Need to see if your shared folder is taking up space on your dropbox 👨‍💻? Find out how to check here.

Forum Discussion

Thomi's avatar
Thomi
Explorer | Level 4
6 years ago
Solved

No Refresh token is returned

Hey,   I'm trying to figure out how the refresh token oauth2 process is working. When I navigate to https://www.dropbox.com/oauth2/authorize?client_id=<client_id>&token_access_type=offline&respon...
API
  • TaylorKrusen's avatar
    TaylorKrusen
    6 years ago

    When you swap that code for an access token(https://api.dropbox.com/oauth2/token), the resulting payload will contain an access_token and a refresh_token, which can be stored and used to issue a new access token later.

TaylorKrusen's avatar
TaylorKrusen
Icon for Dropbox Staff rankDropbox Staff
6 years ago

When you swap that code for an access token(https://api.dropbox.com/oauth2/token), the resulting payload will contain an access_token and a refresh_token, which can be stored and used to issue a new access token later.

MarteIT's avatar
MarteIT
Explorer | Level 3
5 years ago

Hi! I have exactly the same problem. Can you please clarify what you mean by "swap"?

Where should I use the code (https://api.dropbox.com/oauth2/token)? curl? With any parameter/ID?

Can you please give me an easy procedure to follow, or an example? Thank you

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    5 years ago

    MarteIT By "swap", Taylor was referring to how the app sends the "authorization code" (which is received from the /oauth2/authorize OAuth step) in the request to the Dropbox /oauth2/token endpoint, and how the Dropbox API would send the access token and refresh token back in the response.

     

    I recommend reading the OAuth Guide for an overview of how this process works. Then, refer to the authorization documentation for information on the specific endpoints and parameters to use, including examples of calling /oauth2/token using curl.

    • MarteIT's avatar
      MarteIT
      Explorer | Level 3
      5 years ago

      Hi Greg, thank you for your reply. I thought Taylor was referring to a somehow different procedure.

      What you wrote was already clear to me and that's what I've been trying many times. The problem is that whenever I use the "authorization code" (which is received from the /oauth2/authorize OAuth step) and use it in the request to the Dropbox /oauth2/token endpoint, I get the following error:

      {"error_description": "refresh token is malformed", "error": "invalid_grant"}

      I'm just using the following command:

      curl https://api.dropbox.com/oauth2/token -d grant_type=refresh_token -d refresh_token=["authorization code"] -u [xxxxxx]:[yyyyyyy]

      Where am I wrong?

      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Community Moderator rankDropbox Community Moderator
        5 years ago

        MarteIT To exchange or "swap" the authorization code for an access token and refresh token you should use "grant_type=authorization_code", as shown in the "access token request in code flow" example (or "PKCE code flow token request" example, if using PKCE) in the /oauth2/token documentation.

         

        Using "grant_type=refresh_token" is for when you would later use a refresh token to get a new short-lived access token.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!