Need to see if your shared folder is taking up space on your dropbox 👨💻? Find out how to check here.
Forum Discussion
Solved
No Refresh token is returned
Hey, I'm trying to figure out how the refresh token oauth2 process is working. When I navigate to https://www.dropbox.com/oauth2/authorize?client_id=<client_id>&token_access_type=offline&respon...
When you swap that code for an access token(https://api.dropbox.com/oauth2/token), the resulting payload will contain an
access_tokenand arefresh_token, which can be stored and used to issue a new access token later.
Hi Greg, thank you for your reply. I thought Taylor was referring to a somehow different procedure.
What you wrote was already clear to me and that's what I've been trying many times. The problem is that whenever I use the "authorization code" (which is received from the /oauth2/authorize OAuth step) and use it in the request to the Dropbox /oauth2/token endpoint, I get the following error:
{"error_description": "refresh token is malformed", "error": "invalid_grant"}
I'm just using the following command:
curl https://api.dropbox.com/oauth2/token -d grant_type=refresh_token -d refresh_token=["authorization code"] -u [xxxxxx]:[yyyyyyy]
Where am I wrong?
Greg-DB
Dropbox Community Moderator
Dropbox Community ModeratorMarteIT To exchange or "swap" the authorization code for an access token and refresh token you should use "grant_type=authorization_code", as shown in the "access token request in code flow" example (or "PKCE code flow token request" example, if using PKCE) in the /oauth2/token documentation.
Using "grant_type=refresh_token" is for when you would later use a refresh token to get a new short-lived access token.
Oh alright! I didn't get that. Honestly I find the documentation really misleading:
Example: refresh token request
curl https://api.dropbox.com/oauth2/token \ -d grant_type=refresh_token \ -d refresh_token=<REFRESH_TOKEN> \ -u <APP_KEY>:<APP_SECRET>
Anyway, now I used:
curl https://api.dropbox.com/oauth2/token -d code=[auth code] -d grant_type=authorization_code -d redirect_uri=https://www.dropbox.com/1/oauth2/display_token -u [xxxxxx]:[yyyyyy]
and I got this error:
{"error_description": "redirect_uri mismatch", "error": "invalid_grant"}
I set the Redirect URIs --https://www.dropbox.com/1/oauth2/display_token--
as indicated in some of your previous replies. Still can't get it work. Any suggestion? Thank you.
- Greg-DB
MarteIT The 'redirect_uri' value you supply to /oauth2/token, if any, should exactly match the 'redirect_uri' value supplied to /oauth2/authorize, if any, when that particular authorization code was retrieved. If they don't match, you'll get this error.
The https://www.dropbox.com/1/oauth2/display_token page is a basic page provided by Dropbox for use with the "token" flow (if the app doesn't have its own redirect URI to use and so instead needs to display the access token directly to the user), not the "code" flow as you're using here, so it probably doesn't make sense for your use case.
Finally it worked!! 🙂
Thank you for your patience.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
