<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Unable to get long lived access tokens. in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/590481#M27479</link>
    <description>&lt;P&gt;"&lt;SPAN&gt;Is that the exact code you're running?"&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;No, not exactly. I am using an OAuth2 package in the application development environment (it's like a fancy Visual BASIC) I am using. To get the refresh_token I was using this code (with redactions):&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;constant&lt;/FONT&gt;&lt;/STRONG&gt;&lt;FONT color="#000000"&gt; kAuthURL = &lt;/FONT&gt;&lt;FONT color="#00007F"&gt;"&lt;A href="https://www.dropbox.com/oauth2/authorize" target="_blank" rel="noopener"&gt;https://www.dropbox.com/oauth2/authorize&lt;/A&gt;"&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;constant&lt;/FONT&gt;&lt;/STRONG&gt;&lt;FONT color="#000000"&gt; kTokenURL = &lt;/FONT&gt;&lt;FONT color="#00007F"&gt;"&lt;A href="https://api.dropboxapi.com/oauth2/token" target="_blank" rel="noopener"&gt;https://api.dropboxapi.com/oauth2/token&lt;/A&gt;"&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;constant&lt;/FONT&gt;&lt;/STRONG&gt;&lt;FONT color="#000000"&gt; kClientID = &lt;/FONT&gt;&lt;FONT color="#00007F"&gt;"redacted"&lt;/FONT&gt; &lt;STRONG&gt;&lt;FONT color="#007F00"&gt;-- client here means this application, not this user&lt;/FONT&gt;&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;constant&lt;/FONT&gt;&lt;/STRONG&gt;&lt;FONT color="#000000"&gt; kClientSecret = &lt;/FONT&gt;&lt;FONT color="#00007F"&gt;"redacted"&lt;/FONT&gt; &lt;STRONG&gt;&lt;FONT color="#007F00"&gt;-- secret here is for this application, not this user&lt;/FONT&gt;&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;constant&lt;/FONT&gt;&lt;/STRONG&gt;&lt;FONT color="#000000"&gt; kScopes = &lt;/FONT&gt;&lt;FONT color="#00007F"&gt;""&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;constant&lt;/FONT&gt;&lt;/STRONG&gt;&lt;FONT color="#000000"&gt; kPort = &lt;/FONT&gt;&lt;FONT color="#00007F"&gt;"54303"&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#00007F"&gt;since there is no parameter for token_access_type that is handled with:&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;put&lt;/FONT&gt;&lt;/STRONG&gt; &lt;FONT color="#00007F"&gt;"offline"&lt;/FONT&gt; &lt;FONT color="#7F007F"&gt;into&lt;/FONT&gt;&lt;FONT color="#000000"&gt; tParams[&lt;/FONT&gt;&lt;FONT color="#00007F"&gt;"token_access_type"&lt;/FONT&gt;&lt;FONT color="#000000"&gt;]&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#000000"&gt;then the call to OAuth2 itself...&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#000000"&gt;OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, kPort, tPa&lt;/FONT&gt;&lt;FONT color="#000000"&gt;rams&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#000000"&gt;which successfully returned the array (actually JSON dictionary converted to array) I posted earlier.&amp;nbsp;&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;This is the extent of the API I have, so I was trying to model the next step by writing:&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;put&lt;/FONT&gt;&lt;/STRONG&gt; &lt;FONT color="#00007F"&gt;"refresh_token"&lt;/FONT&gt; &lt;FONT color="#7F007F"&gt;into&lt;/FONT&gt;&lt;FONT color="#000000"&gt; tParams[&lt;/FONT&gt;&lt;FONT color="#00007F"&gt;"grant_type"&lt;/FONT&gt;&lt;FONT color="#000000"&gt;]&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;put&lt;/FONT&gt;&lt;/STRONG&gt;&lt;FONT color="#000000"&gt;&amp;nbsp;RefreshToken&lt;/FONT&gt;&amp;nbsp;&lt;FONT color="#7F007F"&gt;into&lt;/FONT&gt;&lt;FONT color="#000000"&gt; tParams[&lt;/FONT&gt;&lt;FONT color="#00007F"&gt;"refresh_token"&lt;/FONT&gt;&lt;FONT color="#000000"&gt;] -- a var that contains the refresh token returned in the first step&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#000000"&gt;-- I tested that both of these array values were properly formatted&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#000000"&gt;and then calling:&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#000000"&gt;OAuth2 kTokenURL, kClientID, kClientSecret, tParams&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#000000"&gt;But all I get is a 404 Page not found error. I was hoping to get something more useful back (maybe you could&amp;nbsp;think of a way I can do that?) so I could start to debug this, but all I get is the 404.&amp;nbsp;&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#000000"&gt;PS I did notice in the documentation that "authorization" is listed as a GET method and "token" as a POST&amp;nbsp;method, but since I am not conversant in HTML that didn't mean anything to me. However, that might be the root cause of the problem. The application API might be formatting both as GET statements instead of the required POST one. (I should probably lookup GET and POST). Thanks&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
    <pubDate>Wed, 13 Apr 2022 15:47:49 GMT</pubDate>
    <dc:creator>marksmithhfx</dc:creator>
    <dc:date>2022-04-13T15:47:49Z</dc:date>
    <item>
      <title>Unable to get long lived access tokens.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/585450#M27256</link>
      <description>&lt;P&gt;Hello there!&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I'm trying to get an access token that doesn't expire. A long-lived access token. For now, when I generated an access token from the App Console, the session will expire after x hours and won't give me a refresh token either.&lt;BR /&gt;&lt;BR /&gt;I've checked the authentication documentation:&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://developers.dropbox.com/oauth-guide#implementing-oauth" target="_blank" rel="noopener"&gt;https://developers.dropbox.com/oauth-guide#implementing-oauth&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;But I can't find the Access Token Expiration like the documentation shows:&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="dropbox generate.png" style="width: 400px;"&gt;&lt;img src="https://www.dropboxforum.com/t5/image/serverpage/image-id/28294i87D6167AF4882A88/image-size/medium?v=v2&amp;amp;px=400" role="button" title="dropbox generate.png" alt="dropbox generate.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;DIV class=""&gt;&amp;nbsp;&lt;/DIV&gt;
&lt;P&gt;Mine is displayed like this:&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2022-03-22 at 11.08.10 AM.png" style="width: 400px;"&gt;&lt;img src="https://www.dropboxforum.com/t5/image/serverpage/image-id/28295i40399CC8A2D00F54/image-size/medium?v=v2&amp;amp;px=400" role="button" title="Screen Shot 2022-03-22 at 11.08.10 AM.png" alt="Screen Shot 2022-03-22 at 11.08.10 AM.png" /&gt;&lt;/span&gt;&lt;/P&gt;
&lt;P&gt;&lt;BR /&gt;As you can see, the option for the Expiration is missing.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;BR /&gt;So I kept looking and came across a similar question on the forums and I followed every step:&amp;nbsp;&lt;BR /&gt;&lt;BR /&gt;&lt;A href="https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Tokens-only-valid-for-4-hours-from-app-console/m-p/425358/highlight/true#M22718" target="_blank" rel="noopener"&gt;https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Tokens-only-valid-for-4-hours-from-app-console/m-p/425358/highlight/true#M22718&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Still can't get a long-lived access token.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Here's a test code:&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;LI-CODE lang="python"&gt;access_token = "sl-ABC" # I want a long lived one.
app_key = "xyz"
dbxTeam: dropbox = dropbox.DropboxTeam(oauth2_access_token=access_token, app_key=app_key)
print('Dbx Team is: ', dbxTeam.as_user('dbmid:MY_USER_ID').users_get_current_account())&lt;/LI-CODE&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;output:&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;LI-CODE lang="python"&gt;{
'_oauth2_access_token':'sl....',
'_oauth2_refresh_token': None,
'_oauth2_access_token_expiration': None,
'_app_key': 'xyz',
'_app_secret': None,
'_scope': None,
'_max_retries_on_error': 4,
'_max_retries_on_rate_limit': None,

'_session': &amp;lt;requests.sessions.Session object at 0x1083b1730&amp;gt;,
'_headers': None,
'_raw_user_agent': None,
'_user_agent': 'OfficialDropboxPythonSDKv2/11.28.0',
'_logger': &amp;lt;Logger dropbox (WARNING)&amp;gt;,
'_host_map': {'api': 'api.dropboxapi.com',
'content': 'content.dropboxapi.com',
'notify': 'notify.dropboxapi.com'},
'_timeout': 100}&lt;/LI-CODE&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;BR /&gt;Any ideas on how to get a token that won't expire?&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 23 Mar 2022 09:34:16 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/585450#M27256</guid>
      <dc:creator>OperationsDreaming</dc:creator>
      <dc:date>2022-03-23T09:34:16Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to get long lived access tokens.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/585470#M27257</link>
      <description>&lt;P&gt;Hi &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1528197"&gt;@OperationsDreaming&lt;/a&gt;,&lt;/P&gt;&lt;P&gt;Take a look on &lt;A href="https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/Need-Permanant-Access-token-for-drop-box/td-p/583956" target="_blank"&gt;https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/Need-Permanant-Access-token-for-drop-box/td-p/583956&lt;/A&gt; &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@41457EF40051AFF130FDBFE21B496926/emoticons/1f609.png" alt=":winking_face:" title=":winking_face:" /&gt;&lt;/P&gt;&lt;P&gt;In short - there is no more long lived access token and you should add refresh token in your code.&lt;/P&gt;&lt;P&gt;Hope this helps.&lt;/P&gt;</description>
      <pubDate>Tue, 22 Mar 2022 19:23:14 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/585470#M27257</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-03-22T19:23:14Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to get long lived access tokens.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/585477#M27259</link>
      <description>&lt;P&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1528197"&gt;@OperationsDreaming&lt;/a&gt;&amp;nbsp;Здравко is correct. You'll need to implement support for refresh tokens. You can find example code for for the Python SDK here:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://github.com/dropbox/dropbox-sdk-python/blob/main/example/oauth/commandline-oauth-scopes.py" target="_blank"&gt;https://github.com/dropbox/dropbox-sdk-python/blob/main/example/oauth/commandline-oauth-scopes.py&lt;/A&gt; &lt;BR /&gt;&lt;A href="https://github.com/dropbox/dropbox-sdk-python/blob/main/example/oauth/commandline-oauth-pkce.py" target="_blank"&gt;https://github.com/dropbox/dropbox-sdk-python/blob/main/example/oauth/commandline-oauth-pkce.py&lt;/A&gt; &lt;/LI&gt;
&lt;/UL&gt;</description>
      <pubDate>Tue, 22 Mar 2022 19:53:32 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/585477#M27259</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-03-22T19:53:32Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to get long lived access tokens.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/585544#M27261</link>
      <description>&lt;P&gt;Thank you @&lt;A href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/422790" target="_self"&gt;&lt;SPAN class=""&gt;Здравко&lt;/SPAN&gt;&lt;/A&gt;&amp;nbsp;and @&lt;SPAN class=""&gt;&lt;A href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/10" target="_self"&gt;&lt;SPAN class=""&gt;Greg-DB&lt;/SPAN&gt;&lt;/A&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;This works!&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 23 Mar 2022 00:45:55 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/585544#M27261</guid>
      <dc:creator>OperationsDreaming</dc:creator>
      <dc:date>2022-03-23T00:45:55Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to get long lived access tokens.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/586002#M27281</link>
      <description>&lt;P&gt;I have been using the long lived access token you can request when you setup your app, and have that embedded in my app. I use it to send a "synchronizing" file to DB whenever I make changes. I don't need to re-authenticate. My question is, if I know allow users to do the same thing, they will need to authenticate and I will get a short lived AT and a refresh AT. How much additional latency will they experience converting the AT from refresh to short lived? Currently the total latency to connect to DB and upload a file from my app is &amp;lt; 1/2 second, or barely noticeable. Will all of the "re-allocation" steps add significantly to this.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thank you.&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 24 Mar 2022 13:49:17 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/586002#M27281</guid>
      <dc:creator>marksmithhfx</dc:creator>
      <dc:date>2022-03-24T13:49:17Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to get long lived access tokens.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/586331#M27286</link>
      <description>&lt;P&gt;Hi &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1529083"&gt;@marksmithhfx&lt;/a&gt;,&lt;/P&gt;&lt;P&gt;Your question is very generic, so it's difficult to receive exact answer. Additional time consumption is on refresh only. Since data size transferred is relatively negligible, establishing secure connection gets primary weight. In other words additional time depends on your connection latency more than the connection speed.&lt;/P&gt;&lt;P&gt;Other point you should consider, on evaluation, is usage time profile - i.e. how often, relatively, refresh will take on. Let's recall additional time will be added on refresh only, so if your usage profile predispose many calls in a 4 hours time frame, weight of the refresh will be negligible. If your calls bring up on intervals bigger than 4 hours then the relative weight might be bigger (on every calls burst - one refresh). Once the refresh take place, no difference can be expected for rest of calls - they are the same (no additional delay per call).&lt;/P&gt;&lt;P&gt;The best way to figure out exact answer in your particular conditions is... the check. &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@41457EF40051AFF130FDBFE21B496926/emoticons/1f609.png" alt=":winking_face:" title=":winking_face:" /&gt; Most probably it will be negligible.&lt;/P&gt;&lt;P&gt;Good luck.&lt;/P&gt;</description>
      <pubDate>Fri, 25 Mar 2022 15:14:12 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/586331#M27286</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-03-25T15:14:12Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to get long lived access tokens.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/586339#M27287</link>
      <description>&lt;P&gt;Thanks. Great answer, and very reassuring. I will give it a go.&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 25 Mar 2022 15:52:03 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/586339#M27287</guid>
      <dc:creator>marksmithhfx</dc:creator>
      <dc:date>2022-03-25T15:52:03Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to get long lived access tokens.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/590442#M27476</link>
      <description>&lt;P&gt;Well, as indicated in my previous response I have been "giving this a go" but with only partial success.&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;When I send my app key, app secret, scopes, port and “offline” to &lt;/SPAN&gt;&lt;A href="https://www.dropbox.com/oauth2/authorize" target="_blank"&gt;https://www.dropbox.com/oauth2/authorize&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;I get back the following:&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;Array&lt;/P&gt;&lt;P&gt;..&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &lt;/SPAN&gt;[account_id] =&amp;gt; dbid:AAB27TU-12HrF0rn….&lt;/P&gt;&lt;P&gt;..&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &lt;/SPAN&gt;[refresh_token] =&amp;gt; 29hxFtf-fnoAAAAAAAAAAQe….&lt;/P&gt;&lt;P&gt;..&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &lt;/SPAN&gt;[expires_in] =&amp;gt; 14400&lt;/P&gt;&lt;P&gt;..&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &lt;/SPAN&gt;[uid] =&amp;gt; 16196036&lt;/P&gt;&lt;P&gt;..&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &lt;/SPAN&gt;[scope] =&amp;gt; account_info.read files.content.read files.content.write files.metadata….&lt;/P&gt;&lt;P&gt;..&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &lt;/SPAN&gt;[access_token] =&amp;gt; sl.BFo00immyYa18QPnbABlmng….&lt;/P&gt;&lt;P&gt;..&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &lt;/SPAN&gt;[token_type] =&amp;gt; bearer&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;Which is all well and good because what I want is a refresh token that I can use to request a sl. access token when the current one expires. This should also demonstrate that I know how to send an app key, secret, port and token_access_type to the URL provided. &lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;However, when I send my grant type, refresh_token, app key and secret to &lt;A href="https://api.dropbox.com/oauth2/token" target="_blank"&gt;https://api.dropbox.com/oauth2/token&lt;/A&gt; like it suggests in the guidance below (from the Developers guidelines) I always get an Error 404 page not found. I’ve also tried sending to &lt;A href="https://api.dropboxapi.com/oauth2/token" target="_blank"&gt;https://api.dropboxapi.com/oauth2/token&lt;/A&gt; but get the same result. What am I doing wrong?&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;curl&amp;nbsp;&lt;A href="https://api.dropbox.com/oauth2/token" target="_blank"&gt;https://api.dropbox.com/oauth2/token&lt;/A&gt;&amp;nbsp;\&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; -d grant_type=refresh_token \&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; -d refresh_token=&amp;lt;REFRESH_TOKEN&amp;gt; \&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; -u &amp;lt;APP_KEY&amp;gt;:&amp;lt;APP_SECRET&amp;gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;BTW, both end points (api.dropbox.com and api.dropboxapi.com) are given in the docs. I tried them both. Both were 404. &lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;Thanks&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 13 Apr 2022 13:53:27 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/590442#M27476</guid>
      <dc:creator>marksmithhfx</dc:creator>
      <dc:date>2022-04-13T13:53:27Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to get long lived access tokens.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/590457#M27478</link>
      <description>&lt;P&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1529083"&gt;@marksmithhfx&lt;/a&gt; Is that the exact code you're running? It looks correct, and it does work for me when I plug in my values. There may be something about how your client is formatting the request causing it to fail. Perhaps you can share the actual request/response you're getting (just redacting the sensitive values) so I can take a look.&lt;/P&gt;</description>
      <pubDate>Wed, 13 Apr 2022 14:42:32 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/590457#M27478</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-04-13T14:42:32Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to get long lived access tokens.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/590481#M27479</link>
      <description>&lt;P&gt;"&lt;SPAN&gt;Is that the exact code you're running?"&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;No, not exactly. I am using an OAuth2 package in the application development environment (it's like a fancy Visual BASIC) I am using. To get the refresh_token I was using this code (with redactions):&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;constant&lt;/FONT&gt;&lt;/STRONG&gt;&lt;FONT color="#000000"&gt; kAuthURL = &lt;/FONT&gt;&lt;FONT color="#00007F"&gt;"&lt;A href="https://www.dropbox.com/oauth2/authorize" target="_blank" rel="noopener"&gt;https://www.dropbox.com/oauth2/authorize&lt;/A&gt;"&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;constant&lt;/FONT&gt;&lt;/STRONG&gt;&lt;FONT color="#000000"&gt; kTokenURL = &lt;/FONT&gt;&lt;FONT color="#00007F"&gt;"&lt;A href="https://api.dropboxapi.com/oauth2/token" target="_blank" rel="noopener"&gt;https://api.dropboxapi.com/oauth2/token&lt;/A&gt;"&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;constant&lt;/FONT&gt;&lt;/STRONG&gt;&lt;FONT color="#000000"&gt; kClientID = &lt;/FONT&gt;&lt;FONT color="#00007F"&gt;"redacted"&lt;/FONT&gt; &lt;STRONG&gt;&lt;FONT color="#007F00"&gt;-- client here means this application, not this user&lt;/FONT&gt;&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;constant&lt;/FONT&gt;&lt;/STRONG&gt;&lt;FONT color="#000000"&gt; kClientSecret = &lt;/FONT&gt;&lt;FONT color="#00007F"&gt;"redacted"&lt;/FONT&gt; &lt;STRONG&gt;&lt;FONT color="#007F00"&gt;-- secret here is for this application, not this user&lt;/FONT&gt;&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;constant&lt;/FONT&gt;&lt;/STRONG&gt;&lt;FONT color="#000000"&gt; kScopes = &lt;/FONT&gt;&lt;FONT color="#00007F"&gt;""&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;constant&lt;/FONT&gt;&lt;/STRONG&gt;&lt;FONT color="#000000"&gt; kPort = &lt;/FONT&gt;&lt;FONT color="#00007F"&gt;"54303"&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#00007F"&gt;since there is no parameter for token_access_type that is handled with:&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;put&lt;/FONT&gt;&lt;/STRONG&gt; &lt;FONT color="#00007F"&gt;"offline"&lt;/FONT&gt; &lt;FONT color="#7F007F"&gt;into&lt;/FONT&gt;&lt;FONT color="#000000"&gt; tParams[&lt;/FONT&gt;&lt;FONT color="#00007F"&gt;"token_access_type"&lt;/FONT&gt;&lt;FONT color="#000000"&gt;]&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#000000"&gt;then the call to OAuth2 itself...&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#000000"&gt;OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, kPort, tPa&lt;/FONT&gt;&lt;FONT color="#000000"&gt;rams&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#000000"&gt;which successfully returned the array (actually JSON dictionary converted to array) I posted earlier.&amp;nbsp;&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;This is the extent of the API I have, so I was trying to model the next step by writing:&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;put&lt;/FONT&gt;&lt;/STRONG&gt; &lt;FONT color="#00007F"&gt;"refresh_token"&lt;/FONT&gt; &lt;FONT color="#7F007F"&gt;into&lt;/FONT&gt;&lt;FONT color="#000000"&gt; tParams[&lt;/FONT&gt;&lt;FONT color="#00007F"&gt;"grant_type"&lt;/FONT&gt;&lt;FONT color="#000000"&gt;]&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;put&lt;/FONT&gt;&lt;/STRONG&gt;&lt;FONT color="#000000"&gt;&amp;nbsp;RefreshToken&lt;/FONT&gt;&amp;nbsp;&lt;FONT color="#7F007F"&gt;into&lt;/FONT&gt;&lt;FONT color="#000000"&gt; tParams[&lt;/FONT&gt;&lt;FONT color="#00007F"&gt;"refresh_token"&lt;/FONT&gt;&lt;FONT color="#000000"&gt;] -- a var that contains the refresh token returned in the first step&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#000000"&gt;-- I tested that both of these array values were properly formatted&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#000000"&gt;and then calling:&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#000000"&gt;OAuth2 kTokenURL, kClientID, kClientSecret, tParams&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#000000"&gt;But all I get is a 404 Page not found error. I was hoping to get something more useful back (maybe you could&amp;nbsp;think of a way I can do that?) so I could start to debug this, but all I get is the 404.&amp;nbsp;&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#000000"&gt;PS I did notice in the documentation that "authorization" is listed as a GET method and "token" as a POST&amp;nbsp;method, but since I am not conversant in HTML that didn't mean anything to me. However, that might be the root cause of the problem. The application API might be formatting both as GET statements instead of the required POST one. (I should probably lookup GET and POST). Thanks&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 13 Apr 2022 15:47:49 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/590481#M27479</guid>
      <dc:creator>marksmithhfx</dc:creator>
      <dc:date>2022-04-13T15:47:49Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to get long lived access tokens.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/590500#M27480</link>
      <description>&lt;P&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1529083"&gt;@marksmithhfx&lt;/a&gt; Thanks for following up with the additional information. The "GET" and "POST" are referring to the HTTP "method" for the HTTP request. Every HTTP request uses one of a number of methods, for various different use cases, with GET and POST being two of the most commonly used ones.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-token" target="_self"&gt;The Dropbox /oauth2/token endpoint&lt;/A&gt; in particular does require the use of the POST method. Using GET could cause the issue you're seeing.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Unfortunately I can't offer support for the "OAuth2" package you're using itself, as that's not made by Dropbox. You may need to refer to its documentation for information on configuring and debugging it. For instance, there may be a way to enable more verbose debugging output. Likewise, check how you might configure the appropriate HTTP method to use to make sure it uses POST for the request to /oauth2/token.&lt;/P&gt;</description>
      <pubDate>Wed, 13 Apr 2022 17:07:23 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/590500#M27480</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-04-13T17:07:23Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to get long lived access tokens.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/590731#M27484</link>
      <description>&lt;P&gt;Thanks Greg, you have confirmed what I was suspecting. In order to covert the refresh token to a new sl.access token a new kind of method needs to be used (POST) which does not appear to be supported in the current version of the OAuth2 package I am using. I will prepare something to pass along to LiveCode so they can update their OAuth2 (if they want). Using sl.access tokens that require frequent re-authorization is not ideal, but given no other alternative, I'll hobble along for awhile and see what develops down the road.&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Cheers and thanks.&amp;nbsp;&lt;/P&gt;&lt;P&gt;Mark&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 14 Apr 2022 14:47:41 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/590731#M27484</guid>
      <dc:creator>marksmithhfx</dc:creator>
      <dc:date>2022-04-14T14:47:41Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to get long lived access tokens.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/592454#M27546</link>
      <description>&lt;P&gt;Thanks Greg,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;You know, I was thinking, what a shame Dropbox did not implement the refresh exchange process using the GET method. I am sure, since I have the ability to add additional parameters, that I could define a grant_type = "refresh_token" and a refresh_token parameter that contains the refresh token, and send that with the existing ClientKey and ClientSecret and get the result back on the same URI and all would be great.&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Do you know why Dropbox chose POST over GET in this case?&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;PS you mentioned to check their documentation, but all it includes is the following:&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;STRONG&gt;Summary&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;Present an authorization dialog for any web service that supports OAuth2 Authorization Code Flow&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;I&gt;pAuthURL -&amp;nbsp;&lt;/I&gt;&lt;/SPAN&gt;&lt;SPAN&gt;The URL to present for the authorization page. This can be obtained from the API documentation of the service being authorized.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;I&gt;pTokenURL -&amp;nbsp;&lt;/I&gt;&lt;/SPAN&gt;&lt;SPAN&gt;The URL to obtain the authorization token from once an authorization code is sent to the redirect uri. This can be obtained from the API documentation of the service being authorized.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;I&gt;pClientID -&amp;nbsp;&lt;/I&gt;&lt;/SPAN&gt;&lt;SPAN&gt;The application client ID obtained when setting up your application with the web service.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;I&gt;pClientSecret -&amp;nbsp;&lt;/I&gt;&lt;/SPAN&gt;&lt;SPAN&gt;The application client secret obtained when setting up your application with the web service.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;I&gt;pScopes -&amp;nbsp;&lt;/I&gt;&lt;/SPAN&gt;&lt;SPAN&gt;A comma delimited list of authorization scopes. Valid scopes will be found in the API documentation of the service being authorized. If empty the scope parameter will be omitted.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;I&gt;pPort -&amp;nbsp;&lt;/I&gt;&lt;/SPAN&gt;&lt;SPAN&gt;The port to use for the redirect uri. It is recommended to use the range 49152-65535.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;I&gt;pParams -&amp;nbsp;&lt;/I&gt;&lt;/SPAN&gt;&lt;SPAN&gt;An array of additional key -&amp;gt; value pairs of extra parameters to be sent to the authorization url. Some services implement additional options that require extra parameters.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;STRONG&gt;Examples&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;STRONG&gt;constant&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;SPAN&gt; kAuthURL = &lt;/SPAN&gt;&lt;SPAN&gt;"&lt;A href="https://slack.com/oauth/authorize" target="_blank" rel="noopener"&gt;https://slack.com/oauth/authorize&lt;/A&gt;"&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;STRONG&gt;constant&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;SPAN&gt; kTokenURL = &lt;/SPAN&gt;&lt;SPAN&gt;"&lt;A href="https://slack.com/api/oauth.access" target="_blank" rel="noopener"&gt;https://slack.com/api/oauth.access&lt;/A&gt;"&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;STRONG&gt;constant&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;SPAN&gt; kClientID = &lt;/SPAN&gt;&lt;SPAN&gt;"XXXXXXXXX.XXXXXXXX"&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;STRONG&gt;constant&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;SPAN&gt; kClientSecret = &lt;/SPAN&gt;&lt;SPAN&gt;"XXXXXXXXXXXXXXXXXXXXX"&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;STRONG&gt;constant&lt;/STRONG&gt;&lt;/SPAN&gt;&lt;SPAN&gt; kScopes = &lt;/SPAN&gt;&lt;SPAN&gt;"incoming-webhook"&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, &lt;/SPAN&gt;&lt;SPAN&gt;54303&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;--- end&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;By&amp;nbsp;tagging on an extra&amp;nbsp;&lt;/SPAN&gt;parameter (token_access_type = "offline") I was able to obtain a refresh token, but can't do anything with it. Unfortunately no mention of GET or POST.&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Mark&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 21 Apr 2022 14:18:31 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/592454#M27546</guid>
      <dc:creator>marksmithhfx</dc:creator>
      <dc:date>2022-04-21T14:18:31Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to get long lived access tokens.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/592499#M27551</link>
      <description>&lt;P&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1529083"&gt;@marksmithhfx&lt;/a&gt; It looks like the use of POST for these requests is &lt;A href="https://datatracker.ietf.org/doc/html/rfc6749#section-3.2" target="_self"&gt;required in the OAuth 2 specification&lt;/A&gt;:&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;BLOCKQUOTE&gt;
&lt;P&gt;The client MUST use the HTTP "POST" method when making access token requests.&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;
&lt;P&gt;I'll send this along as a feature request to support GET as well, but I can't promise if or when that might be implemented (especially as it would be contrary to the specification).&lt;/P&gt;</description>
      <pubDate>Thu, 21 Apr 2022 17:50:05 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/592499#M27551</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-04-21T17:50:05Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to get long lived access tokens.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/592523#M27556</link>
      <description>&lt;P&gt;Thanks Greg, but I would nix that. After looking at your post and the documentation again I realized that the LiveCode commands:&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;STRONG&gt;&lt;FONT color="#7F7F00"&gt;put&lt;/FONT&gt;&lt;/STRONG&gt; &lt;FONT color="#00007F"&gt;"offline"&lt;/FONT&gt; &lt;FONT color="#7F007F"&gt;into&lt;/FONT&gt;&lt;FONT color="#000000"&gt; tParams[&lt;/FONT&gt;&lt;FONT color="#00007F"&gt;"token_access_type"]&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&lt;FONT color="#000000"&gt;OAuth2 kAuthURL, kTokenURL, kClientID, kClientSecret, kScopes, kPort, tParams&lt;/FONT&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;must be doing both a GET and a POST (the GET for authorization, and the POST for the access token) because, per the documentation:&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;/oauth2/token&lt;/P&gt;&lt;P&gt;METHOD &amp;nbsp;POST&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;This endpoint returns a JSON-encoded dictionary including fields below:&lt;/SPAN&gt;&lt;/P&gt;&lt;DIV class=""&gt;access_token &lt;I&gt;String&lt;/I&gt; The access token to be used to call the Dropbox API.&lt;/DIV&gt;&lt;DIV class=""&gt;expires_in &lt;I&gt;String&lt;/I&gt; The length of time in seconds that the access token will be valid for.&lt;/DIV&gt;&lt;DIV class=""&gt;token_type &lt;I&gt;String&lt;/I&gt; Will always be bearer.&lt;/DIV&gt;&lt;DIV class=""&gt;scope &lt;I&gt;String&lt;/I&gt; The permission set applied to the token.&lt;/DIV&gt;&lt;DIV class=""&gt;account_id &lt;I&gt;String&lt;/I&gt; An API v2 account ID if this OAuth2 flow is user-linked.&lt;/DIV&gt;&lt;DIV class=""&gt;team_id &lt;I&gt;String&lt;/I&gt; An API v2 team ID if this OAuth 2 flow is team-linked.&lt;/DIV&gt;&lt;DIV class=""&gt;refresh_token &lt;I&gt;String&lt;/I&gt; If the token_access_type was set to offline when calling /oauth2/authorize, then response will include a refresh token. This refresh token is long-lived and won't expire automatically. It can be stored and re-used multiple times.&lt;/DIV&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Which is exactly what I am getting from the OAuth2 command above. So it is my misunderstanding when I said it was not using POST. It's using both. Only problem is, it was written before the age of refresh_tokens so it doesn't know what to do with them.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I'll just leave it to the experts to sort out and hope it doesn't take too long.&lt;/P&gt;&lt;P&gt;Thanks again,&lt;/P&gt;&lt;P&gt;Mark&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 21 Apr 2022 20:03:21 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/592523#M27556</guid>
      <dc:creator>marksmithhfx</dc:creator>
      <dc:date>2022-04-21T20:03:21Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to get long lived access tokens.</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/598503#M27810</link>
      <description>&lt;P&gt;Hi Greg, the response came, and quicker than I was expecting. Also very DIFFERENT than I expected. We had previously been discussing the recommendation in the DB documentation:&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;curl&amp;nbsp;&lt;A href="https://api.dropbox.com/oauth2/token" target="_blank" rel="noopener noreferrer"&gt;https://api.dropbox.com/oauth2/token&lt;/A&gt;&amp;nbsp;\&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; -d grant_type=refresh_token \&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; -d refresh_token=&amp;lt;REFRESH_TOKEN&amp;gt; \&lt;BR /&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; -u &amp;lt;APP_KEY&amp;gt;:&amp;lt;APP_SECRET&amp;gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;But the result I got back from Livecode, which works perfectly, looks like this:&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;SPAN class=""&gt;&amp;nbsp; &lt;/SPAN&gt;&lt;/SPAN&gt;&lt;STRONG&gt;-- given a refresh token in var tRefreshToken...&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;SPAN class=""&gt;&amp;nbsp; &amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;&lt;/SPAN&gt;&lt;SPAN&gt;&lt;STRONG&gt;set&lt;/STRONG&gt;&lt;/SPAN&gt; &lt;SPAN&gt;the&lt;/SPAN&gt; &lt;SPAN&gt;httpHeaders&lt;/SPAN&gt; &lt;SPAN&gt;to&lt;/SPAN&gt; "Content-type: application/x-www-form-urlencoded"&lt;SPAN&gt; &amp;amp; \&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN class=""&gt;&amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;&lt;SPAN&gt;&lt;STRONG&gt;return&lt;/STRONG&gt;&lt;/SPAN&gt; &amp;amp; &lt;SPAN&gt;"Authorization: Basic "&lt;/SPAN&gt; &amp;amp; &lt;SPAN&gt;base64encode&lt;/SPAN&gt;(kClientID &amp;amp; &lt;SPAN&gt;":"&lt;/SPAN&gt; &amp;amp; kClientSecret)&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;SPAN class=""&gt;&amp;nbsp; &amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;&lt;/SPAN&gt;&lt;SPAN&gt;&lt;STRONG&gt;put&lt;/STRONG&gt;&lt;/SPAN&gt; "grant_type=refresh_token"&lt;SPAN&gt; &amp;amp; &lt;/SPAN&gt;"&amp;amp;"&lt;SPAN&gt; &amp;amp; &lt;/SPAN&gt;"refresh_token="&lt;SPAN&gt; &amp;amp; tRefreshToken &lt;/SPAN&gt;&lt;SPAN&gt;into&lt;/SPAN&gt;&lt;SPAN&gt; tPost&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN&gt;&lt;SPAN class=""&gt;&amp;nbsp; &amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;&lt;/SPAN&gt;&lt;SPAN&gt;&lt;STRONG&gt;put&lt;/STRONG&gt;&lt;/SPAN&gt; "&lt;A href="https://api.dropbox.com/oauth2/token" target="_blank" rel="noopener"&gt;https://api.dropbox.com/oauth2/token&lt;/A&gt;" &lt;SPAN&gt;into&lt;/SPAN&gt;&lt;SPAN&gt; tUrl&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN class=""&gt;&amp;nbsp; &amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;&lt;SPAN&gt;&lt;STRONG&gt;post&lt;/STRONG&gt;&lt;/SPAN&gt; tPost &lt;SPAN&gt;to&lt;/SPAN&gt; &lt;SPAN&gt;url&lt;/SPAN&gt; tUrl&lt;/P&gt;&lt;P&gt;&lt;SPAN class=""&gt;&amp;nbsp; &amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;&lt;SPAN&gt;&lt;STRONG&gt;put&lt;/STRONG&gt;&lt;/SPAN&gt; JSONToArray(it) &lt;SPAN&gt;into&lt;/SPAN&gt; tAuth&lt;/P&gt;&lt;P&gt;&lt;SPAN class=""&gt;&amp;nbsp; &amp;nbsp; &amp;nbsp; &lt;/SPAN&gt;&lt;SPAN&gt;&lt;STRONG&gt;put&lt;/STRONG&gt;&lt;/SPAN&gt; tAuth[access_token] &lt;SPAN&gt;into&lt;/SPAN&gt; tAccessToken&lt;SPAN class=""&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN class=""&gt;Naw, I would have never figured that out. But it works. And I am grateful.&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;Thanks for your previous attempts at resolving this.&amp;nbsp;&lt;/P&gt;&lt;P&gt;Mark&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Sat, 21 May 2022 16:07:03 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Unable-to-get-long-lived-access-tokens/m-p/598503#M27810</guid>
      <dc:creator>marksmithhfx</dc:creator>
      <dc:date>2022-05-21T16:07:03Z</dc:date>
    </item>
  </channel>
</rss>

