Need to see if your shared folder is taking up space on your dropbox 👨💻? Find out how to check here.
Forum Discussion
Solved
Powershell Oauth2 Refresh Token
Hey all! Thanks in advanced.
I am trying to write a powershell script to get an offline refresh token so I can do unattended uploads.
The problem is that I have to authenticate for an authorization code manually each time it is ran. How do I make it unattended? Here is the code:
$client_id = "CLIENTID"
$client_secret = "CLIENTSECRET"
# Set up the OAuth2 authorization URL
#$scope = "offline"
#$auth_url = "{0}?response_type=code&client_id={1}&scope={2}" -f $auth_url, $client_id, $scope
$auth_url = "https://www.dropbox.com/oauth2/authorize?client_id=CLIENTIDHERE&response_type=code&redirect_uri=$redirectUri&token_access_type=offline"
# Open the authorization URL in the default web browser and prompt the user to sign in and authorize your app
Start-Process $auth_url
Write-Host "Please sign in and authorize your app in the browser window that just opened."
# Prompt the user to enter the authorization code provided by Dropbox after they have authorized your app
$authorization_code = Read-Host "Enter the authorization code provided by Dropbox"
# Set up the access token request parameters
$body = @{
code = $authorization_code
grant_type = "authorization_code"
client_id = $client_id
redirect_uri = $redirectUri
client_secret = $client_secret
}
# Send the access token request and parse the response for the access token and refresh token
$response = Invoke-RestMethod -Method Post -Uri $token_url -Body $body
$access_token = $response.access_token
$refresh_token = $response.refresh_token
# Use the access token to make API calls to Dropbox
# For example, you can list the contents of the root folder like this:
$headers = @{
"Authorization" = "Bearer $access_token"
}
$list_body = @{
path = ""
recursive = $false
}
$list_response = Invoke-RestMethod -Method Post -Uri $list_url -Headers $headers -Body ($list_body | ConvertTo-Json)
$list_response.entries | Select-Object name, path_display
# Output the access token and refresh token to the console
Write-Host "Your access token is: $access_token"
Write-Host "Your refresh token is: $refresh_token"
I'm not sure what you mean when you say you are "not getting any type of response from the curl command". For reference, if you need to debug something with curl, you can use the "-v" flag to enable verbose mode.
In any case, I haven't tested your new code, but the parameters look right. I also don't see where you retrieve the access token from the new /oauth2/token call, but assuming you do either manually or in code not shown, it seems right. Does it work for you when you run it?
8 Replies
Replies have been turned off for this discussion
- Greg-DB
Dropbox Community Moderator
It is not possible to fully automate the OAuth process where the user chooses to authorize the app and the app then receives the resulting access token and optional refresh token. This needs to be done manually by the user at least once.
If your app needs to maintain long-term access without the user manually re-authorizing it repeatedly, the app should request "offline" access so that it gets a refresh token. The refresh token doesn't expire and can be stored and used repeatedly to get new short-lived access tokens whenever needed, without the user manually reauthorizing the app.
You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example of how to use a refresh token to maintain long-term unattended access. Thanks for the reply Greg -
The script above does request offline access. If you see line 10, the authentication url has "token_access_type=offline".
I get the refresh token once, and I plug it in, but it doesn't last more than a couple of hours before it expires.
- Greg-DB
I see you are requesting the refresh token, but you don't seem to actually be using it anywhere in the code you shared.
Whenever you need a new short-lived access token, you should call /oauth2/token with grant_type=refresh_token, as shown in step 5 of the offline example in this post.
So I used this code to upload files. I tried using the refresh token and it doesn't work...
$refresh_token = "hssEaww....REFRESHTOKENWENTHERE"$headers = @{Authorization = "Bearer $refresh_token""Content-Type" = "application/octet-stream"}# Read the file as a byte array and upload it to Dropbox$file_bytes = [System.IO.File]::ReadAllBytes($file_path)$outputFile = Split-Path "C:\FILEHERE.TXT" -leaf$TargetFilePath = "/$outputFile"$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'$authorization = "Bearer " + $refresh_token$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"$headers.Add("Authorization", $authorization)$headers.Add("Dropbox-API-Arg", $arg)$headers.Add("Content-Type", 'application/octet-stream')$response = Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers- Greg-DB
Access tokens and refresh tokens are different objects and are not interchangeable, so you can't use a refresh token as an access token like that. Instead, whenever you need a new short-lived access token you should call /oauth2/token with grant_type=refresh_token and refresh_token set to the refresh token, like in step 5 of this example. That call will return a new short-lived access token which you can then use to make further API calls, such as /2/files/upload.
Is this correct? If so, I'm not getting any type of response from the curl command
$refreshToken = "REFRESHTOKENHERE"$appKey = "APPKEYHERE"$appSecret = "APPSECRETHERE"refresh_token = $refreshTokengrant_type = "refresh_token"client_id = $appKeyclient_secret = $appSecret}$response# Set up the URL to upload the file# Set up the request headers with the authorization and content-type$headers = @{Authorization = "Bearer $access_token""Content-Type" = "application/octet-stream"}- Greg-DB
I'm not sure what you mean when you say you are "not getting any type of response from the curl command". For reference, if you need to debug something with curl, you can use the "-v" flag to enable verbose mode.
In any case, I haven't tested your new code, but the parameters look right. I also don't see where you retrieve the access token from the new /oauth2/token call, but assuming you do either manually or in code not shown, it seems right. Does it work for you when you run it?
Thanks Greg! I think I figured it out. I'm going to post code for future users with this problem.
This is the full code to get the refresh token. Replace the variables at the top where it cays CLIENTIDHERE and CLIENTSECRETHERE. Also the auth_url has a space where you have to put the CLIENTID
Once you run it, a web browser will pop up and you'll need to copy the code on the right side of the URL that pops up. This is your authorization_code that you'll have to enter in the prompt. Once you enter in the authorization code, it will give you a refresh token:
$client_id = "CLIENTIDHERE"$client_secret = "CLIENTSECRETHERE"# Set up the OAuth2 authorization URL#$scope = "offline"#$auth_url = "{0}?response_type=code&client_id={1}&scope={2}" -f $auth_url, $client_id, $scope$auth_url = "https://www.dropbox.com/oauth2/authorize?client_id=CLIENTIDHERE&response_type=code&redirect_uri=$redirectUri&token_access_type=offline"# Open the authorization URL in the default web browser and prompt the user to sign in and authorize your appStart-Process $auth_urlWrite-Host "Please sign in and authorize your app in the browser window that just opened."# Prompt the user to enter the authorization code provided by Dropbox after they have authorized your app$authorization_code = Read-Host "Enter the authorization code provided by Dropbox"# Set up the access token request parameters$body = @{code = $authorization_codegrant_type = "authorization_code"client_id = $client_idredirect_uri = $redirectUriclient_secret = $client_secret}# Send the access token request and parse the response for the access token and refresh token$response = Invoke-RestMethod -Method Post -Uri $token_url -Body $body$access_token = $response.access_token$refresh_token = $response.refresh_token# Use the access token to make API calls to Dropbox# For example, you can list the contents of the root folder like this:$headers = @{"Authorization" = "Bearer $access_token"}$list_body = @{path = ""recursive = $false}$list_response = Invoke-RestMethod -Method Post -Uri $list_url -Headers $headers -Body ($list_body | ConvertTo-Json)$list_response.entries | Select-Object name, path_display# Output the access token and refresh token to the consoleWrite-Host "Your access token is: $access_token"Write-Host "Your refresh token is: $refresh_token"Then this is the code that creates a function to use the refresh token to upload a file. You just need the file path as a parameter to the function.function DropBox-Upload {[CmdletBinding()]param ([Parameter (Mandatory = $True, ValueFromPipeline = $True)][Alias("f")][string]$SourceFilePath)$refreshToken = "REFRESHTOKENHERE"$appKey = "CLIENTIDHERE"$appSecret = "CLIENTSECRETHERE"refresh_token = $refreshTokengrant_type = "refresh_token"client_id = $appKeyclient_secret = $appSecret} -Verbose$responseAccessToken = $response | select-object -expand "access_token"$responseAccessToken# Set up the URL to upload the file# Set up the request headers with the authorization and content-type$access_token = $responseAccessToken$headers = @{Authorization = "Bearer $access_token""Content-Type" = "application/octet-stream"}$outputFile = Split-Path $SourceFilePath -leaf$TargetFilePath = "/$outputFile"$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'$authorization = "Bearer " + $access_token$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"$headers.Add("Authorization", $authorization)$headers.Add("Dropbox-API-Arg", $arg)$headers.Add("Content-Type", 'application/octet-stream')$response = Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers}
About Discuss Dropbox Developer & API
Make connections with other developers
