cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to know more about how you can find anything and protect everything? Check it out here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Refresh token generates an invalid access token?

Labels:

Refresh token generates an invalid access token?

dcam
Explorer | Level 4
‎07-13-2023 01:56 PM
Go to solution

Guys,

 

I have obtained a refresh token without problem. I put that in the code to generate an access token, then use the access token to gain access to my files and folders. However, when using the access token, I got the return complaining the it is invalid! That indicates an invalid access token is generated by using the refresh token! My question is: Can the fresh token become invalid during its usage? Can it be used multiple times?

 

Thanks!

Labels:
  • 0 Likes
  • 4 Replies
  • 3,846 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
‎07-20-2023 10:46 AM
Go to solution

First, by "MY ACCESS ID" and "MY_ID" I expect you mean your app key, and by "MY_PASSWORD" you mean your app secret, as this wouldn't work otherwise.

 

Anyway, I just tried this out with an app with the app folder access type, and it did not create a duplicate app folder.

 

Did you previously create, connect, and then delete an app registration, and then create another app with the same name and connect that new app? When you first connect an app with the app folder access type, Dropbox will create a new app folder for that app; it won't re-use any existing folders or app folders (e.g., for other apps) even if they happen to have the same name. If there is another folder with the same name, Dropbox will add "(1)", etc., to find a name that isn't already used when creating the new app folder.

View solution in original post

4 Replies 4

Greg-DB
Dropbox Staff
‎07-13-2023 02:32 PM
Go to solution

While refresh tokens can be used repeatedly and don't expire automatically, they can become invalid at any time for a number of reasons (for example, if the user or app revokes it using the https://www.dropbox.com/account/connected_apps web page or the /2/auth/token/revoke API endpoint). If/when a refresh token is revoked, all of the access tokens for that refresh token are revoked as well.

 

If something isn't working properly on the API, we'll be happy to look into it, but we'd need some more information. In that case, please reply with:

  • the name and version number of the platform and SDK/library you are using, if any
  • the steps to reproduce the issue, including relevant code snippet(s), but don't include any valid access or refresh token(s)
  • the full text of any error or unexpected output
0 Likes

dcam
Explorer | Level 4
‎07-20-2023 08:59 AM
Go to solution

Ok, I found out the problem. 

Here is what I do to get a fresh token:

 

1) getting an authorization code from my bowser: 

https://www.dropbox.com/oauth2/authorize?client_id=<MY ACCESS ID>&token_access_type=offline&response_type=code

 

2) After getting the authorization code, I put it in to run a curl from browser to obtain my refresh token:

 

curl https://api.dropbox.com/oauth2/token \
-d code=<THE AUTHORIZATION CODE> \
-d grant_type=authorization_code \
-u MY_ID:MY_PASSWORD

 

This will get me a 'refresh_token" and an "access_token". However, when I look at my app folder, an additional folder was created by this call! For example, my app folder is "CallRecords", the new folder "CallRecords (1)" was created by the above curl command without any content in it.  Could you please explain why it was created?

 

Thanks! 

 

 

0 Likes

Greg-DB
Dropbox Staff
‎07-20-2023 10:46 AM
Go to solution

First, by "MY ACCESS ID" and "MY_ID" I expect you mean your app key, and by "MY_PASSWORD" you mean your app secret, as this wouldn't work otherwise.

 

Anyway, I just tried this out with an app with the app folder access type, and it did not create a duplicate app folder.

 

Did you previously create, connect, and then delete an app registration, and then create another app with the same name and connect that new app? When you first connect an app with the app folder access type, Dropbox will create a new app folder for that app; it won't re-use any existing folders or app folders (e.g., for other apps) even if they happen to have the same name. If there is another folder with the same name, Dropbox will add "(1)", etc., to find a name that isn't already used when creating the new app folder.

dcam
Explorer | Level 4
‎07-20-2023 11:28 AM
Go to solution

This is exactly what happened. I create a folder in the app, then deleted it. Later on, I re-created the folder with the same name! Trying this on a new folder, it works.

 

Thanks!

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    dcam Explorer | Level 4
  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?