Re: "App Authentication" for App (without tokens). Yet another migration from long lived tokens question

Hi maxcastrovidal,

Don't have any doubts - refresh token doesn't expire by itself.

---

maxcastrovidal wrote:

...

After the short-lived access token finishes his useful life (4 hours) i ran again the same Postman Call (with the same parameters) to get a new short-lived access token, but now the response is 

{

    "error": "invalid_grant",

    "error_description": "code doesn't exist or has expired"

}

...

---

👍Yes you are on the right track, you need to refresh (to create anew) your short-lived access token from the refresh token you already have. But... 🤔 Why are you using already expired code used formerly to get to the refresh token???! Once again, you already have this refresh token! Even more, code used to get this token is "single shoot" (i.e. once used, you can't use it any more and don't need actually).

Don't try to "refresh" refresh token itself, if you are trying this! You need to refresh the access token! Access token refreshing doesn't need "code", but a refresh token instead. 😉 Check what granting type you have selected (may be a copy/paste error - grant types for refresh token and access token are different).

Hope this helps.

By the way, using:

---

maxcastrovidal wrote:

...

I got a Refresh Token by calling from my browser the url https://www.dropbox.com/oauth2/authorize?client_id=xxxxxxx&response_type=code 

...

---

... you will never get any refresh token!!! You have to specify explicitly offline access! Something like:

https://www.dropbox.com/oauth2/authorize?token_access_type=offline&response_type=code&client_id=<App key>

 In your situation whatever you are counting as a refresh token, it's not! 🤷