Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
Now that DB uses "short-lived" tokens, I am having trouble "automating" token refresh within an application.
Using the Java code examples, I can get the DB URL where I manually have to log into the DB site, get the new access code, and, again, manually, copy that back to the application (
.ShortLiveTokenAuthorize().authorize(appInfo);
So, my question is ... is there a way to get the new access token programmatically with NO manual steps? So, when the user goes to "upload" (in my case), it ... ALWAYS works;
Using OAUTH in other apps I can automated refreshing the token, but I haven't seen an example how to do it with DB.
Thanks in advance!
Yes, that's correct. The SDK client knows how to use the credentials (refresh token, app key, and for the non-PKCE case, app secret) to automatically perform the refresh process whenever needed, so that calls continue to work.
It is not possible to fully automate the OAuth process where the user chooses to authorize the app and the app then receives the resulting access token and optional refresh token. This needs to be done manually by the user at least once.
If your app needs to maintain long-term access without the user manually re-authorizing it repeatedly, the app should request "offline" access so that it gets a refresh token. The refresh token doesn't expire and can be stored and used repeatedly to get new short-lived access tokens whenever needed, without the user manually reauthorizing the app.
Here's some example code of processing the authorization flow using the official Dropbox API v2 Java SDK, such as to get a refresh token:
For instance, here's a line where it requests "offline" access in order to get a refresh token:
And here's an example of storing the refresh token:
As long as you supply the necessary credentials, the SDK will then handle the refresh process for you automatically, e.g.:
Thank you!
I used the top Java program you listed to do the manual approach.
If I understood your reply correctly (a show-stopper), I'm disappointed that there's no total programmatic way to get a new token when expired. We can't expect our users to go to the DB website click here and there, get a new access key, and paste it into the client-side application.
Thanks
To clarify, once you have a refresh token, the process to get a new short-lived access token when the previous short-lived access token is expired is entirely programmatic and does not require manual user interaction. In fact, the SDK will do it for you automatically in the background. (You can call DbxClientV2.refreshAccessToken on demand if desired, but it's not necessary.)
So, are you saying that once I've gotten (but not done anything with it) a "refresh token", subsequent calls to DB will just ... work?
If so, that is fine since I can get the refresh token once and the user(s) would never be bothered with any timeouts.
Please clarify if correct.
Thanks!
Yes, that's correct. The SDK client knows how to use the credentials (refresh token, app key, and for the non-PKCE case, app secret) to automatically perform the refresh process whenever needed, so that calls continue to work.
So ...
DbxRequestConfig config = DbxRequestConfig.newBuilder("dropbox-samplel").build();
DbxClientV2 client = new DbxClientV2(config, ACCESS_TOKEN);
client.refreshAccessToken(); // not necessary once you get a "refresh token" the first time.
In this snippet, it looks like you're just passing in an access token string as that ACCESS_TOKEN variable. That constructor is for supplying just an access token. To use a refresh token, you would use the DbxClientV2​(DbxRequestConfig requestConfig, DbxCredential credential) constructor (where the refresh token is in the DbxCredential), like in this example.
OK. If it's automated after the first time, I suppose I don't need to worry about that code and specifically calling it. I've noted all the great replies you've helped me with for future changes. 🙂
Thanks!
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!