Your workflow is unique 👨💻 - tell us how you use Dropbox here.
Forum Discussion
Solved
Unable to get long lived access tokens.
Hello there!
I'm trying to get an access token that doesn't expire. A long-lived access token. For now, when I generated an access token from the App Console, the session will expire after x ho...
Take a look on https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/Need-Permanant-Access-token-for-drop-box/td-p/583956 😉
In short - there is no more long lived access token and you should add refresh token in your code.
Hope this helps.
Greg-DB
Dropbox Community Moderator
Dropbox Community Moderatormarksmithhfx It looks like the use of POST for these requests is required in the OAuth 2 specification:
The client MUST use the HTTP "POST" method when making access token requests.
I'll send this along as a feature request to support GET as well, but I can't promise if or when that might be implemented (especially as it would be contrary to the specification).
Thanks Greg, but I would nix that. After looking at your post and the documentation again I realized that the LiveCode commands:
put "offline" into tParams["token_access_type"]
OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, kPort, tParams
must be doing both a GET and a POST (the GET for authorization, and the POST for the access token) because, per the documentation:
/oauth2/token
METHOD POST
This endpoint returns a JSON-encoded dictionary including fields below:
access_token String The access token to be used to call the Dropbox API.
expires_in String The length of time in seconds that the access token will be valid for.
token_type String Will always be bearer.
scope String The permission set applied to the token.
account_id String An API v2 account ID if this OAuth2 flow is user-linked.
team_id String An API v2 team ID if this OAuth 2 flow is team-linked.
refresh_token String If the token_access_type was set to offline when calling /oauth2/authorize, then response will include a refresh token. This refresh token is long-lived and won't expire automatically. It can be stored and re-used multiple times.
Which is exactly what I am getting from the OAuth2 command above. So it is my misunderstanding when I said it was not using POST. It's using both. Only problem is, it was written before the age of refresh_tokens so it doesn't know what to do with them.
I'll just leave it to the experts to sort out and hope it doesn't take too long.
Thanks again,
Mark
Hi Greg, the response came, and quicker than I was expecting. Also very DIFFERENT than I expected. We had previously been discussing the recommendation in the DB documentation:
curl https://api.dropbox.com/oauth2/token \
-d grant_type=refresh_token \
-d refresh_token=<REFRESH_TOKEN> \
-u <APP_KEY>:<APP_SECRET>But the result I got back from Livecode, which works perfectly, looks like this:
-- given a refresh token in var tRefreshToken...
set the httpHeaders to "Content-type: application/x-www-form-urlencoded" & \
return & "Authorization: Basic " & base64encode(kClientID & ":" & kClientSecret)
put "grant_type=refresh_token" & "&" & "refresh_token=" & tRefreshToken into tPost
put "https://api.dropbox.com/oauth2/token" into tUrl
post tPost to url tUrl
put JSONToArray(it) into tAuth
put tAuth[access_token] into tAccessToken
Naw, I would have never figured that out. But it works. And I am grateful.
Thanks for your previous attempts at resolving this.
Mark
About Dropbox API Support and Feedback
Get help with the Dropbox API from fellow developers and experts.
