We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
Oauth2 refresh token question - what happens when the refresh token expires?
I've been testing the Dropbox OAuth2 endpoints for a few days and I have read the documentation provided directly by Dropbox. However, it is not clear to me how I'm supposed to handle the acquisition...
While Dropbox "short-lived access tokens" do expire automatically, "refresh tokens" do not. When your app gets a refresh token, it can use that to continuously get new short-lived access tokens whenever needed, without further manual user intervention. (The Python SDK actually does that for you automatically.)
So, since Dropbox refresh tokens do not expire automatically they can and should be re-used repeatedly. The app will not receive a new refresh token every time it requests a new short-lived access token. It should just store and continue re-using the same one.
They can be revoked manually though, either by the user (e.g., via https://www.dropbox.com/account/connected_apps ) or the app, at which point the app would need to prompt the user to re-authorize the app if they wish to use it again.
Greg-DB
Dropbox Staff
Dropbox StaffThanks for the feedback! I'll ask the team to clarify this in the documentation.
It looks like some of the documentation has been updated, but I didn't see anything in the Oauth guide, which would be the best place to explain the process. I've been asked a few times about how to fix this in code and the solution is really straight forward to explain via the code itself.
Go here to see a PKCE authorization example script, which has the following code:
#!/usr/bin/env python3
import dropbox
from dropbox import DropboxOAuth2FlowNoRedirect
'''
Populate your app key in order to run this locally
'''
APP_KEY = ""
auth_flow = DropboxOAuth2FlowNoRedirect(APP_KEY, use_pkce=True, token_access_type='offline')
authorize_url = auth_flow.start()
print("1. Go to: " + authorize_url)
print("2. Click \"Allow\" (you might have to log in first).")
print("3. Copy the authorization code.")
auth_code = input("Enter the authorization code here: ").strip()
try:
oauth_result = auth_flow.finish(auth_code)
except Exception as e:
print('Error: %s' % (e,))
exit(1)
with dropbox.Dropbox(oauth2_refresh_token=oauth_result.refresh_token, app_key=APP_KEY) as dbx:
dbx.users_get_current_account()
print("Successfully set up client!")
Now, all you need to do is this:
# View the details of the oauth result
print(f'Access Token = {oauth_result.access_token}')
print(f'Account ID = {oauth_result.account_id}')
print(f'Refresh Token = {oauth_result.refresh_token}')
print(f'Expiration = {oauth_result.expiration}')
print(f'Scope = {oauth_result.scope}')
# Store this to use over and over whenever an access token expires
save_somewhere(oauth_result.refresh_token)
The SDK will automatically request new access tokens as long as you supply the refresh token. Other scripts can use the refresh token as well, e.g.:
import dropbox
APP_KEY = '<your app key>'
refresh_token = get_refresh_token_from_wherever_you_put_it()
with dropbox.Dropbox(oauth2_refresh_token=oauth_result.refresh_token, app_key=APP_KEY) as dbx:
dbx.users_get_current_account()
print("Successfully set up client!")
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
