You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

ojdev's avatar
ojdev
Explorer | Level 4
2 years ago

Dropbox SDK Integration: Access Token Challenges

Hello everyone,

I'm currently working on developing a server-side application (using TypeScript) that integrates with Dropbox among other functionalities. I've created an application in the app console, granted it the necessary access, and subsequently generated an access token using the app console.

Within my application, I'm utilizing the Dropbox SDK and initializing it as follows:

 

 

this.fileClient = new Dropbox({
  accessToken: process.env.DROPBOX_ACCESS_TOKEN,
  selectUser: process.env.DROPBOX_USER,
});

 

 

Initially, everything works smoothly until the access token expires, leading to an 'expired_access_token' error. I had the impression that the SDK would handle token refreshing automatically. Despite searching extensively, I haven't been able to find a solution.

By the way, the app console provides me with a short-lived token (starting with 'sl.').

  • Would be enough something like:

     

    this.fileClient = new Dropbox({
      refreshToken: process.env.DROPBOX_REFRESH_TOKEN,
      clientId: process.env.DROPBOX_CLIENT_ID,
      clientSecret: process.env.DROPBOX_CLIENT_SECRET,
      selectUser: process.env.DROPBOX_USER,
    });

     

    To avoid meaningless refresh (usually need no more than once for 4 hours) in frequent client object construction, sharing a DropboxAuth object might be useful. Something like:

     

    this.auth = new DropboxAuth({
      refreshToken: process.env.DROPBOX_REFRESH_TOKEN,
      clientId: process.env.DROPBOX_CLIENT_ID,
      clientSecret: process.env.DROPBOX_CLIENT_SECRET,
    });
    
    ...
    
    this.fileClient = new Dropbox({
      auth: this.auth,
      selectUser: process.env.DROPBOX_USER,
    });

     

    Otherwise refresh will be executed on every client construction and if you just perform a single API call, the needed overall time will be doubled - decreased efficiency. To work the last, you need to keep 'auth' object global and shared throughout all your code (or saved with proper mutex protection), so the state won't start always from "zero". Of course this is optional - you decide whether improves your efficiency.

    Good luck.

  • Здравко's avatar
    Здравко
    Legendary | Level 20

    Hi ojdev,

    Yes, the SDK would refresh (regenerate in fact) access token if/when you provide refresh token together with app key and likely needed app secret - something that's missing in your code. Take a look here how you can get it by hands and use in your code later. You don't need the last step there - it's implemented in Dropbox SDK.

    Hope this helps.

    • ojdev's avatar
      ojdev
      Explorer | Level 4

      Thank you for your response!

      Following the mentioned process, I acquired a refresh token.

      I need clarification: will initializing my Dropbox SDK client like this suffice?

      this.fileClient = new Dropbox({
        accessToken: process.env.DROPBOX_ACCESS_TOKEN,
        refreshToken: process.env.DROPBOX_REFRESH_TOKEN,
        selectUser: process.env.DROPBOX_USER,
      });

      Or, do I need to initialize it differently, like this?

      this.fileClient = new Dropbox({
        accessToken: process.env.DROPBOX_ACCESS_TOKEN,
        refreshToken: process.env.DROPBOX_REFRESH_TOKEN,
        clientId: process.env.DROPBOX_CLIENT_ID,
        clientSecret: process.env.DROPBOX_CLIENT_SECRET,
        selectUser: process.env.DROPBOX_USER,
      });

       

      • Здравко's avatar
        Здравко
        Legendary | Level 20

        Would be enough something like:

         

        this.fileClient = new Dropbox({
          refreshToken: process.env.DROPBOX_REFRESH_TOKEN,
          clientId: process.env.DROPBOX_CLIENT_ID,
          clientSecret: process.env.DROPBOX_CLIENT_SECRET,
          selectUser: process.env.DROPBOX_USER,
        });

         

        To avoid meaningless refresh (usually need no more than once for 4 hours) in frequent client object construction, sharing a DropboxAuth object might be useful. Something like:

         

        this.auth = new DropboxAuth({
          refreshToken: process.env.DROPBOX_REFRESH_TOKEN,
          clientId: process.env.DROPBOX_CLIENT_ID,
          clientSecret: process.env.DROPBOX_CLIENT_SECRET,
        });
        
        ...
        
        this.fileClient = new Dropbox({
          auth: this.auth,
          selectUser: process.env.DROPBOX_USER,
        });

         

        Otherwise refresh will be executed on every client construction and if you just perform a single API call, the needed overall time will be doubled - decreased efficiency. To work the last, you need to keep 'auth' object global and shared throughout all your code (or saved with proper mutex protection), so the state won't start always from "zero". Of course this is optional - you decide whether improves your efficiency.

        Good luck.