You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

rs123's avatar
rs123
New member | Level 2
3 years ago

Getting refresh token for shiny app using rdrop2 and drop_auth()

I'm trying to create a shiny app, using R Studio, which links to my dropbox using the package rdrop2.

 

I have successfully managed to deploy the app and it runs as planned for around 4 hours. However, I need long lasting offline access.

 

Dropbox help pages say that I'll need a 'refresh token'.

 

Currently to get my token I am using:

library(rdrop2)
token <- drop_auth() # gets credentials

saveRDS(token, "droptoken.rds") # saves credentials


token<-readRDS("droptoken.rds") # read in credentials

drop_auth(new_user = FALSE,
          cache = TRUE,
          rdstoken = "droptoken.rds")

ui <- # some UI code



server <- function(input, output,session) {
  # some server code
}

shinyApp(ui = ui, server = server)

This creates a token that has a 'sl.' access token (short lived) which expires_in 14400, which is 4 hours. After 4 hours, the app no longer works due to an 'Unathorised HTTP 401' error.

 

Could anyone provide me help on how to adapt this code to obtain a refresh token?

 

NB: I am aware that dropbox no longer allow tokens with no expiry (as of September 2021) so I need to go down the refresh token route.

  • Здравко's avatar
    Здравко
    Legendary | Level 20

    Hi rs123,

    Seems you are using unsupported SDK. Regular access tokens expire in 4 hours as you noted.


    rs123 wrote:

    ...

    NB: I am aware that dropbox no longer allow tokens with no expiry (as of September 2021) so I need to go down the refresh token route.


    Not exactly! Existing long lived access tokens (if you have any) keep validity. You can't create new such token; all new access tokens are short lived (but only access tokens). It's not the same for refresh tokens; they are without due date!

    I don't know what exactly is available in your environment, but if there isn't newer version of the SDK, used by you, and supported SDKs can not be used in your case, you have to manage direct access points call (to receive and manage tokens, at least). You should make sure authorization rules are followed strictly and selected token type is "offline". So aside of the regular access token your application will receive refresh token too. When the due date gets close, you can use received refresh token to get a new regular access token in a /oauth2/token call. This should repeat on regular basis whenever need. The rest of the code could work without change with ensured valid access token. That's it.

    Hope this helps.

    • rs123's avatar
      rs123
      New member | Level 2

      Thank you very much for the information. I understand what you are saying I need to do, although my very limited experience in this matter is not allowing me to complete this. Do you have any resources on SDKs in R directly? I'm struggling to find any help on R that isn't related to the out of date SDK (rdrop2). I have looked at the links you provided and tried to follow the HTTP (since my programme wasn't listed) and some of the community SDKs but just not managing to get anywhere.

      • Здравко's avatar
        Здравко
        Legendary | Level 20

        Unfortunately, I don't have any info on this regard.

        Try edit the SDK used by you. Only the part related to authentication need changes, so shouldn't be a big deal. Just add there refresh token handling and... that's all (I hope the rest works properly). I can't say anything more.

        Good luck.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    [Cross-linking for reference: https://stackoverflow.com/questions/71393752/get-a-refresh-token-for-dropbox-api-using-rdrop2-and-drop-auth ]

     

    As you found, Dropbox is in the process of switching to only issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here. We don't have any resources for R in particular unfortunately.

    Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation. Support for refresh tokens would ideally be built in to the "rdrop2" library you're using. That's not made by Dropbox though so I can't offer help with that.

    As Здравко noted, while the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption, if you have any. Also, note though that after the change you won't be able to create new long-lived access tokens.

    While the change began on September 30th 2021, we're releasing it gradually, so you may not have seen your app(s) affected until now. Once it applies to your app, it would apply regardless of the "Access token expiration" setting for your app, and that setting may no longer be available for your app.

    • rs123's avatar
      rs123
      New member | Level 2

      Thank you for your help.

    • TessaP's avatar
      TessaP
      New member | Level 2

      My shiny app doesn't work anymore after 4 hrs because of a 'Unauthorized (HTTP 401)'. I read the above tips but there is not enough specific information for me to solve it. I use the key and secret that rdrop2 provides, store it and call it. It would be very helpful if someone can provide code in R to solve this, or provide more information how to request 'offline access' as suggested. The app is intended to enable others (anyone who has the link to the shiny app) to add to a master spreadsheet in dropbox.

      • Здравко's avatar
        Здравко
        Legendary | Level 20

        TessaP wrote:

        ... I read the above tips but there is not enough specific information for me to solve it. I use the key and secret that rdrop2 provides, store it and call it. It would be very helpful if someone can provide code in R to solve this, or provide more information how to request 'offline access' as suggested. ...


        Hi TessaP,

        I am not familiar with "rdrop2", but since you are posting your question now, seems it's still not updated and refresh token isn't supported there. Can you clarify what kind of "specific information" do you need? 🤔 In above posts, all needed for refresh token support to be implemented, is available. About "how to request offline access", if you used long lived token before, most probably you have done already everything needed and have received 'offline access'. 😉 You have to just find out your received already refresh token and keep it for later use. In addition you have to implement some code that initiate refresh when needed, as described above (that's what missing). Actually, it's a single HTTPS call. If you need more info about how to invoke web calls, take a look on 'httr' documentation (it's a 'curl' wrapper actually).

        Hope this gives direction.

         

        Add: The problem is that 'rdrop2' launches default authentication only. By default Dropbox gives short lived access token. All that need fix is here. Try play with 'query_authorize_extra' parameter of 'oauth2.0_token()' (according to Dropbox documentation for /oauth2/authorize).

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,895 PostsLatest Activity: 12 days ago
328 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!