Forum Discussion

lalith-mcw's avatar
lalith-mcw
Explorer | Level 3
2 years ago
Solved

After token refresh contents still need authorization to download

import dropbox
box = dropbox.Dropbox(oauth2_refresh_token=<Refresh_Token>, app_key=<app_key>, app_secret=<app_secret>)
 
With logging info able to see the following message:
``` 
INFO : Refreshing access token.
```
 
Later while trying to fetch the metadata using the following command:
```box.files_get_metadata(<File_name>)```
 
Error: AuthError(<ID>, AuthError('invalid_access_token', None))
 
Also with new object creation tried passing the oauth2_token as well still failed fetching metadata. Read/Write permissions are enabled 
  • Hi again lalith-mcw,

    I just tried it out and it's working for me. Are you certainly passed the refresh token to and not something else? 🧐 Also to work correctly, the app key must match to the refresh token (for PKCE app secret is optional, but when given must be correct and matching too).

    You can check if your params are correct using following command line:

    curl https://api.dropbox.com/oauth2/token -d grant_type=refresh_token -d refresh_token=<YOUR_REFRESH_TOKEN_HERE> -d client_id=<YOUR_APP_KEY_HERE>

    Replace  <YOUR_REFRESH_TOKEN_HERE> to the content of refresh_token var and <YOUR_APP_KEY_HERE> to the content of key var from your code. If everything is correct you will get back something like:

    {"access_token":"sl.AbX9y6...","expires_in":14400,"token_type":"bearer"}

    Otherwise, you will get appropriate error message and should fix whatever needed.

    Good luck.

     

    Add: You can get as working example one my earlier post here.

  • Здравко's avatar
    Здравко
    Legendary | Level 20

    Hi lalith-mcw,

    Haha.. 😀 You just found out a imperfection in Dropbox Python SDK. It doesn't make distinct between access token and refresh token. As seems your refresh token is invalid for some reason, but according to the message, you received, the access token became guilty (token that doesn't exist yet). 😁 Just imperfection in error formatting.

    Anyway, check your refresh token validity. 😉

    Hope this gives direction.

  • DB-Des's avatar
    DB-Des
    Icon for Dropbox Engineer rankDropbox Engineer

    Hi!

     

    We'd recommend confirming the following:

    • Make sure the refresh token value being passed to oauth2_refresh_token corresponds to the app key and secret being used
    • Make sure that the value being passed to oauth2_refresh_token is a refresh_token and not an access_token

     

    Those are typically the reasons why invalid_access_token error would be thrown for a refresh token.

    • Здравко's avatar
      Здравко
      Legendary | Level 20

      DB-Des wrote:

      ...

      Those are typically the reasons why invalid_access_token error would be thrown for a refresh token.


      DB-Des, Is the API that returns the 'invalid_access-token' error in such cases? 🧐 Isn't better making error text to match what actually happens? Why when error code is 400 and match to 'invalid_grant', the SDK always assumes invalid access token, while there are different cases possible?

      I would suggest the actual error message to be passed in SDK instead of fixed text as by now done here. 😉

    • lalith-mcw's avatar
      lalith-mcw
      Explorer | Level 3

      DB-Des With the below script, Generated the Refresh token and pasted it to update the access token. After using oauth_result.access_token only once it is able to download the contents. Rather its is like an repetitive process. Is the authorized token said to long live or with the given generated `Refresh Token` lasts until revoked (Will it generate new Access tokens everytime after token expiration using the same refresh token) ?

       

      https://github.com/dropbox/dropbox-sdk-python/blob/main/example/oauth/commandline-oauth.py

      • Здравко's avatar
        Здравко
        Legendary | Level 20

        lalith-mcw, the script you linked to doesn't generate refresh token! Only access token comes there out. As you know, it's short lived.

        Use any of the other 2 scripts in the same folder to get refresh token. When you have correct refresh token (not just access token passed as refresh one - so would become invalid) passing it will make your code work until revoked explicitly (i.e. it's long lived). 😉