Start 2025 on time and up to date. Seamlessly integrate your calendars into Dropbox with these simple steps.
Forum Discussion
lalomores
3 years agoHelpful | Level 5
"App Authentication" for App (without tokens). Yet another migration from long lived tokens question
Hi there! I see there have been a lot of questions in the forum on this topic, so I'll just cut to the chase.
My app is made in Meteor (NodeJS) and React. Clients of my app do not need to handle fi...
- 3 years ago
lalomores Just like with long-lived access tokens, the user needs to manually authorize the app once to get the refresh token, which can then be stored and re-used without further manual user interaction. In that example, you can see where the SDK returns the refresh token, which is then set on the client, on this line: https://github.com/dropbox/dropbox-sdk-js/blob/main/examples/javascript/simple-backend/code_flow_example.js#L38 . You can store and programmatically re-use that 'token.result.refresh_token' value similar to how you would store and programmatically re-use a long-lived access token.
The refresh token is used to programmatically retrieve new short-lived access tokens whenever needed, without the user necessarily present. Those new short-lived access tokens that get retrieved automatically are what are used to then make actual API calls, such as filesListFolder (or usersGetCurrentAccount, as in the example).
Anyway, while Dropbox and the Dropbox API aren't really designed to be used as a CDN, we do recommend using the official SDK(s) whenever possible for accessing the Dropbox API. And using the app folder access type whenever that works for the use case is also a best practice.
Greg-DB
Dropbox Staff
lalomores Just like with long-lived access tokens, the user needs to manually authorize the app once to get the refresh token, which can then be stored and re-used without further manual user interaction. In that example, you can see where the SDK returns the refresh token, which is then set on the client, on this line: https://github.com/dropbox/dropbox-sdk-js/blob/main/examples/javascript/simple-backend/code_flow_example.js#L38 . You can store and programmatically re-use that 'token.result.refresh_token' value similar to how you would store and programmatically re-use a long-lived access token.
The refresh token is used to programmatically retrieve new short-lived access tokens whenever needed, without the user necessarily present. Those new short-lived access tokens that get retrieved automatically are what are used to then make actual API calls, such as filesListFolder (or usersGetCurrentAccount, as in the example).
Anyway, while Dropbox and the Dropbox API aren't really designed to be used as a CDN, we do recommend using the official SDK(s) whenever possible for accessing the Dropbox API. And using the app folder access type whenever that works for the use case is also a best practice.
maxcastrovidal
3 years agoExplorer | Level 3
Hello,
It seems that it is not true that the RefreshToken have permanent duration.
I got a Refresh Token by calling from my browser the url https://www.dropbox.com/oauth2/authorize?client_id=xxxxxxx&response_type=code
Then i used postman to get a short-lived access token using a POST call to the url https://api.dropboxapi.com/oauth2/token using the requered paramethers (Refresh token included)
After the short-lived access token finishes his useful life (4 hours) i ran again the same Postman Call (with the same parameters) to get a new short-lived access token, but now the response is
{
"error": "invalid_grant",
"error_description": "code doesn't exist or has expired"
}
Can you helpme please to solve tis issue?... i spent many hour trying to automate mi process but still i can't.
- Здравко3 years agoLegendary | Level 20
Hi maxcastrovidal,
Don't have any doubts - refresh token doesn't expire by itself.
maxcastrovidal wrote:...
After the short-lived access token finishes his useful life (4 hours) i ran again the same Postman Call (with the same parameters) to get a new short-lived access token, but now the response is
{"error": "invalid_grant","error_description": "code doesn't exist or has expired"}...👍Yes you are on the right track, you need to refresh (to create anew) your short-lived access token from the refresh token you already have. But... 🤔 Why are you using already expired code used formerly to get to the refresh token???! Once again, you already have this refresh token! Even more, code used to get this token is "single shoot" (i.e. once used, you can't use it any more and don't need actually).
Don't try to "refresh" refresh token itself, if you are trying this! You need to refresh the access token! Access token refreshing doesn't need "code", but a refresh token instead. 😉 Check what granting type you have selected (may be a copy/paste error - grant types for refresh token and access token are different).
Hope this helps.
By the way, using:
maxcastrovidal wrote:...
I got a Refresh Token by calling from my browser the url https://www.dropbox.com/oauth2/authorize?client_id=xxxxxxx&response_type=code
...... you will never get any refresh token!!! You have to specify explicitly offline access! Something like:
https://www.dropbox.com/oauth2/authorize?token_access_type=offline&response_type=code&client_id=<App key>
In your situation whatever you are counting as a refresh token, it's not! 🤷
- Greg-DB3 years agoDropbox Staff
maxcastrovidal Здравко is correct; in short, it sounds like you're attempting to use the "authorization code" more than once. The authorization code can only be used once. Once you get the refresh token, you should store and re-use that, not the authorization code, to get new short-lived access tokens whenever needed, via /oauth2/token with grant_type=refresh_token.
- maxcastrovidal3 years agoExplorer | Level 3
Thanks Здравко and Greg-DB for you comments... Basically I had to add the token_access_type=offline parameter to the oauth2.authorize end point and set correct values in the first/followins calls to the oauth2.token endpoint.
Still I think that's a cumbersome process, but at least i was able to do my job.
Thanks a lot again
About Discuss Dropbox Developer & API
Make connections with other developers799 PostsLatest Activity: 4 days ago
If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!