You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

Pelleman's avatar
Pelleman
Explorer | Level 4
3 years ago

How to create oauth2 access token from code?

Hello, I have written a backup solution and want to automatically post the backup file (a zip) to my Dropbox account every day when backup finishes.

How can I create an auth2 token by code and use it to post my file?

I have solved the issues around posting the file, but I have not figured out how to automatically create the auth2 token. I can only generate demo tokens valid for 24 hours but I need the ability to at any time generate the token automatically based on the app key/secret for my account.

 

I have tried "converting oauth1 to oauth2" using

 

 

curl -X POST https://api.dropboxapi.com/2/auth/token/from_oauth1 \
    --header "Authorization: Basic xxxx" \
    --header "Content-Type: application/json" \
    --data "{\"oauth1_token\":\"<token>\",\"oauth1_token_secret\":\"<token security>\"}"

 

 

but any combination of the data I have available generate errors.

Please provide an explanation in detailed steps how to accomplish this by automation (http requests etc).

Thanks!

  • Hi Pelleman,

    Access token received in whatever way is short lived and can't be used alone for a long time (4 hours, at most). For long term access (solution) you need to get to and store refresh token, which doesn't expire automatically. This token could be used to regenerate access token on demand and use the access token while valid for all regular API calls. For more info how you can get to such a refresh token and how you can automate "refreshing", take a look here. 😉

    Hope this helps.

  • Pelleman's avatar
    Pelleman
    Explorer | Level 4

    I should add that I have spent a few hours trying to use 

    https://api.dropboxapi.com/oauth2/token

    but it does not seem to provide a way to actually create a fully automated flow based on just the app id and secret. I don't want the step where a user has to open a browser or use some silly intermediary/proxy web server to make additional requests. It would not improve security in my project.

    So I want to 

    1. "Login" automatically in my code to dropbox, based on credentials saved in a file, to get the Oauth2 access code to use in step 2.

    2. Upload my file using the Oauth2 access code

    Is this even possible? Or should I look at other solutions/storage applications which allows a fully automated flow? Please provide an elaborated answer on how to achieve steps 1 and 2. Thanks!

     

    • Здравко's avatar
      Здравко
      Legendary | Level 20

      Hi Pelleman,

      Access token received in whatever way is short lived and can't be used alone for a long time (4 hours, at most). For long term access (solution) you need to get to and store refresh token, which doesn't expire automatically. This token could be used to regenerate access token on demand and use the access token while valid for all regular API calls. For more info how you can get to such a refresh token and how you can automate "refreshing", take a look here. 😉

      Hope this helps.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    Pelleman It is not possible to fully automate the OAuth process where the user chooses to authorize the app and the app then receives the resulting access token and optional refresh token. This needs to be done manually by the user once. It's not possible to programmatically get an access token or refresh token using only the app key and secret.

     

    As Здравко noted, Dropbox issues short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. Apps can get long-term access by requesting "offline" access though, in which case the app receives a "refresh token", which doesn't expire and can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation.

    • Pelleman's avatar
      Pelleman
      Explorer | Level 4

      Thanks for the help both of you, I think that refresh token solution suits my needs perfectly. I just tested it and it works as advertised.