One month down in 2025: How are your resolutions coming along? Check out how to get back on track here.
Forum Discussion
Trouble Obtaining Refresh Token Alongside Access Token from Dropbox OAuth2 in Local Environment
I'm trying to integrate Dropbox into my web application using OAuth2. My code seems to be working correctly, but I'm only receiving the access token and not the refresh token upon successful login. I'm developing in a local environment and using ngrok for a callback URL.
Code Snippets:
- Front-end code (relevant part):
const handleConnect = (service) => {
const connectionUrl = `${process.env.REACT_APP_HOST_URL}/auth/${service}`;
const authWindow = window.open(connectionUrl, "_blank");
window.addEventListener('message', event => {
if (event.data.message === 'Success') {
sendTokensToServer({ ...event.data, path: connectedServices[service].path });
authWindow.close();
}
});
};
- Back-end code (relevant part):
const DropboxOAuth2Strategy = require('passport-dropbox-oauth2').Strategy;
passport.use(
new DropboxOAuth2Strategy(
{
apiVersion: "2",
callbackURL: `${process.env.CALLBACK_URL}/oauth/dropbox/callback`,
clientID: process.env.DROPBOX_CLIENT_ID,
clientSecret: process.env.DROPBOX_CLIENT_SECRET,
// Missing option?
},
(accessToken, refreshToken, profile, cb) => {
console.log(accessToken, refreshToken)
cb(null, profile);
}
)
);
router.get("/auth/dropbox", passport.authenticate("dropbox-oauth2"));
router.get("/oauth/dropbox/callback",
passport.authenticate("dropbox-oauth2", { failureRedirect: "/" }),
(req, res) => {
res.redirect("/success?service=Dropbox");
}
);
- Question:
* Is using ngrok as a callback URL in my local environment preventing me from receiving the refresh token?
* If not, what could be causing the missing refresh token?
* Are there any additional configuration options needed for the `DropboxOAuth2Strategy` to obtain the refresh token?
- Additional Information:
* I've checked the Dropbox API documentation for OAuth2 and ensured my code is following the steps correctly.
Thanks in advance for any help!
- Greg-DB
Dropbox Staff
[Cross-linking for reference: https://stackoverflow.com/questions/78479669/trouble-obtaining-refresh-token-alongside-access-token-from-dropbox-oauth2-in-lo ]
Whether or not you use a redirect URI, as well as where/how the redirect URI is hosted, doesn't affect whether or not a refresh token is returned.
In order to get a refresh token from Dropbox, you need to set
token_access_type=offlineon /oauth2/authorize. I don't see that in your code, so you'll need to check on whether your OAuth library automatically does that for you, and if not, how you can set it.W can't offer support for the DropboxOAuth2Strategy class as that's not written by Dropbox. I suggest referring to the documentation for it.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
