Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dropbox: Nonce mismatch after sign in using automatic code exchange #824

Open
timvonwerne opened this issue Mar 7, 2024 · 0 comments
Open
Labels
bug triage Issues that need to be triaged

Comments

@timvonwerne
Copy link

Describe the bug
After confirming the scopes in the sign in flow of Dropbox, I get the "Authorization error: Nonce mismatch" error when letting AppAuth perform the token exchange automatically (see next section). When tapping on "Manual" instead of "Auto", logging in and then tapping on "Code Exchange" everything seems to work fine.

To Reproduce
Steps to reproduce the behavior:
After not getting it to work with my own application, I tried the Example-iOS_Swift-Carthage. I will describe the steps to reproduce based on this example.

  1. Tap on "Auto"
  2. Allow the sign in to dropbox
  3. Login to Dropbox and Confirm the access scopes of the application

Expected behavior
The sign in should be completed successfully.

Screenshots (I will provide logs instead)

05:29:26: Fetching configuration for issuer: https://dropbox.com
05:29:26: Got configuration: OIDServiceConfiguration authorizationEndpoint: https://www.dropbox.com/oauth2/authorize, tokenEndpoint: https://api.dropboxapi.com/oauth2/token, registrationEndpoint: (null), endSessionEndpoint: (null), discoveryDocument: [<OIDServiceDiscovery: 0x3013084e0>]
05:29:26: Initiating authorization request with scope: openid profile email
05:29:42: Authorization error: Nonce mismatch

Environment

  • Device: iPhone 13 Pro, iPhone 15 Pro (Simulator)
  • OS: iOS 17.4, iOS 17.2 (Simulator)

Additional Context
As explained above, I took the original example. I tried retrieving the token with and without specifying the client secret. What's really weird is that I can see a response from https://api.dropboxapi.com/oauth2/token containing an access token and an id token when inspecting the network traffic using Proxyman.

@timvonwerne timvonwerne added bug triage Issues that need to be triaged labels Mar 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug triage Issues that need to be triaged
Projects
None yet
Development

No branches or pull requests

1 participant