Need to see if your shared folder is taking up space on your dropbox 👨💻? Find out how to check here.
Forum Discussion
How to get refresh token without User interaction
Hello Team,
As Drop Box Access Token is invalid after 4 hr. I want to implement refresh token mechanism at Backend Java code without User Interaction i.e fully automated. so I have a requirement to...
Hi Greg.
Somewhat this is still confusing for me.
I was following this example:
https://github.com/dropbox/dropbox-sdk-python/blob/main/example/oauth/commandline-oauth-scopes.py#L81
and this guide:
https://developers.dropbox.com/oauth-guide
From your comment:
Greg-DB wrote:If your app needs to maintain long-term access without the user manually re-authorizing it repeatedly, the app should request "offline" access so that it gets a refresh token. The refresh token doesn't expire and can be stored and used repeatedly to get new short-lived access tokens whenever needed, without the user manually reauthorizing the app.
and from the DropBox Oauth Guide:
> When using refresh tokens, your call to the /oauth2/token endpoint with the grant_type of authorization_code will return a short-lived access token and a refresh token, which should be securely stored.
so why does this endpoint return a new refresh token?
but as I understand - your comment is more correct - the Refresh Token is permanent and if I perform a "manual flow" like here:
https://github.com/dropbox/dropbox-sdk-python/blob/main/example/oauth/commandline-oauth-scopes.py#L18
and save the refresh token, I should be able to use it forever?
let's say I perform the above manual and initial OAuth flow (DropboxOAuth2FlowNoRedirect - in Python SDK), and save the refresh token and access token somewhere.
then, let's say I have a task - a script that re-runs periodically and needs to call DropBox API without user interaction - I make it read the previously saved Access and Request tokens, and make a call like this:
https://github.com/dropbox/dropbox-sdk-python/blob/main/example/oauth/commandline-oauth-scopes.py#L79C1-L83C52
?
does this mean, that after the above Dropbox client operation, I don't get a new Access Token, but the one which I saved just becomes valid again?
both the AccessToken and Refresh Token stay valid and the same all the time?
AccessToken can even become expired for a long time, and you only need Refresh Token to make a new Dropbox API connection at any time?
Hi tkozuch,
As seems you haven't read entire documentation. /oauth2/token endpoint can be used for different things including initial token receiving from access code (note here code, no token) where you get refresh token and access token on one side and consecutive usage to get access token from refresh token (something the can be used repeatedly; the first case cannot - the code is for single time usage). For some more details in deep take a look here. That's for clarity only - when using SDK you don't need to call endpoints directly. So:
tkozuch wrote:...
so why does this endpoint return a new refresh token?
...
When you start OAuth flow from "zero" (i.e. new code) you get new refresh token. You don't need to repeat it! You only need to do it once on linking time and after that proceed without further user interaction - then only new access token comes back. Actually the SDK takes care for this, you can ignore this part completely in your code.
tkozuch wrote:...
and save the refresh token, I should be able to use it forever?
...
Yes, or till revoke either from your application or from user side.
tkozuch wrote:...
both the AccessToken and Refresh Token stay valid and the same all the time?
...
Refresh token stay valid indefinitely while access token expire in time noted on receiving (typical 4 hours or so).
tkozuch wrote:...
AccessToken can even become expired for a long time, and you only need Refresh Token to make a new Dropbox API connection at any time?
Almost... Once the existing access token expires, you need new access token for regular API work - that's what the refresh process is for. As I mentioned SDK takes care for this internal. To "refresh" the token you need application key at least and in some cases application secret (when non PKCE OAuth flow is used).
Hope this sheds additional light.
About Discuss Dropbox Developer & API
Make connections with other developers
