Need to see if your shared folder is taking up space on your dropbox 👨💻? Find out how to check here.
Forum Discussion
Solved
Unable to get long lived access tokens.
Hello there!
I'm trying to get an access token that doesn't expire. A long-lived access token. For now, when I generated an access token from the App Console, the session will expire after x ho...
Take a look on https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/Need-Permanant-Access-token-for-drop-box/td-p/583956 😉
In short - there is no more long lived access token and you should add refresh token in your code.
Hope this helps.
Well, as indicated in my previous response I have been "giving this a go" but with only partial success.
When I send my app key, app secret, scopes, port and “offline” to https://www.dropbox.com/oauth2/authorize
I get back the following:
Array
.. [account_id] => dbid:AAB27TU-12HrF0rn….
.. [refresh_token] => 29hxFtf-fnoAAAAAAAAAAQe….
.. [expires_in] => 14400
.. [uid] => 16196036
.. [scope] => account_info.read files.content.read files.content.write files.metadata….
.. [access_token] => sl.BFo00immyYa18QPnbABlmng….
.. [token_type] => bearer
Which is all well and good because what I want is a refresh token that I can use to request a sl. access token when the current one expires. This should also demonstrate that I know how to send an app key, secret, port and token_access_type to the URL provided.
However, when I send my grant type, refresh_token, app key and secret to https://api.dropbox.com/oauth2/token like it suggests in the guidance below (from the Developers guidelines) I always get an Error 404 page not found. I’ve also tried sending to https://api.dropboxapi.com/oauth2/token but get the same result. What am I doing wrong?
curl https://api.dropbox.com/oauth2/token \
-d grant_type=refresh_token \
-d refresh_token=<REFRESH_TOKEN> \
-u <APP_KEY>:<APP_SECRET>
BTW, both end points (api.dropbox.com and api.dropboxapi.com) are given in the docs. I tried them both. Both were 404.
Thanks
Greg-DB
Dropbox Community Moderator
Dropbox Community Moderatormarksmithhfx Is that the exact code you're running? It looks correct, and it does work for me when I plug in my values. There may be something about how your client is formatting the request causing it to fail. Perhaps you can share the actual request/response you're getting (just redacting the sensitive values) so I can take a look.
"Is that the exact code you're running?"
No, not exactly. I am using an OAuth2 package in the application development environment (it's like a fancy Visual BASIC) I am using. To get the refresh_token I was using this code (with redactions):
constant kAuthURL = "https://www.dropbox.com/oauth2/authorize"
constant kTokenURL = "https://api.dropboxapi.com/oauth2/token"
constant kClientID = "redacted" -- client here means this application, not this user
constant kClientSecret = "redacted" -- secret here is for this application, not this user
constant kScopes = ""
constant kPort = "54303"
since there is no parameter for token_access_type that is handled with:
put "offline" into tParams["token_access_type"]
then the call to OAuth2 itself...
OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, kPort, tParams
which successfully returned the array (actually JSON dictionary converted to array) I posted earlier.
This is the extent of the API I have, so I was trying to model the next step by writing:
put "refresh_token" into tParams["grant_type"]
put RefreshToken into tParams["refresh_token"] -- a var that contains the refresh token returned in the first step
-- I tested that both of these array values were properly formatted
and then calling:
OAuth2 kTokenURL, kClientID, kClientSecret, tParams
But all I get is a 404 Page not found error. I was hoping to get something more useful back (maybe you could think of a way I can do that?) so I could start to debug this, but all I get is the 404.
PS I did notice in the documentation that "authorization" is listed as a GET method and "token" as a POST method, but since I am not conversant in HTML that didn't mean anything to me. However, that might be the root cause of the problem. The application API might be formatting both as GET statements instead of the required POST one. (I should probably lookup GET and POST). Thanks
- Greg-DB
marksmithhfx Thanks for following up with the additional information. The "GET" and "POST" are referring to the HTTP "method" for the HTTP request. Every HTTP request uses one of a number of methods, for various different use cases, with GET and POST being two of the most commonly used ones.
The Dropbox /oauth2/token endpoint in particular does require the use of the POST method. Using GET could cause the issue you're seeing.
Unfortunately I can't offer support for the "OAuth2" package you're using itself, as that's not made by Dropbox. You may need to refer to its documentation for information on configuring and debugging it. For instance, there may be a way to enable more verbose debugging output. Likewise, check how you might configure the appropriate HTTP method to use to make sure it uses POST for the request to /oauth2/token.
Thanks Greg, you have confirmed what I was suspecting. In order to covert the refresh token to a new sl.access token a new kind of method needs to be used (POST) which does not appear to be supported in the current version of the OAuth2 package I am using. I will prepare something to pass along to LiveCode so they can update their OAuth2 (if they want). Using sl.access tokens that require frequent re-authorization is not ideal, but given no other alternative, I'll hobble along for awhile and see what develops down the road.
Cheers and thanks.
Mark
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
