What function in .NET SDK is for /oauth2/token

The SDK does it for you. You don't need to do anything explicitly.

Esikhoob As Здравко said, the .NET SDK will handle this /oauth2/token request for you. It will automatically use the refresh token to get a new access token whenever needed.

You can find the documentation for the .NET SDK here, and example code for the authorization flow here.

I think, you mean  DropboxClient class instance will do this job.

I had to explain our goal more: We are adding Dropbox upload capability to our ASP.NET website. As a matter of fact, I have used java script SDK for achieving our goals , but  I think I should not put  app key or secret in java script, which will observable to all users.

so I think, we will generate access token in server side (aka .NET), and send that to java script side.

Is my assumption true? If yes, by reading the document I cannot find a way to get access token out of .NET SDK DropboxClient. how can I get it?

thanks in advance.

Hi again Esikhoob,

I see what you mean. Dropbox .NET SDK unfortunately is not designed in a way to be possible such things. The fields you're interested in are hidden/private. So no, you cannot use the provided SDK as is, but you can use the sources as a template and re-implement it (with some slight changes - expose needed access token with some method for instance) so you can get access token after you make sure it's actual (using the proper method). You don't need a client object if you don't plane make regular API calls server side. The only object you need, in such a case, is DropboxRequestHandler class instance (after the class modification or another derived class declaration). 😉

Hope this gives direction.

Esikhoob As it is best not to leak your app secret to users, you can instead use the "PKCE" app authorization flow with the JavaScript SDK itself. The PKCE flow is intended for client-side applications and does not require the use of the app secret. You can find an example of using it with the JavaScript SDK here.

Thanks all for these helping answers.

Greg-DBI read PKCE documentation, but I don`t understand the purpose of eliminating app secret, since others also can call the API without it.

Esikhoob PKCE is a feature of the OAuth 2 specification. For more information on it, in addition to our own OAuth Guide and authorization documentation, you may be interested in reading the OAuth 2 PKCE specification and resources.