Need Permanant Access token for drop box

Hi All,

Good day...!!!

I'm Nitish Kumar from India. I'm a software engineer. Currently, I'm working on one of the projects using node js where I'm using dropbox API with the access token. everything was working fine but after a while, the access token is getting expired. I need a way to get the permanent access token so, I do not require manual intervention every time.

So, the team can you please help me with the same? thank you!

Thanks and regards,

Nitish Kumar

Developers

Greg-DB
4 years ago
Dropbox is in the process of switching to only issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here.

Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation. You can find an example of using refresh tokens with the JavaScript SDK here.

For reference, while the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption, if you have any. Also, note though that after the change you won't be able to create new long-lived access tokens.

While the change began on September 30th 2021, we're releasing it gradually, so you may not have seen your app(s) affected until now. Once it applies to your app, it would apply regardless of the "Access token expiration" setting for your app, and that setting may no longer be available for your app.

12 Replies

Greg-DB
Dropbox Community Moderator
4 years ago
Dropbox is in the process of switching to only issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here.

Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation. You can find an example of using refresh tokens with the JavaScript SDK here.

For reference, while the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption, if you have any. Also, note though that after the change you won't be able to create new long-lived access tokens.

While the change began on September 30th 2021, we're releasing it gradually, so you may not have seen your app(s) affected until now. Once it applies to your app, it would apply regardless of the "Access token expiration" setting for your app, and that setting may no longer be available for your app.
nitish166
Helpful | Level 5
4 years ago
Thanks for the reply.

Letting you know that the javascript code is working fine. also, able to generate the access token through the code. but still, we are facing the manual user intervention issue. whenever we are running the script and accessing through the localhost:3000 then, every time it is asking for user approval. below screenshot for the same.

Also, below screenshot for the access token. as per the screenshot, the token will get expired in after 4 hours.

So, team can you please help us to get the permanant access-token without user intervantion. thank you!

Thank and regards.
Здравко
Legendary | Level 20
4 years ago
Hi nitish166,
The refresh token seen on your dump doesn't expire. Do you use it or the access token only?! 🤔😉
Hope this gives direction.
Greg-DB
Dropbox Community Moderator
4 years ago
nitish166 Здравко is correct; refresh tokens don't expire by themselves, so you should store and re-use them, instead of starting the app authorization flow each time.
nitish166
Helpful | Level 5
4 years ago
Thanks, Здравко

Please be notified that I'm using access_token only for communicating dropbox API with my node js code. I'm not able to figure out where should use the refresh token in my code. please find the below code for the same.

So, can you please help me for the same. it would be really appricated. thank you!

Thanks and regards,
Nitish Kumar
Greg-DB
Dropbox Community Moderator
4 years ago
nitish166 It looks like you are not using the Dropbox API v2 JavaScript SDK. We highly recommend using an official SDK whenever possible, as it will do much of the work for you. For instance, you can find the Dropbox API v2 JavaScript SDK here, and an example of using refresh tokens with the JavaScript SDK here.

Otherwise, if you cannot use the SDK, you'll need to use the refresh token to programmatically retrieve new short-lived access tokens whenever needed. You can find more information on that in the OAuth Guide and authorization documentation. For instance, refer to "Example: refresh token request" in the /oauth2/token documentation.
nitish166
Helpful | Level 5
4 years ago
Thank you so much for your support.

Thanks and regards,
Nitish Kumar
nitish166
MG2L
Explorer | Level 3
4 years ago
Hi

I just encountered the new authentication way issue with the official node SDK.
I need a long life token to run on my backend server that requests regularly my files on dropbox.

I understand the need to refresh the short live token, but I don't understand how to perform that.
The provided example https://github.com/dropbox/dropbox-sdk-js/blob/b5631e4b5b0e9eb6d3297e1ee57ad29a63d49898/examples/javascript/PKCE-backend/code_flow_example.js doesn't help because this is not my use case (my app is a backend app, not a frontend one). I can't use getAuthenticationUrl because I don't have to use a redirect url
Here is a sample of my dropbox service https://gist.github.com/tangb/f749af0f95a1db03cc1c0abf5a8ed03d

As you can see I instanciate my dropbox SDK in my constructor using my token (which is now always a short-lived token). All this code worked before I update my token.

Anyway, I have some questions:
why the sdk does not automatically handle refresh token (it should have all necessary to perform this itself no ?)
how to refresh my token by myself using my code ? I understand I need to handle 401 http status and request a new short-lived token using a refresh token, but where can I find it ? In my app console panel, I only find a token, not the refresh token ? Do I use the clientId/clientSecret ?... is there and example to illustrate the process ?

Thank you very much for your help 😉
Здравко
Legendary | Level 20
4 years ago
Hi MG2L,
Your SDK can automatically refresh access token using the provided refresh token usually. About how to get a refresh token, take a look here for a possible way. 😉
Hope this helps.
Greg-DB
Dropbox Community Moderator
4 years ago
MG2L Здравко is correct; the Dropbox JavaScript SDK does perform the refresh process for you automatically as long as you provide the necessary credentials (e.g., the refresh token), as shown the example. (You can also call refreshAccessToken in the SDK explicitly if you want to for whatever reason, but it's not necessary.) And as Здравко illustrated, you have to use the OAuth app authorization flow to get a refresh token.

Also, you can technically use getAuthenticationUrl without a redirect URI, by setting the parameter to null, as long as you're using the "code" flow (e.g., as shown in that example). In that case, the user would just need to manually copy/paste the resulting authorization code back into the app.