We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here. 

Forum Discussion

lucasj's avatar
lucasj
Explorer | Level 3
2 years ago

Powershell Oauth2 Refresh Token

Hey all!  Thanks in advanced.

 

I am trying to write a powershell script to get an offline refresh token so I can do unattended uploads.

 

The problem is that I have to authenticate for an authorization code manually each time it is ran.  How do I make it unattended?  Here is the code:

$client_id = "CLIENTID"
$client_secret = "CLIENTSECRET"

# Set up the OAuth2 authorization URL
#$scope = "offline"
#$auth_url = "{0}?response_type=code&client_id={1}&scope={2}" -f $auth_url, $client_id, $scope

# Open the authorization URL in the default web browser and prompt the user to sign in and authorize your app
Start-Process $auth_url
Write-Host "Please sign in and authorize your app in the browser window that just opened."

# Prompt the user to enter the authorization code provided by Dropbox after they have authorized your app
$authorization_code = Read-Host "Enter the authorization code provided by Dropbox"
# Set up the access token request parameters
$body = @{
    code = $authorization_code
    grant_type = "authorization_code"
    client_id = $client_id
    redirect_uri = $redirectUri
    client_secret = $client_secret
}

# Send the access token request and parse the response for the access token and refresh token
$response = Invoke-RestMethod -Method Post -Uri $token_url -Body $body
$access_token = $response.access_token
$refresh_token = $response.refresh_token

# Use the access token to make API calls to Dropbox
# For example, you can list the contents of the root folder like this:
$headers = @{
    "Authorization" = "Bearer $access_token"
}
$list_body = @{
    path = ""
    recursive = $false
}
$list_response = Invoke-RestMethod -Method Post -Uri $list_url -Headers $headers -Body ($list_body | ConvertTo-Json)
$list_response.entries | Select-Object name, path_display

# Output the access token and refresh token to the console
Write-Host "Your access token is: $access_token"
Write-Host "Your refresh token is: $refresh_token"
  • I'm not sure what you mean when you say you are "not getting any type of response from the curl command". For reference, if you need to debug something with curl, you can use the "-v" flag to enable verbose mode.

     

    In any case, I haven't tested your new code, but the parameters look right. I also don't see where you retrieve the access token from the new /oauth2/token call, but assuming you do either manually or in code not shown, it seems right. Does it work for you when you run it?

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    It is not possible to fully automate the OAuth process where the user chooses to authorize the app and the app then receives the resulting access token and optional refresh token. This needs to be done manually by the user at least once.

     

    If your app needs to maintain long-term access without the user manually re-authorizing it repeatedly, the app should request "offline" access so that it gets a refresh token. The refresh token doesn't expire and can be stored and used repeatedly to get new short-lived access tokens whenever needed, without the user manually reauthorizing the app.

    You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post  which may serve as a useful example of how to use a refresh token to maintain long-term unattended access.

    • lucasj's avatar
      lucasj
      Explorer | Level 3

      Thanks for the reply Greg -

       

      The script above does request offline access.  If you see line 10, the authentication url has "token_access_type=offline". 

       

      I get the refresh token once, and I plug it in, but it doesn't last more than a couple of hours before it expires.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    I see you are requesting the refresh token, but you don't seem to actually be using it anywhere in the code you shared.

     

    Whenever you need a new short-lived access token, you should call /oauth2/token with grant_type=refresh_token, as shown in step 5 of the offline example in this post.

    • lucasj's avatar
      lucasj
      Explorer | Level 3

      So I used this code to upload files.  I tried using the refresh token and it doesn't work...

       

      $refresh_token = "hssEaww....REFRESHTOKENWENTHERE"
      $headers = @{
          Authorization  = "Bearer $refresh_token"
          "Content-Type" = "application/octet-stream"
      }

      # Read the file as a byte array and upload it to Dropbox
      $file_bytes = [System.IO.File]::ReadAllBytes($file_path)

      $outputFile = Split-Path "C:\FILEHERE.TXT" -leaf
      $TargetFilePath = "/$outputFile"
      $arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
      $authorization = "Bearer " + $refresh_token
      $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
      $headers.Add("Authorization", $authorization)
      $headers.Add("Dropbox-API-Arg", $arg)
      $headers.Add("Content-Type", 'application/octet-stream')
      $response = Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Staff rankDropbox Staff

        Access tokens and refresh tokens are different objects and are not interchangeable, so you can't use a refresh token as an access token like that. Instead, whenever you need a new short-lived access token you should call /oauth2/token with grant_type=refresh_token and refresh_token set to the refresh token, like in step 5 of this example. That call will return a new short-lived access token which you can then use to make further API calls, such as /2/files/upload.

About Discuss Dropbox Developer & API

Node avatar for Discuss Dropbox Developer & API

Make connections with other developers

795 PostsLatest Activity: 4 days ago
192 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!