<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Programatically generate auth token for nodejs server with javascript SDK in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700212#M31242</link>
    <description>&lt;P&gt;Thanks again for the reply!&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I'll probably mark this as the solution then. No reason to work against the design of the API, I guess.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Technically, though, if I may scope creep just a little bit on my original question. What I'm really trying to achieve here is a feed of images originating shared (though owned by my personal account) Dropbox folder that I can incorporate into a frontend app. Without going in to hairy stuff like scraping, is this something that there is support in any other way?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Best,&lt;/P&gt;</description>
    <pubDate>Thu, 20 Jul 2023 18:44:46 GMT</pubDate>
    <dc:creator>Astrofrans</dc:creator>
    <dc:date>2023-07-20T18:44:46Z</dc:date>
    <item>
      <title>Programatically generate auth token for nodejs server with javascript SDK</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700116#M31233</link>
      <description>&lt;P&gt;Hi!&lt;BR /&gt;&lt;BR /&gt;I've tried to read up on the doc/previous threads here, but couldn't quite figure this one out..&lt;BR /&gt;&lt;BR /&gt;So, I'm building a web application in which I want an image gallery served from a specific Dropbox directory folder on my personal Dropbox. The web app communicates with a Nodejs server that I am also building. The two services are linked together today and I have an existing authentication flow for signing in.&lt;BR /&gt;&lt;BR /&gt;Now, I have some POC functionality on my server which can deliver the Dropbox content that I want by using the Javascript SDK. The problem is that this solution requires an access token - which I've generated in my Dropbox app console - that keeps expiring.&lt;BR /&gt;&lt;BR /&gt;My question is: is there a way to generate Dropbox access tokens on my server &lt;EM&gt;without &lt;/EM&gt;having to integrate the whole OAuth flow into my existing login procedure. Ideally, I'd like to keep my login as is, and then have the server generate a the access token, from my &lt;EM&gt;DROPBOX_APP_KEY&lt;/EM&gt; and &lt;EM&gt;DROPBOX_APP_SECRET,&amp;nbsp; &lt;/EM&gt;after successful login&lt;EM&gt;.&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Best,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 20 Jul 2023 15:19:51 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700116#M31233</guid>
      <dc:creator>Astrofrans</dc:creator>
      <dc:date>2023-07-20T15:19:51Z</dc:date>
    </item>
    <item>
      <title>Re: Programatically generate auth token for nodejs server with javascript SDK</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700130#M31234</link>
      <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1728699"&gt;@Astrofrans&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;...&lt;BR /&gt;My question is: is there a way to generate Dropbox access tokens on my server &lt;EM&gt;without &lt;/EM&gt;having to integrate the whole OAuth flow into my existing login procedure. Ideally, I'd like to keep my login as is, and then have the server generate a the access token, ...&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;Hi &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1728699"&gt;@Astrofrans&lt;/a&gt;,&lt;/P&gt;&lt;P&gt;Yes, that's exactly how every supported Dropbox SDK (including the javascript one) works when initialized with refresh token, not just access token only. &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@41457EF40051AFF130FDBFE21B496926/emoticons/1f609.png" alt=":winking_face:" title=":winking_face:" /&gt;&lt;/P&gt;&lt;P&gt;You need to generate refresh token and use it after that. This generation should be performed once. Take a look &lt;A href="https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Issue-in-generating-access-token/m-p/592921/highlight/true#M27586" target="_blank" rel="noopener"&gt;here&lt;/A&gt; how such a thing can be done. You can stop described procedure once you get the refresh token.&lt;/P&gt;&lt;P&gt;Hope this helps.&lt;/P&gt;</description>
      <pubDate>Thu, 20 Jul 2023 15:51:05 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700130#M31234</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2023-07-20T15:51:05Z</dc:date>
    </item>
    <item>
      <title>Re: Programatically generate auth token for nodejs server with javascript SDK</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700131#M31235</link>
      <description>&lt;P&gt;It's not possible to programmatically generate an access token without first using the OAuth app authorization flow, such as just from the app key and secret. The app authorization flow only needs to be done once per account though.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;For reference, Dropbox is no longer offering the option for creating new long-lived access tokens. Dropbox is now issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find &lt;A href="https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens#updating-access-token-type" target="_blank" rel="noopener noreferrer nofollow"&gt;more information on this migration here&lt;/A&gt;.&lt;BR /&gt;&lt;BR /&gt;Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the &lt;A href="https://developers.dropbox.com/oauth-guide" target="_blank" rel="noopener noreferrer"&gt;OAuth Guide&lt;/A&gt; and &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#authorization" target="_blank" rel="noopener noreferrer"&gt;authorization documentation&lt;/A&gt;. There's a basic outline of processing this flow in &lt;A href="https://dropbox.tech/developers/using-oauth-2-0-with-offline-access" target="_blank" rel="noopener noreferrer nofollow"&gt;this blog post&lt;/A&gt; which may serve as a useful example. (The "Generate" button on the app's page on the App Console can only be used to retrieve access tokens, not refresh tokens. You need to use the OAuth app authorization flow to get a refresh token.)&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Here's &lt;A href="https://github.com/dropbox/dropbox-sdk-js/blob/b5631e4b5b0e9eb6d3297e1ee57ad29a63d49898/examples/javascript/PKCE-backend/code_flow_example.js#L24" target="_blank" rel="noopener noreferrer"&gt;an example of requesting offline access&lt;/A&gt; with &lt;A href="https://github.com/dropbox/dropbox-sdk-js" target="_blank" rel="noopener noreferrer"&gt;the official Dropbox JavaScript SDK&lt;/A&gt;, which we recommend using. As long as you set the app key (a.k.a. client ID) and refresh token, like shown &lt;A href="https://github.com/dropbox/dropbox-sdk-js/blob/b5631e4b5b0e9eb6d3297e1ee57ad29a63d49898/examples/javascript/PKCE-backend/code_flow_example.js#L38" target="_blank" rel="noopener noreferrer"&gt;here in the example&lt;/A&gt; the SDK will actually handle refresh process for you automatically. The SDK will automatically catch expired access token errors and call the API to get a new short-lived access token when needed.&lt;/P&gt;</description>
      <pubDate>Thu, 20 Jul 2023 15:52:10 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700131#M31235</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2023-07-20T15:52:10Z</dc:date>
    </item>
    <item>
      <title>Re: Programatically generate auth token for nodejs server with javascript SDK</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700136#M31237</link>
      <description>&lt;P&gt;Thanks for the reply!&lt;BR /&gt;&lt;BR /&gt;I understand. So, in turn, this means that all users of my app will need to connect their Dropbox accounts to my Dropbox app? Which would also imply, then, that they need to have a Dropbox account as well?&lt;BR /&gt;&lt;BR /&gt;My theory was that I could use my Dropbox and then just proxy frontend requests to it through my backend service, but I take it this is not what the API is intended for?&lt;BR /&gt;&lt;BR /&gt;Best,&lt;/P&gt;</description>
      <pubDate>Thu, 20 Jul 2023 16:14:48 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700136#M31237</guid>
      <dc:creator>Astrofrans</dc:creator>
      <dc:date>2023-07-20T16:14:48Z</dc:date>
    </item>
    <item>
      <title>Re: Programatically generate auth token for nodejs server with javascript SDK</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700173#M31238</link>
      <description>&lt;P&gt;Correct, the Dropbox API is meant for use by end-users to each connect their own Dropbox accounts. You could technically connect to your own account only for everyone, but it's not recommended.&lt;/P&gt;</description>
      <pubDate>Thu, 20 Jul 2023 17:27:25 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700173#M31238</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2023-07-20T17:27:25Z</dc:date>
    </item>
    <item>
      <title>Re: Programatically generate auth token for nodejs server with javascript SDK</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700188#M31240</link>
      <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1728699"&gt;@Astrofrans&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;...&lt;BR /&gt;My theory was that I could use my Dropbox and then just proxy frontend requests to it through my backend service, but I take it this is not what the API is intended for?&lt;BR /&gt;...&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;Dropbox API is used to establish connection in whatever context (either users context or your own only). When you're using Dropbox as server-side service you can safely use your own account only as well as user's accounts. On client side (web browser) it's not advisable single account (i.e. your own or any other) sharing - matter of security. In such cases only user's account should be used.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/10"&gt;@Greg-DB&lt;/a&gt;&amp;nbsp; wrote:&lt;BR /&gt;&lt;P&gt;... the Dropbox API is meant for use by end-users to each connect their own Dropbox accounts. You could technically connect to your own account only for everyone, but it's not recommended.&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;Oh... &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@9AD39CA637682E9616FBE31CDAF1B6C4/emoticons/1f914.png" alt=":thinking_face:" title=":thinking_face:" /&gt; Why?! 🧐 Here server side is on focus - nodejs! 🤷&lt;/P&gt;</description>
      <pubDate>Thu, 20 Jul 2023 17:51:23 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700188#M31240</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2023-07-20T17:51:23Z</dc:date>
    </item>
    <item>
      <title>Re: Programatically generate auth token for nodejs server with javascript SDK</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700212#M31242</link>
      <description>&lt;P&gt;Thanks again for the reply!&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I'll probably mark this as the solution then. No reason to work against the design of the API, I guess.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Technically, though, if I may scope creep just a little bit on my original question. What I'm really trying to achieve here is a feed of images originating shared (though owned by my personal account) Dropbox folder that I can incorporate into a frontend app. Without going in to hairy stuff like scraping, is this something that there is support in any other way?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Best,&lt;/P&gt;</description>
      <pubDate>Thu, 20 Jul 2023 18:44:46 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700212#M31242</guid>
      <dc:creator>Astrofrans</dc:creator>
      <dc:date>2023-07-20T18:44:46Z</dc:date>
    </item>
    <item>
      <title>Re: Programatically generate auth token for nodejs server with javascript SDK</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700215#M31243</link>
      <description>&lt;P&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1728699"&gt;@Astrofrans&lt;/a&gt; It's certainly possible to do so; you would just authorize the app for your own account only, and re-use the resulting refresh token for your account. The SDK works the same way regardless of how many accounts actually get connected. And while it's not the intended design pattern, as Здравко indicated, the security concerns are allayed when doing this in server-side apps, where you can keep the refresh token/access tokens secret and not exposed to end-users.&lt;/P&gt;</description>
      <pubDate>Thu, 20 Jul 2023 18:56:58 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700215#M31243</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2023-07-20T18:56:58Z</dc:date>
    </item>
    <item>
      <title>Re: Programatically generate auth token for nodejs server with javascript SDK</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700633#M31253</link>
      <description>&lt;P&gt;Right! Thanks a lot for patience with me here, I think I follow now. I'll probably go down that route then. Thanks again &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@FBF7D2AB59A0D6E861EBF6A36F93B7E2/emoticons/1f642.png" alt=":slightly_smiling_face:" title=":slightly_smiling_face:" /&gt;&lt;/P&gt;</description>
      <pubDate>Sat, 22 Jul 2023 08:59:01 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Programatically-generate-auth-token-for-nodejs-server-with/m-p/700633#M31253</guid>
      <dc:creator>Astrofrans</dc:creator>
      <dc:date>2023-07-22T08:59:01Z</dc:date>
    </item>
  </channel>
</rss>

