You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

Julian Li's avatar
Julian Li
Explorer | Level 4
2 years ago

Re: How to get refresh token without User interaction

As a regular automation task, we have a cronjob that uploads files to dropbox as a backup. This cronjob is not a web app and only talks to dropbox directly via API. Thus, in this case, how could we obtain a token without authorisation via the browser? And for this case, I only need to access my own dropbox account.

  • Greg-DB's avatar
    Greg-DB
    2 years ago

    Julian Li Dropbox refresh tokens do not expire, so you can re-use them for long-term access without repeated manual operation.

  • Julian Li's avatar
    Julian Li
    Explorer | Level 4

    It seems that this is no longer true as the access token got from settings page becomes short-lived.

  • Julian Li's avatar
    Julian Li
    Explorer | Level 4

    Could we have another oauth2 flow that don't need user to authorise via browser please. For background job like a cronjob, it is not a web app.

  • Здравко's avatar
    Здравко
    Legendary | Level 20

    Julian Li wrote:

    ... Thus, in this case, how could we obtain a token without authorisation via the browser? ...


    Hi Julian Li,

    It's still impossible if you want long term access. You can get access token without browser, but it would be short-lived token (most probably not what you want).

     


    Julian Li wrote:

    ... And for this case, I only need to access my own dropbox account.


    Doesn't matter what you need long term access (refresh token) for, you need least one interaction through the browser. This interaction doesn't need to be implemented in your cronjob, but can be run anywhere, anyhow. Once you get to the refresh token, you can use it into your cronjob (without any further user interactions). 😉 That's it.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    Julian Li Dropbox is no longer offering the option for creating new long-lived access tokens. Dropbox is switching to only issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here.

    Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example.

    For reference, while the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption, if you have any. Also, note though that after the change you won't be able to create new long-lived access tokens.

    While the change began on September 30th 2021, we released it gradually, so you may not have seen your app(s) affected until more recently. Once it applies to your app, it would apply regardless of the "Access token expiration" setting for your app, and that setting may no longer be available for your app.

    Note that this is something that would need to be implemented by the programmer of the app though, so if you are not the programmer responsible for this integration, you may need to get an update from them to support this.

    • Julian Li's avatar
      Julian Li
      Explorer | Level 4

      2 questions in regard to the refresh token.

      1. Will the refresh token have no expiration?

      2. If the answer to 1 is No. Then will dropbox have any plan to offer another OAuth flow to get the auth code directly via API call? From the current of the Oauth flow documents,  users must manually approve from a web browser for the auth code, but a cronjob doesn't need any manual operation.

       

      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Staff rankDropbox Staff

        Julian Li Dropbox refresh tokens do not expire, so you can re-use them for long-term access without repeated manual operation.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,915 PostsLatest Activity: 18 minutes ago
333 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!