We’re Still Here to Help (Even Over the Holidays!) - find out more here.
Forum Discussion
oauth2/token endpoint not returning refresh_token
My app starts the oauth flow with a URL like this:
After the user authorizes the app and I get an authorization_code. And I use that code with the oath2/token endpoint, I am sending the following data:
code = <AUTH_CODE_FROM_WEBSITE>
grant_type = authorization_code
client_id = <APP_CODE>
client_secret = <APP_SECRET>
The call succeeds, and I do get a access_token, but there is no refresh_token. Is this expected? How can I get a refresh token?
6 Replies
- Greg-DB
Dropbox Community Moderator
[Cross-linking for reference: https://stackoverflow.com/questions/73155941/dropbox-oauth2-token-endpoint-not-returning-refresh-token ]
I just checked and this is working for me:
# https://www.dropbox.com/oauth2/authorize?response_type=code&client_id=u1v<redacted>&token_access_type=offline # resulted in: # Access Code Generated # Enter this code into <redacted> to finish the process # Zu9U1<redacted> curl -X POST https://www.dropbox.com/oauth2/token \ -d code=Zu9U1<redacted> \ -d grant_type=authorization_code \ -d client_id=u1v<redacted> \ -d client_secret=<redacted> {"access_token": "sl.BMQ<redacted>", "token_type": "bearer", "expires_in": 14400, "refresh_token": "_Ql10<redacted>", "scope": "account_info.read file_requests.read files.content.read files.content.write files.metadata.read files.metadata.write sharing.read sharing.write", "uid": "225<redacted>", "account_id": "dbid:AAB<redacted>"}The JSON result from /oauth2/token contains a "refresh_token" field with the refresh token string. How are you checking the returned payload for the refresh token?
If this isn't working for you, please show the actual /oauth2/authorize authorization and /oauth2/token request and response (just redacting private values).
My bad. I was using saved URL to create the web URL. And that saved URL did not have the correct token_access_type field. Thank you for help. This is working now.
Hello!
I'm having issues with the 'offline' token process. We have a FM app that communicates directly with DB via the API and we need this connection to be 'full time'. I've followed the following:
Obtained my refresh link using the following:
https://www.dropbox.com/oauth2/authorize?client_id=<redacted>&token_access_type=offline&response_type=code
and after clicking thru a few webpages I get this (fyi this token has expired):
I then run this cURL:
https://api.dropboxapi.com/oauth2/token
-X POST
-d code=9ylKMaz1CWQAAAAAAAAAdLY4TF8yXOCuigOBVP9WJ98 \
-d grant_type=authorization_code \
-d client_id=<Redacted> \
-d client_secret=<Redacted>and get this JSON reply:
{
"access_token": "sl.BQYCf_C1x<Redacted>",
"account_id": "dbid:AAAI<Redacted>",
"expires_in": 14400,
"refresh_token": "NlNyjWipw-wAAA<Redacted>",
"scope": "account_info.read account_info.write contacts.read contacts.write file_requests.read file_requests.write files.content.read files.content.write files.metadata.read files.metadata.write sharing.read sharing.write",
"token_type": "bearer",
"uid": "4468854389"
}I then use the "access_token" in place of the manually generated (on the developer APP page) and all is great...until the 14400 seconds (4 hours) expires and then I'm forced to go thru the 'refresh token' web process. Neither "access_token" or "refresh_token" seem to be of any use.
I realize that I might have to script the above when accessing the API when a token has expired (when I get a 401 error) however unless I have a refresh token I'm not sure how I can do this without going thru the "https://www.dropbox.com/oauth2/authorize?client_id=<redacted>&token_access_type=offline&response_type=code" process.
Any idea's would be great!
Hello!
I'm having an issue with the 'offline' token. I went thru the process of requesting a refresh token using the web link: https://www.dropbox.com/oauth2/authorize?client_id=<redacted>&token_access_type=offline&response_type=code and received the following (expired token):
I then ran the cURL
https://api.dropboxapi.com/oauth2/token
-X POST
-d code=<Same as above> \
-d grant_type=authorization_code \
-d client_id=<redacted> \
-d client_secret=<redacted>And received this JSON Reply
{
"access_token": "sl.BQYCf_C1xmJomo<redacted>",
"account_id": "dbid:AAA<redacted>",
"expires_in": 14400,
"refresh_token": "NlNyjWipw-wAAA<redacted>",
"scope": "account_info.read account_info.write contacts.read contacts.write file_requests.read file_requests.write files.content.read files.content.write files.metadata.read files.metadata.write sharing.read sharing.write",
"token_type": "bearer",
"uid": "<redacted>"
}I successfully obtain the new token however that token expired in 14400 seconds (4 hours). I am not sure how to get a 'refreshed' token as the "refresh_token" doesn't work in place of the web obtained refresh token. What am I doing wrong/or need to do to get a offline token? (My FM solution needs to continually talk to DB and this app is exclusively for this purpose and no external usage/request outside this link would be used.)
Здравко,
Thanks! I didn't have the correct cURL parameter for using the 'refresh token'! Inserted this into the cURL and all went fine!
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
