We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
.NET SDK error occurs during refreshing of token
Hey, I'm developing a web app that should upload files to Dropbox in the final step. All application users use the same Dropbox account, so all the files go to the same Dropbox. I implemented it according to this documentation. When the time comes to upload files, I retrieve the Authorize Uri, send this Uri to the frontend, and then send the returned Dropbox Uri to the backend in order to get an access token and a refresh token. After that, I have the access token and the refresh token stored in local storage, everything goes well until some time passes (3 days in my case passed). When a few days pass and I try to upload files again with the same access token and refresh token I receive the next error:
{"message":"Response status code does not indicate success: 400 (Bad Request).","details":"at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()\r\n at Dropbox.Api.DropboxRequestHandler.RefreshAccessToken(String[] scopeList)\r\n at Dropbox.Api.DropboxRequestHandler.CheckAndRefreshAccessToken()\r\n at Dropbox.Api.DropboxRequestHandler.RequestJsonStringWithRetry(String host, String routeName, String auth, RouteStyle routeStyle, String requestArg, Stream body)\r\n at Dropbox.Api.DropboxRequestHandler.Dropbox.Api.Stone.ITransport.SendRpcRequestAsync[TRequest,TResponse,TError](TRequest request, String host, String route, String auth, IEncoder\u00601 requestEncoder, IDecoder\u00601 responseDecoder, IDecoder\u00601 errorDecoder)\r\n at MY_APP_PATH","type":"HttpRequestException"}
Before uploading files I check if the tokens are from the correct user, and it fails there:
public async Task<bool> IsCorrectUser(string accessToken, string refreshToken)
{
using DropboxClient dropboxClient = new(
accessToken,
refreshToken,
_options.AppKey,
_options.AppSecret,
new DropboxClientConfig("somestring"));
FullAccount account = await dropboxClient.Users.GetCurrentAccountAsync();
return account.Email == _options.AdminEmail;
}From the code above, you can see that I create a client before checking the user and I also create a new client before uploading files.
So my question is, why access token can't be refreshed? Can this issue occur because multiple users use the same Dropbox account, and if so, how can I overcome this issue, because I need to upload my files to the same Dropbox into the same folder?
There are a number of scenarios that can cause the refresh to fail like this, such as:
- missing/incorrect/malformed refresh token
- revoked refresh token (e.g., when the user unlinks the app via https://www.dropbox.com/account/connected_apps , etc.)
- missing/incorrect/malformed app key
- incorrect/malformed app secret
- missing app secret (if the refresh token was retrieved using the non-PKCE flow)
Check and make sure you're supplying the correct values when building the DropboxClient. If you're supplying any incorrect value(s), update your app to supply the correct value(s). If the refresh token has been revoked, you'll need to have the user re-authorize the app to access the account to receive a new valid refresh token.
The response body on that 400 error response may contain a more specific error message, though the .NET SDK unfortunately does not currently expose that. There's an open request to update it to do so. You can perform the call manually to check for an error message in the response body however, e.g., using curl like this:
curl https://api.dropboxapi.com/oauth2/token \ -d refresh_token=REFRESHTOKENHERE \ -d grant_type=refresh_token \ -d client_id=APPKEYHERE \ -d client_secret=APPSECRETHERE
- Greg-DB
Dropbox Staff
There are a number of scenarios that can cause the refresh to fail like this, such as:
- missing/incorrect/malformed refresh token
- revoked refresh token (e.g., when the user unlinks the app via https://www.dropbox.com/account/connected_apps , etc.)
- missing/incorrect/malformed app key
- incorrect/malformed app secret
- missing app secret (if the refresh token was retrieved using the non-PKCE flow)
Check and make sure you're supplying the correct values when building the DropboxClient. If you're supplying any incorrect value(s), update your app to supply the correct value(s). If the refresh token has been revoked, you'll need to have the user re-authorize the app to access the account to receive a new valid refresh token.
The response body on that 400 error response may contain a more specific error message, though the .NET SDK unfortunately does not currently expose that. There's an open request to update it to do so. You can perform the call manually to check for an error message in the response body however, e.g., using curl like this:
curl https://api.dropboxapi.com/oauth2/token \ -d refresh_token=REFRESHTOKENHERE \ -d grant_type=refresh_token \ -d client_id=APPKEYHERE \ -d client_secret=APPSECRETHEREThank you for your answer so much! When I run the curl command I saw that my refresh token was incorrect. It was incorrect because I switched the application, I changed the app key and app secret, but used the old refresh token 🙂 Do you have any plans to add custom exceptions and messages in .NET SDK?
- Greg-DB
Thanks for following up. I'm glad to hear that helped.
Yes, this is open with the team to update the exception to surface the message in the .NET SDK, but I can't promise a timeline on that being done.
About Discuss Dropbox Developer & API
Make connections with other developers
