We're making changes to the Community, so you may have received some notifications - thanks for your patience and welcome back. Learn more here.

Forum Discussion

dcam's avatar
dcam
Explorer | Level 4
2 years ago

Refresh token generates an invalid access token?

Guys,

 

I have obtained a refresh token without problem. I put that in the code to generate an access token, then use the access token to gain access to my files and folders. However, when using the access token, I got the return complaining the it is invalid! That indicates an invalid access token is generated by using the refresh token! My question is: Can the fresh token become invalid during its usage? Can it be used multiple times?

 

Thanks!

  • First, by "MY ACCESS ID" and "MY_ID" I expect you mean your app key, and by "MY_PASSWORD" you mean your app secret, as this wouldn't work otherwise.

     

    Anyway, I just tried this out with an app with the app folder access type, and it did not create a duplicate app folder.

     

    Did you previously create, connect, and then delete an app registration, and then create another app with the same name and connect that new app? When you first connect an app with the app folder access type, Dropbox will create a new app folder for that app; it won't re-use any existing folders or app folders (e.g., for other apps) even if they happen to have the same name. If there is another folder with the same name, Dropbox will add "(1)", etc., to find a name that isn't already used when creating the new app folder.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    While refresh tokens can be used repeatedly and don't expire automatically, they can become invalid at any time for a number of reasons (for example, if the user or app revokes it using the https://www.dropbox.com/account/connected_apps web page or the /2/auth/token/revoke API endpoint). If/when a refresh token is revoked, all of the access tokens for that refresh token are revoked as well.

     

    If something isn't working properly on the API, we'll be happy to look into it, but we'd need some more information. In that case, please reply with:

    • the name and version number of the platform and SDK/library you are using, if any
    • the steps to reproduce the issue, including relevant code snippet(s), but don't include any valid access or refresh token(s)
    • the full text of any error or unexpected output
    • dcam's avatar
      dcam
      Explorer | Level 4

      Ok, I found out the problem. 

      Here is what I do to get a fresh token:

       

      1) getting an authorization code from my bowser: 

      https://www.dropbox.com/oauth2/authorize?client_id=<MY ACCESS ID>&token_access_type=offline&response_type=code

       

      2) After getting the authorization code, I put it in to run a curl from browser to obtain my refresh token:

       

      curl https://api.dropbox.com/oauth2/token \
      -d code=<THE AUTHORIZATION CODE> \
      -d grant_type=authorization_code \
      -u MY_ID:MY_PASSWORD

       

      This will get me a 'refresh_token" and an "access_token". However, when I look at my app folder, an additional folder was created by this call! For example, my app folder is "CallRecords", the new folder "CallRecords (1)" was created by the above curl command without any content in it.  Could you please explain why it was created?

       

      Thanks! 

       

       

      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Staff rankDropbox Staff

        First, by "MY ACCESS ID" and "MY_ID" I expect you mean your app key, and by "MY_PASSWORD" you mean your app secret, as this wouldn't work otherwise.

         

        Anyway, I just tried this out with an app with the app folder access type, and it did not create a duplicate app folder.

         

        Did you previously create, connect, and then delete an app registration, and then create another app with the same name and connect that new app? When you first connect an app with the app folder access type, Dropbox will create a new app folder for that app; it won't re-use any existing folders or app folders (e.g., for other apps) even if they happen to have the same name. If there is another folder with the same name, Dropbox will add "(1)", etc., to find a name that isn't already used when creating the new app folder.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,875 PostsLatest Activity: 2 months ago
325 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!