You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
helloBichya
2 years agoExplorer | Level 4
refresh token is malformed
I am trying to generate new access token using app_key, app_secret and refresh_token obtained using the following url.
https://www.dropbox.com/oauth2/authorize?client_id=<APP_KEY>&token_access_type=offline&response_type=code
but the response returned is
data: {
error: 'invalid_grant',
error_description: 'refresh token is malformed'
}
My App Specifications -
Permission Type -Scoped App (App Folder)
Code -
const axios = require('axios');
const clientId = 'xx';
const clientSecret = 'xx';
const refreshToken = 'xx';
axios({
method: 'post',
url: 'https://api.dropbox.com/oauth2/token',
params: {
grant_type: 'refresh_token',
refresh_token: refreshToken,
client_id: clientId,
client_secret: clientSecret
}
})
.then(response => {
const accessToken = response.data.access_token;
console.log(`Access token: ${accessToken}`);
// Use the access token to make API requests
})
.catch(error => {
console.error(error);
});
Thanks for following up and sharing your code. I'm glad to hear you got this sorted out.
To confirm, the refresh token is not the value returned by www.dropbox.com/oauth2/authorize... itself. Using www.dropbox.com/oauth2/authorize with 'response_type=code' gives an 'authorization code' (sometimes also called 'access code').
The refreshToken value should be the 'refresh_token' returned by /oauth2/token when you called /oauth2/token with 'grant_type=authorization_code'. That's different from the 'access token' as well as the 'authorization code'; the three are not interchangeable.
For anyone looking for more information, refer to the following resources for information on how to use the app authorization flow:
- ЗдравкоLegendary | Level 20
Hi helloBichya,
Ok, but how/where did you get your refresh token from? 🧐 You haven't shown that in your post. 🤔.
... or maybe you're trying use the code as a refresh token? 😁 They are different things. 😉 Take a look once again in documentation.
Hope this helps.
- helloBichyaExplorer | Level 4
Yes, you are right. I am dumb. Thank you for the help @Здравко . I treated the authorization code as refresh token.
My story -I want to post images to dropbox from netlify functions. I used short lived access tokens , since they expire i wanted refresh token to get a new short lived access token.
Solution for someone like me- (If your use case is similar to mine)
Step 1 - Generate authorization code for your app through the following url by replacing <APP_KEY> with your app key.
https://www.dropbox.com/oauth2/authorize?client_id=<APP_KEY>&token_access_type=offline&response_type=code
Step 2 - After replacing visit the url and grant authorization. An authorization code will get generated (43 characters approx). copy that.
Step 3 - Now we have to pass authorization code, app_key , app_secret to curl request to generate refresh token. I am using postman.
Flow - Open Postman -> Import -> Raw text -> paste curl request and replace <APP_KEY>, <APP_SECRET>, <ACCESS_CODE> (i.e authorization code) -> Continue -> Send Request.
curl --location --request POST 'https://api.dropboxapi.com/oauth2/token' \ -u '<APP_KEY>:<APP_SECRET>' -H 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'code=<ACCESS_CODE>' \ --data-urlencode 'grant_type=authorization_code'
Done - You have obtained json which contains refresh_token.
________________________________________________________________________________
Now if you want to get new access token , you can use below code. or use dropbox sdk.
Code -
const axios = require('axios'); const clientId = 'xx'; const clientSecret = 'xx'; const refreshToken = 'xx'; axios({ method: 'post', url: 'https://api.dropbox.com/oauth2/token', params: { grant_type: 'refresh_token', refresh_token: refreshToken, client_id: clientId, client_secret: clientSecret } }) .then(response => { const accessToken = response.data.access_token; console.log(`Access token: ${accessToken}`); // Use the access token to make API requests }) .catch(error => { console.error(error); });
- Greg-DBDropbox Staff
Thanks for following up and sharing your code. I'm glad to hear you got this sorted out.
To confirm, the refresh token is not the value returned by www.dropbox.com/oauth2/authorize... itself. Using www.dropbox.com/oauth2/authorize with 'response_type=code' gives an 'authorization code' (sometimes also called 'access code').
The refreshToken value should be the 'refresh_token' returned by /oauth2/token when you called /oauth2/token with 'grant_type=authorization_code'. That's different from the 'access token' as well as the 'authorization code'; the three are not interchangeable.
For anyone looking for more information, refer to the following resources for information on how to use the app authorization flow:
About Discuss Dropbox Developer & API
Make connections with other developers
795 PostsLatest Activity: 24 hours agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!