You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
Issue Generating Refresh Token with OAuth Code Flow
Hello, I have been struggling a bit with getting a refresh token or any success response at all from the endpoint 'https://api.dropboxapi.com/oauth2/token' when following the guide here https://devel...
Given your redactions and descriptions, it seems like you're sending a parameter with the name being your app key and the value being your app secret, however that is not the correct formatting. When calling /oauth2/token to exchange the authorization code for an access token/refresh token with the code flow like this, you should send a parameter named "client_id" with the value being your app key, and a parameter named "client_secret" with the value being your app secret. You would do that the same way you already have a parameter named "code" with the value being the authorization code string.
(Note that it's also possible to send the app key and secret as "Basic" authorization, which is what the example in the documentation does using the "-u" curl flag, but that would be encoded and formatted differently. I recommend just using the parameters as described above for simplicity.)
Greg-DB
Dropbox Staff
Dropbox StaffGiven your redactions and descriptions, it seems like you're sending a parameter with the name being your app key and the value being your app secret, however that is not the correct formatting. When calling /oauth2/token to exchange the authorization code for an access token/refresh token with the code flow like this, you should send a parameter named "client_id" with the value being your app key, and a parameter named "client_secret" with the value being your app secret. You would do that the same way you already have a parameter named "code" with the value being the authorization code string.
(Note that it's also possible to send the app key and secret as "Basic" authorization, which is what the example in the documentation does using the "-u" curl flag, but that would be encoded and formatted differently. I recommend just using the parameters as described above for simplicity.)
Hello Greg, first thank you again for the response - that does indeed change my error response however I think I am just a bit off still from your explanation. It sounds like I should remove my app key : app secret and replace it with the two values you stated.
I have gone back to my app console to verify both values are accurate, any idea why it would say one is potentially invalid?
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
