You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

baltasarq's avatar
baltasarq
Helpful | Level 5
2 years ago

Dropbox Java client for Android: how to refresh token?

My app just needs to upload a backup file to a dropbox account from mine, so the access must be off-line (no prompting to the user, that would be confusing). This is carried out when the user finishe...
  • baltasarq's avatar
    baltasarq
    2 years ago

    Okay, solved.

    I summarized the process in the following notes:

     

    Dropbox client API

     

    1Cloud backup with the Dropbox API

    Until september 2022, it was possible to generate an access token, use it when creating the client, and don’t worry again about authorization. This is not possible anymore, so in order to create a backup system the most similar access system is PKCE for an offline app.

    2Refresh token

    After creating the app in the App Console, ignore the “generate token” option since this only creates a token valid for about 4 hours (though there is no note about this). Keep the PKCE activated.

     

    Now, paste the following line in the address bar of your browser:

     

    https://www.dropbox.com/oauth2/authorize?token_access_type=offline&response_type=code&client_id=<App key>

     

    You need to substitute <App Key> for the application key that appears in the App Console. Keep the App Secret code near, as well.

     

    You will authorize the app only once through that URL, and the answer will be the so called authorization code, an hexadecimal code. You need to take note of this code.

     

    3Obtaining the refresh token

    Now you have to open a terminal and paste there:

     

    curl https://api.dropbox.com/oauth2/token -d code=<Authorization Code> -d grant_type=authorization_code -u <App key>:<App secret>

     

    You have to substitute <Authorization Code> with the last obtained token, <App Key> with the App Key and <App Secret> with the App Secret, these latter appearing in the App Console.

     

    The answer will be a JSON piece of data similar to the following one:

     

    {
        "access_token":"sl...",
        "token_type": "bearer",
        "expires_in": 14400,
        "refresh_token": "oDfT54975DfGh12345KlMnOpQrSt01a",
        "scope": "account_info.read files.content.read ...",
        "uid": "123...",
        "account_id": "dbid:AB..."
    }

     

    The access token would be valid for the app to access Dropbox for 4 hours (expires_in). Note the “sl.” prefix (Short Lived). The important code here is refresh_token, which is a permanent token that you can access Dropbox with.

     

    4Using the Java API

    The problem with the API is that it is not always intuitive to use. With the PKCE access system, we only need to change the Dropbox client object in respect to what appears in the documentation.

     

            final String APP_PACKAGE = OWNER.getPackageName();
            final DbxRequestConfig CONFIG = DbxRequestConfig.newBuilder( APP_PACKAGE ).build();
            final DbxCredential CREDENTIALS = new DbxCredential(
                    "",
                    0L,
                    <dropbox refresh token>,
                    <app key>,
                    <app secret> );
    
            this.DBOX_CLIENT = new DbxClientV2( this.CONFIG, CREDENTIALS );

     

    The remaining code is left untouched.