Forum Discussion

MightyModest's avatar
MightyModest
Explorer | Level 3
3 years ago

Refresh token not valid

I'm building a Flask app that sends files users post on their account to a shared Dropbox folder. It works fine with these short-lived 4-hour tokens, but as I prepare to move to deployment I need a longer-lasting token. I got a refresh token but when I try to use it I get an invalid token exception. I did the following: 

 

1. Used my browser to load the following, with my app key inserted. 

 

 

https://www.dropbox.com/oauth2/authorize?client_id=APPKEYHERE&response_type=code&token_access_type=offline

 

 

 

2. Authorized the request in the browser, got back the access code.

 

3. Ran the following, inserting the code I just got in the previous step, as well as my app key and app secret: 

 

 

curl https://api.dropbox.com/oauth2/token \
    -d code=CODE_I_JUST_GOT_FROM_BROWSER \
    -d grant_type=authorization_code \
    -u APPKEYHERE:APPSECRETHERE

 

 

 

This returned what I expect—a dictionary with access token (the short-lived one starting with `sl.`), some account and permission info, and the `refresh_token`. When I use the short lived token it works (until expiration) but the refresh token gives me an error. What am I doing incorrectly? I've done the above process a couple of times now with no luck.

  • Здравко's avatar
    Здравко
    Legendary | Level 20

    Hi MightyModest,

    You are doing well initial authorization steps! 😉 So, you already have all needed to be able perform regular API calls. The API calls accept access tokens only, NOT refresh token!!! That's where start your errors. First, don't try replace the access token with refresh token - as you know already it doesn't work. Second as "refresh token" name suggest, it's a token to refresh the access token and can't be used for something else. 😉 By the way... 🤔 have you refreshed the access token once the initial one got expire? Ohh... 🤫 seems not! Try it - may work. 😉 Take a look here for a more complete example.

    Hope this helps.

    • MightyModest's avatar
      MightyModest
      Explorer | Level 3

      Thanks for clarifying on the refresh token. I think my confusion is about how to implement a Python-specific way of using that refresh token to constantly grab a new short-lived token. Right now my app does the following (which works with a short-lived token in my environmental variables): 

       

      import dropbox
      
      client = dropbox.Dropbox(dropbox_access_token)
      uploaded = client.files_upload(open(local_file_path, "rb").read(), dropbox_path)
      shared_link = client.sharing_create_shared_link(dropbox_path)

       

      I've searched for an example of how I can programmatically (I imagine via a cron job that runs more frequently than the four hour expiration time) use my refresh token to update `dropbox_access_token` above. I'm sure there's a code example but I just can't find it, likely because I'm not using the right terminology. 

      • Здравко's avatar
        Здравко
        Legendary | Level 20

        MightyModest wrote:

        ... I think my confusion is about how to implement a Python-specific way of using that refresh token to constantly grab a new short-lived token. ... I've searched for an example of how I can programmatically (I imagine via a cron job that runs more frequently than the four hour expiration time) use my refresh token to update `dropbox_access_token` above. ... 


        😀 No, you will not find such a example and it's not need while using any of Dropbox supported SDKs (including Python). Refresh is performed by the client object internally whenever needed - on demand. The only thing you need is to provide full credentials (including refresh token), so refresh to be possible. 😉 Take a look here for a something like very simple example. Don't try perform refresh yourself; in such a way you will double existing code - something meaningless. Ahh.. it's still possible of course...

        Good luck.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    MightyModest As Здравко noted, if you're using an official Dropbox SDK, you don't need to implement the refresh process yourself. The SDK will do that for you automatically as long as you provide the necessary credentials. For reference, in the PKCE example Здравко linked to, only the refresh token and app key is required. If you're not using PKCE to retrieve the refresh token initially though, you'll need to also supply the app secret, as in this example.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.5,941 PostsLatest Activity: 58 minutes ago
350 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!