cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to know what we learned at IBC? Check out our learnings on media, remote working and more right here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: How to automate getting a new token using Java?

Labels:

How to automate getting a new token using Java?

morkus
Helpful | Level 5
‎03-18-2022 09:48 AM
Go to solution

Now that DB uses "short-lived" tokens, I am having trouble "automating" token refresh within an application.

 

Using the Java code examples, I can get the DB URL where I manually have to log into the DB site, get the new access code, and, again, manually, copy that back to the application (

.ShortLiveTokenAuthorize().authorize(appInfo);

So, my question is ... is there a way to get the new access token programmatically with NO manual steps? So, when the user goes to "upload" (in my case), it ... ALWAYS works;

 

Using OAUTH in other apps I can automated refreshing the token, but I haven't seen an example how to do it with DB.

 

Thanks in advance!

Labels:
  • 0 Likes
  • 9 Replies
  • 3,797 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
‎03-18-2022 11:44 AM
Go to solution

Yes, that's correct. The SDK client knows how to use the credentials (refresh token, app key, and for the non-PKCE case, app secret) to automatically perform the refresh process whenever needed, so that calls continue to work.

View solution in original post

9 Replies 9

Greg-DB
Dropbox Staff
‎03-18-2022 10:48 AM
Go to solution

It is not possible to fully automate the OAuth process where the user chooses to authorize the app and the app then receives the resulting access token and optional refresh token. This needs to be done manually by the user at least once.

 

If your app needs to maintain long-term access without the user manually re-authorizing it repeatedly, the app should request "offline" access so that it gets a refresh token. The refresh token doesn't expire and can be stored and used repeatedly to get new short-lived access tokens whenever needed, without the user manually reauthorizing the app.

 

Here's some example code of processing the authorization flow using the official Dropbox API v2 Java SDK, such as to get a refresh token:


https://github.com/dropbox/dropbox-sdk-java/tree/master/examples/authorize/src/main/java/com/dropbox...

 

For instance, here's a line where it requests "offline" access in order to get a refresh token:

 

https://github.com/dropbox/dropbox-sdk-java/blob/master/examples/authorize/src/main/java/com/dropbox...

 

And here's an example of storing the refresh token:

 

https://github.com/dropbox/dropbox-sdk-java/blob/master/examples/authorize/src/main/java/com/dropbox...

 

As long as you supply the necessary credentials, the SDK will then handle the refresh process for you automatically, e.g.:

 

https://github.com/dropbox/dropbox-sdk-java/blob/e52fc828c7c753e04c3fa9d47ab6de7e85d000c4/examples/a...

0 Likes

morkus
Helpful | Level 5
‎03-18-2022 11:14 AM
Go to solution

Thank you!

0 Likes

morkus
Helpful | Level 5
‎03-18-2022 11:28 AM
Go to solution

I used the top Java program you listed to do the manual approach.

 

If I understood your reply correctly (a show-stopper), I'm disappointed that there's no total programmatic way to get a new token when expired. We can't expect our users to go to the DB website click here and there, get a new access key, and paste it into the client-side application.

 

Thanks

0 Likes

Greg-DB
Dropbox Staff
‎03-18-2022 11:35 AM
Go to solution

To clarify, once you have a refresh token, the process to get a new short-lived access token when the previous short-lived access token is expired is entirely programmatic and does not require manual user interaction. In fact, the SDK will do it for you automatically in the background. (You can call DbxClientV2.refreshAccessToken on demand if desired, but it's not necessary.)

morkus
Helpful | Level 5
‎03-18-2022 11:38 AM
Go to solution

So, are you saying that once I've gotten (but not done anything with it) a "refresh token", subsequent calls to DB will just ... work?

 

If so, that is fine since I can get the refresh token once and the user(s) would never be bothered with any timeouts.

 

Please clarify if correct.

 

Thanks!

0 Likes

Greg-DB
Dropbox Staff
‎03-18-2022 11:44 AM
Go to solution

Yes, that's correct. The SDK client knows how to use the credentials (refresh token, app key, and for the non-PKCE case, app secret) to automatically perform the refresh process whenever needed, so that calls continue to work.

morkus
Helpful | Level 5
‎03-18-2022 11:47 AM
Go to solution

So ...

 

 DbxRequestConfig config = DbxRequestConfig.newBuilder("dropbox-samplel").build();
  DbxClientV2 client = new DbxClientV2(config, ACCESS_TOKEN);
  client.refreshAccessToken();  // not necessary once you get a "refresh token" the first time.

 

0 Likes

Greg-DB
Dropbox Staff
‎03-18-2022 11:52 AM
Go to solution

In this snippet, it looks like you're just passing in an access token string as that ACCESS_TOKEN variable. That constructor is for supplying just an access token. To use a refresh token, you would use the DbxClientV2​(DbxRequestConfig requestConfig, DbxCredential credential) constructor (where the refresh token is in the DbxCredential), like in this example.

0 Likes

morkus
Helpful | Level 5
‎03-18-2022 11:57 AM
Go to solution

OK. If it's automated after the first time, I suppose I don't need to worry about that code and specifically calling it. I've noted all the great replies you've helped me with for future changes. 🙂

 

Thanks!

0 Likes
Need more support?