cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
If you’ve changed your email address, now's the perfect time to update it on your Dropbox account and we’re here to help! Learn more here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

After token refresh contents still need authorization to download

Labels:

After token refresh contents still need authorization to download

lalith-mcw
Explorer | Level 3
‎08-03-2023 01:24 AM
Go to solution
import dropbox
box = dropbox.Dropbox(oauth2_refresh_token=<Refresh_Token>, app_key=<app_key>, app_secret=<app_secret>)
 
With logging info able to see the following message:
``` 
INFO : Refreshing access token.
```
 
Later while trying to fetch the metadata using the following command:
```box.files_get_metadata(<File_name>)```
 
Error: AuthError(<ID>, AuthError('invalid_access_token', None))
 
Also with new object creation tried passing the oauth2_token as well still failed fetching metadata. Read/Write permissions are enabled 
Labels:
  • 0 Likes
  • 8 Replies
  • 1,393 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Здравко
Legendary | Level 20
‎08-07-2023 05:44 AM
Go to solution

Hi again @lalith-mcw,

I just tried it out and it's working for me. Are you certainly passed the refresh token to and not something else? 🧐 Also to work correctly, the app key must match to the refresh token (for PKCE app secret is optional, but when given must be correct and matching too).

You can check if your params are correct using following command line:

curl https://api.dropbox.com/oauth2/token -d grant_type=refresh_token -d refresh_token=<YOUR_REFRESH_TOKEN_HERE> -d client_id=<YOUR_APP_KEY_HERE>

Replace  <YOUR_REFRESH_TOKEN_HERE> to the content of refresh_token var and <YOUR_APP_KEY_HERE> to the content of key var from your code. If everything is correct you will get back something like:

{"access_token":"sl.AbX9y6...","expires_in":14400,"token_type":"bearer"}

Otherwise, you will get appropriate error message and should fix whatever needed.

Good luck.

 

Add: You can get as working example one my earlier post here.

View solution in original post

0 Likes
8 Replies 8

Здравко
Legendary | Level 20
‎08-03-2023 06:19 AM
Go to solution

Hi @lalith-mcw,

Haha.. 😀 You just found out a imperfection in Dropbox Python SDK. It doesn't make distinct between access token and refresh token. As seems your refresh token is invalid for some reason, but according to the message, you received, the access token became guilty (token that doesn't exist yet). 😁 Just imperfection in error formatting.

Anyway, check your refresh token validity. 😉

Hope this gives direction.

0 Likes

DB-Des
Dropbox Engineer
‎08-04-2023 12:07 PM
Go to solution

Hi!

 

We'd recommend confirming the following:

  • Make sure the refresh token value being passed to oauth2_refresh_token corresponds to the app key and secret being used
  • Make sure that the value being passed to oauth2_refresh_token is a refresh_token and not an access_token

 

Those are typically the reasons why invalid_access_token error would be thrown for a refresh token.

0 Likes

Здравко
Legendary | Level 20
‎08-04-2023 12:26 PM
Go to solution
@DB-Des wrote:

...

Those are typically the reasons why invalid_access_token error would be thrown for a refresh token.

@DB-Des, Is the API that returns the 'invalid_access-token' error in such cases? 🧐 Isn't better making error text to match what actually happens? Why when error code is 400 and match to 'invalid_grant', the SDK always assumes invalid access token, while there are different cases possible?

I would suggest the actual error message to be passed in SDK instead of fixed text as by now done here. 😉

0 Likes

lalith-mcw
Explorer | Level 3
‎08-07-2023 03:40 AM
Go to solution

@DB-Des With the below script, Generated the Refresh token and pasted it to update the access token. After using oauth_result.access_token only once it is able to download the contents. Rather its is like an repetitive process. Is the authorized token said to long live or with the given generated `Refresh Token` lasts until revoked (Will it generate new Access tokens everytime after token expiration using the same refresh token) ?

 

https://github.com/dropbox/dropbox-sdk-python/blob/main/example/oauth/commandline-oauth.py

0 Likes

Здравко
Legendary | Level 20
‎08-07-2023 03:54 AM
Go to solution

@lalith-mcw, the script you linked to doesn't generate refresh token! Only access token comes there out. As you know, it's short lived.

Use any of the other 2 scripts in the same folder to get refresh token. When you have correct refresh token (not just access token passed as refresh one - so would become invalid) passing it will make your code work until revoked explicitly (i.e. it's long lived). 😉

0 Likes

lalith-mcw
Explorer | Level 3
‎08-07-2023 04:22 AM
Go to solution

@Здравко Tried with oauth_pkce script

 

lalithmcw_0-1691407077422.png

 

Now used the same refresh code with the below snippet:

 

with dropbox.Dropbox(oauth2_refresh_token=refresh_token, app_key=key, app_secret=secret) as dbx:
    dbx.users_get_current_account()
    print("Successfully set up client!")
 
Received the following error:
lalithmcw_1-1691407280551.png

 

0 Likes

Здравко
Legendary | Level 20
‎08-07-2023 05:44 AM
Go to solution

Hi again @lalith-mcw,

I just tried it out and it's working for me. Are you certainly passed the refresh token to and not something else? 🧐 Also to work correctly, the app key must match to the refresh token (for PKCE app secret is optional, but when given must be correct and matching too).

You can check if your params are correct using following command line:

curl https://api.dropbox.com/oauth2/token -d grant_type=refresh_token -d refresh_token=<YOUR_REFRESH_TOKEN_HERE> -d client_id=<YOUR_APP_KEY_HERE>

Replace  <YOUR_REFRESH_TOKEN_HERE> to the content of refresh_token var and <YOUR_APP_KEY_HERE> to the content of key var from your code. If everything is correct you will get back something like:

{"access_token":"sl.AbX9y6...","expires_in":14400,"token_type":"bearer"}

Otherwise, you will get appropriate error message and should fix whatever needed.

Good luck.

 

Add: You can get as working example one my earlier post here.

0 Likes

lalith-mcw
Explorer | Level 3
‎08-07-2023 10:18 AM
Go to solution

Thanks that did worked, this is where the whole confusion was. I was thinking the code generated here is `Refresh Token`. But realized this is just `Authorization Code` and checkouted out the solution here as well. Which had clear steps which mentions there are 3 types of tokens `Authorization Code`, `Refresh Token` & `Access Token` (Oauth Token) 

lalithmcw_0-1691428286613.png

Its better the body here is modified to `Authorization Code Generated` instead `Access Code Generated` just confused here.

 

Used the command here

curl https://api.dropbox.com/oauth2/token \
    -d code=AUTHORIZATIONCODEHERE \
    -d grant_type=authorization_code \
    -u APPKEYHERE:APPSECRETHERE​

 
And from the JSON generated above copied the `Refresh Token` and used it as a python request post() method to fetch the `json().access_token`

curl https://api.dropbox.com/oauth2/token \
   -d refresh_token=REFRESHTOKENHERE \
   -d grant_type=refresh_token \
   -d client_id=APPKEYHERE \
   -d client_secret=APPSECRETHERE

 

And finally it works with dropbox.Dropbox(<access_token>) thanks @Здравко @DB-Des @Greg-DB for the help

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    lalith-mcw Explorer | Level 3
  • User avatar
    Здравко Legendary | Level 20
What do Dropbox user levels mean?