cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
We've been busy working on some major updates to the Community, so check out what's changing, what’s staying the same and what you can expect from the Dropbox Community right here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unable to get long lived access tokens.

Unable to get long lived access tokens.

OperationsDreaming
New member | Level 2
Go to solution

Hello there!

 

I'm trying to get an access token that doesn't expire. A long-lived access token. For now, when I generated an access token from the App Console, the session will expire after x hours and won't give me a refresh token either.

I've checked the authentication documentation: 

 

https://developers.dropbox.com/oauth-guide#implementing-oauth

 

But I can't find the Access Token Expiration like the documentation shows:

 

dropbox generate.png

 

 

Mine is displayed like this: 

 

Screen Shot 2022-03-22 at 11.08.10 AM.png


As you can see, the option for the Expiration is missing. 


So I kept looking and came across a similar question on the forums and I followed every step: 

https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Tokens-only-valid-for-4-hours-from-app-...

 

Still can't get a long-lived access token.

 

Here's a test code: 

 

 

 

access_token = "sl-ABC" # I want a long lived one.
app_key = "xyz"
dbxTeam: dropbox = dropbox.DropboxTeam(oauth2_access_token=access_token, app_key=app_key)
print('Dbx Team is: ', dbxTeam.as_user('dbmid:MY_USER_ID').users_get_current_account())

 

 

 

output:

 

 

 

{
'_oauth2_access_token':'sl....',
'_oauth2_refresh_token': None,
'_oauth2_access_token_expiration': None,
'_app_key': 'xyz',
'_app_secret': None,
'_scope': None,
'_max_retries_on_error': 4,
'_max_retries_on_rate_limit': None,

'_session': <requests.sessions.Session object at 0x1083b1730>,
'_headers': None,
'_raw_user_agent': None,
'_user_agent': 'OfficialDropboxPythonSDKv2/11.28.0',
'_logger': <Logger dropbox (WARNING)>,
'_host_map': {'api': 'api.dropboxapi.com',
'content': 'content.dropboxapi.com',
'notify': 'notify.dropboxapi.com'},
'_timeout': 100}

 

 


Any ideas on how to get a token that won't expire?

 

1 Accepted Solution

Accepted Solutions

Здравко
Legendary | Level 20
Go to solution

Hi @OperationsDreaming,

Take a look on https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/Need-Permanant-Access-token-for-drop-b... 😉

In short - there is no more long lived access token and you should add refresh token in your code.

Hope this helps.

View solution in original post

15 Replies 15

Здравко
Legendary | Level 20
Go to solution

Hi @OperationsDreaming,

Take a look on https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/Need-Permanant-Access-token-for-drop-b... 😉

In short - there is no more long lived access token and you should add refresh token in your code.

Hope this helps.

Greg-DB
Dropbox Staff
Go to solution

OperationsDreaming
New member | Level 2
Go to solution

Thank you @Здравко and @Greg-DB

 

 

This works! 

marksmithhfx
Explorer | Level 4
Go to solution

I have been using the long lived access token you can request when you setup your app, and have that embedded in my app. I use it to send a "synchronizing" file to DB whenever I make changes. I don't need to re-authenticate. My question is, if I know allow users to do the same thing, they will need to authenticate and I will get a short lived AT and a refresh AT. How much additional latency will they experience converting the AT from refresh to short lived? Currently the total latency to connect to DB and upload a file from my app is < 1/2 second, or barely noticeable. Will all of the "re-allocation" steps add significantly to this.

 

Thank you. 

Здравко
Legendary | Level 20
Go to solution

Hi @marksmithhfx,

Your question is very generic, so it's difficult to receive exact answer. Additional time consumption is on refresh only. Since data size transferred is relatively negligible, establishing secure connection gets primary weight. In other words additional time depends on your connection latency more than the connection speed.

Other point you should consider, on evaluation, is usage time profile - i.e. how often, relatively, refresh will take on. Let's recall additional time will be added on refresh only, so if your usage profile predispose many calls in a 4 hours time frame, weight of the refresh will be negligible. If your calls bring up on intervals bigger than 4 hours then the relative weight might be bigger (on every calls burst - one refresh). Once the refresh take place, no difference can be expected for rest of calls - they are the same (no additional delay per call).

The best way to figure out exact answer in your particular conditions is... the check. 😉 Most probably it will be negligible.

Good luck.

marksmithhfx
Explorer | Level 4
Go to solution

Thanks. Great answer, and very reassuring. I will give it a go. 

marksmithhfx
Explorer | Level 4
Go to solution

Well, as indicated in my previous response I have been "giving this a go" but with only partial success. 

When I send my app key, app secret, scopes, port and “offline” to https://www.dropbox.com/oauth2/authorize

I get back the following:

 

Array

..          [account_id] => dbid:AAB27TU-12HrF0rn….

..          [refresh_token] => 29hxFtf-fnoAAAAAAAAAAQe….

..          [expires_in] => 14400

..          [uid] => 16196036

..          [scope] => account_info.read files.content.read files.content.write files.metadata….

..          [access_token] => sl.BFo00immyYa18QPnbABlmng….

..          [token_type] => bearer

 

Which is all well and good because what I want is a refresh token that I can use to request a sl. access token when the current one expires. This should also demonstrate that I know how to send an app key, secret, port and token_access_type to the URL provided.

 

However, when I send my grant type, refresh_token, app key and secret to https://api.dropbox.com/oauth2/token like it suggests in the guidance below (from the Developers guidelines) I always get an Error 404 page not found. I’ve also tried sending to https://api.dropboxapi.com/oauth2/token but get the same result. What am I doing wrong?

 

curl https://api.dropbox.com/oauth2/token \
    -d grant_type=refresh_token \
    -d refresh_token=<REFRESH_TOKEN> \
    -u <APP_KEY>:<APP_SECRET>

 

BTW, both end points (api.dropbox.com and api.dropboxapi.com) are given in the docs. I tried them both. Both were 404.

 

Thanks

Greg-DB
Dropbox Staff
Go to solution

@marksmithhfx Is that the exact code you're running? It looks correct, and it does work for me when I plug in my values. There may be something about how your client is formatting the request causing it to fail. Perhaps you can share the actual request/response you're getting (just redacting the sensitive values) so I can take a look.

marksmithhfx
Explorer | Level 4
Go to solution

"Is that the exact code you're running?" 

 

No, not exactly. I am using an OAuth2 package in the application development environment (it's like a fancy Visual BASIC) I am using. To get the refresh_token I was using this code (with redactions):

 

constant kAuthURL = "https://www.dropbox.com/oauth2/authorize"

constant kTokenURL = "https://api.dropboxapi.com/oauth2/token"

constant kClientID = "redacted" -- client here means this application, not this user

constant kClientSecret = "redacted" -- secret here is for this application, not this user

constant kScopes = ""

constant kPort = "54303"

 

since there is no parameter for token_access_type that is handled with:

put "offline" into tParams["token_access_type"]

then the call to OAuth2 itself...

 

OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, kPort, tParams

 

which successfully returned the array (actually JSON dictionary converted to array) I posted earlier. 

 

This is the extent of the API I have, so I was trying to model the next step by writing:

put "refresh_token" into tParams["grant_type"]

put RefreshToken into tParams["refresh_token"] -- a var that contains the refresh token returned in the first step

-- I tested that both of these array values were properly formatted

 

and then calling:

 

OAuth2 kTokenURL, kClientID, kClientSecret, tParams

 

But all I get is a 404 Page not found error. I was hoping to get something more useful back (maybe you could think of a way I can do that?) so I could start to debug this, but all I get is the 404. 

 

PS I did notice in the documentation that "authorization" is listed as a GET method and "token" as a POST method, but since I am not conversant in HTML that didn't mean anything to me. However, that might be the root cause of the problem. The application API might be formatting both as GET statements instead of the required POST one. (I should probably lookup GET and POST). Thanks

 

 

 

 

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    marksmithhfx Explorer | Level 4
  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?