Forum Discussion

RandySK's avatar
RandySK
New member | Level 1
10 months ago

No Response to Authorize Command

After I set up my app at DropBox, I did a call from my database application to: the /oauth2/authorize endpoint with my client ID and redirect URI as parameters.  I got the response: 302 Found\r\nT...
DB-Des's avatar
DB-Des
Icon for Dropbox Community Moderator rankDropbox Community Moderator
10 months ago

Hi RandySK,

The initial authorization step has to be done on a webpage, yes, where there must be user interaction. The next steps can be done programmatically, i.e. no user interaction is needed.

At a high-level: A request needs to be sent to the /oauth2/token endpoint with the authorization code obtained from the first step, as such:

curl https://api.dropbox.com/oauth2/token \
    -d code=<AUTHORIZATION_CODE> \
    -d grant_type=authorization_code \
    -d redirect_uri=<REDIRECT_URI> \
    -d client_id=<APP_KEY> \
    -d client_secret=<APP_SECRET>

For apps with "offline" access, the response from the above request will return both an access token (short-lived) and a refresh token (does not expire). 

The refresh token can be stored securely as it can be used repeatedly.

When a new access token (short-lived) is needed, a request needs to be sent to the /oauth2/token endpoint, with the refresh token and the "grant_type" set to "refresh_token", like so:

curl https://api.dropbox.com/oauth2/token \
    -d grant_type=refresh_token \
    -d refresh_token=<REFRESH_TOKEN> \
    -d client_id=<APP_KEY> \
    -d client_secret=<APP_SECRET>

I hope this provides more clarity!

RandySK's avatar
RandySK
New member | Level 1
10 months ago

>The initial authorization step has to be done on a webpage, yes, where there must be user interaction.

Thanks.  What's the URL I need to go to in order to do that first interaction?  I have already generated the IDs I should need for that step.  I don't see it in the OAuth guide.

  • DB-Des's avatar
    DB-Des
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    10 months ago

    RandySK 

    Based on your original enquiry and the fact that "offline" access was discussed, your authorization URL would look like this:

    https://www.dropbox.com/oauth2/authorize?client_id=<APP_KEY>&redirect_uri=https://api.intellexcorp.com&response_type=code&token_access_type=offline

    As a reminder, for this flow: Once the app has been authorized by the user, the authorization code will be appended as a query parameter to your redirect_uri. It will most likely look something like this:

    https://api.intellexcorp.com?code=<AUTHORIZATION_CODE>

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!