multiple scopes are separated by a space. If this parameter is omitted, the authorization page will request all scopes selected on the Permissions tab. Read about scopes in the OAuth Guide.

A temporary solution is to pass a single array key with the space-delimited tokens, but it's not consistent with the scopes as defined in the bundle.

Unknown field "approval_prompt"

Hello,

Seems like this has been an error in the past but was solved, however I'm now getting it. Using "league/oauth2-client": "~1.0" which seems to always pass the approval_prompt in the Auth URL. Do you need to uncomment your override again?

Error (400)
It seems the app you were using submitted a bad request. If you would like to report this error to the app's developer, include the information below.

More details for developers

unknown field "approval_prompt"

Dropbox new OAuth2 (with supporting refresh token).

Hi! Dropbox plans do not support long-live access token (after September 2021) and will support refresh token. Will you change this lib according to new rules?

More info is here: https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens

I am getting the error path/not_found/

I am getting this error when trying to use the method files/get_temporary_link

{"error_summary": "path/not_found/...", "error": {".tag": "path", "path": {".tag": "not_found"}}}

It works when I test it on the sandbox environment here: https://dropbox.github.io/dropbox-api-v2-explorer/#files_get_temporary_link

I am using the Get Token button here and it works. But when I get token from the app itself it seems like the authtoken is the problem.