<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Dropbox not sending refresh_token using new OAuth2 flow in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-not-sending-refresh-token-using-new-OAuth2-flow/m-p/433245#M22898</link>
    <description>&lt;P&gt;Hi,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;(Sorry I first posted this as a reply to &lt;A href="https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Tokens-only-valid-for-4-hours-from-app-console/td-p/425269" target="_self"&gt;this "solved" topic&lt;/A&gt;, which was a bad idea because it's mostly unrelated)&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I'm developing a "native" app (called Ginj), and started Dropbox integration a few weeks ago.&lt;/P&gt;
&lt;P&gt;I first used Dropbox's Java API for authorization, using PKCE and "copy/paste" from browser to app, and it seemed to work pretty well but now it seems I'm forced to re-authorize regularly.&lt;/P&gt;
&lt;P&gt;After checking the received tokens, they are now indeed short-lived "sl-..." tokens, so I decided to call the REST OAuth API myself to see if I could implement the updated flow, and also get rid of the copy/paste step.&lt;/P&gt;
&lt;P&gt;I think I'm nearly done, but when exchanging the received code for tokens, the response I'm getting contains an "access_token", but no "refresh_token" and no "expires_in".&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Now the access token seems to be "long lived" again, but I'm&amp;nbsp;reading non-expiring tokens are getting deprecated, so I'd rather switch to the refresh logic while I'm at it...&lt;/P&gt;
&lt;P&gt;How can I get a refresh_token ?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;KR,&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Vicne&lt;/P&gt;</description>
    <pubDate>Mon, 29 Jun 2020 18:17:03 GMT</pubDate>
    <dc:creator>Vicne</dc:creator>
    <dc:date>2020-06-29T18:17:03Z</dc:date>
    <item>
      <title>Dropbox not sending refresh_token using new OAuth2 flow</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-not-sending-refresh-token-using-new-OAuth2-flow/m-p/433245#M22898</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;(Sorry I first posted this as a reply to &lt;A href="https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Tokens-only-valid-for-4-hours-from-app-console/td-p/425269" target="_self"&gt;this "solved" topic&lt;/A&gt;, which was a bad idea because it's mostly unrelated)&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I'm developing a "native" app (called Ginj), and started Dropbox integration a few weeks ago.&lt;/P&gt;
&lt;P&gt;I first used Dropbox's Java API for authorization, using PKCE and "copy/paste" from browser to app, and it seemed to work pretty well but now it seems I'm forced to re-authorize regularly.&lt;/P&gt;
&lt;P&gt;After checking the received tokens, they are now indeed short-lived "sl-..." tokens, so I decided to call the REST OAuth API myself to see if I could implement the updated flow, and also get rid of the copy/paste step.&lt;/P&gt;
&lt;P&gt;I think I'm nearly done, but when exchanging the received code for tokens, the response I'm getting contains an "access_token", but no "refresh_token" and no "expires_in".&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Now the access token seems to be "long lived" again, but I'm&amp;nbsp;reading non-expiring tokens are getting deprecated, so I'd rather switch to the refresh logic while I'm at it...&lt;/P&gt;
&lt;P&gt;How can I get a refresh_token ?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;KR,&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Vicne&lt;/P&gt;</description>
      <pubDate>Mon, 29 Jun 2020 18:17:03 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-not-sending-refresh-token-using-new-OAuth2-flow/m-p/433245#M22898</guid>
      <dc:creator>Vicne</dc:creator>
      <dc:date>2020-06-29T18:17:03Z</dc:date>
    </item>
    <item>
      <title>Re: Dropbox not sending refresh_token using new OAuth2 flow</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-not-sending-refresh-token-using-new-OAuth2-flow/m-p/433373#M22907</link>
      <description>&lt;P&gt;We&amp;nbsp;recommend just using the official SDKs whenever possible, as they'll do most of the work for you, but you can certainly use the HTTPS endpoints directly if you'd like.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;You can find information on this in &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#authorization" target="_self"&gt;the authorization documentation&lt;/A&gt;, as well as &lt;A href="https://www.dropbox.com/lp/developers/reference/oauth-guide" target="_self"&gt;the new OAuth Guide&lt;/A&gt;.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Most apps currently default to long-lived access tokens, but if you want to start using short-lived access tokens, you should set the 'token_access_type' parameter on your /oauth2/authorize URL. You can find information on using that in &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize" target="_self"&gt;the&amp;nbsp;/oauth2/authorize documentation&lt;/A&gt;. Specifically, to get short-lived tokens with a refresh token, you should set it to "offline".&lt;/P&gt;</description>
      <pubDate>Mon, 29 Jun 2020 18:30:20 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-not-sending-refresh-token-using-new-OAuth2-flow/m-p/433373#M22907</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2020-06-29T18:30:20Z</dc:date>
    </item>
    <item>
      <title>Re: Dropbox not sending refresh_token using new OAuth2 flow</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-not-sending-refresh-token-using-new-OAuth2-flow/m-p/434293#M22962</link>
      <description>&lt;P&gt;Yes, that was it.&lt;/P&gt;&lt;P&gt;Adding "&lt;SPAN&gt;token_access_type=offline" to the authorize url at the beginning of the transaction resulted in both a short-lived access token with a lifetime of 1440s (4h) and a refresh_token that I'll be able to use once the access_token is outdated.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thanks for the great support.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Vicne&lt;/P&gt;</description>
      <pubDate>Thu, 02 Jul 2020 20:30:42 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Dropbox-not-sending-refresh-token-using-new-OAuth2-flow/m-p/434293#M22962</guid>
      <dc:creator>Vicne</dc:creator>
      <dc:date>2020-07-02T20:30:42Z</dc:date>
    </item>
  </channel>
</rss>

