<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: &amp;quot;App Authentication&amp;quot; for App (without tokens). Yet another migration from long lived t in Discuss Dropbox Developer &amp; API</title>
    <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582386#M2462</link>
    <description>&lt;P&gt;Thank you very much @serickson&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Does the dropbox-sdk-js have a way to obtain the refresh token programmatically without prompting the user? As per your feedback I guess it does, but I'm just not hitting that nail it seems.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;From the aforementioned &lt;A href="https://github.com/dropbox/dropbox-sdk-js/blob/main/examples/javascript/simple-backend/code_flow_example.js" target="_self"&gt;example&lt;/A&gt;:&lt;/P&gt;&lt;LI-CODE lang="javascript"&gt;const config = {
  fetch,
  clientId: 'jg8wc1hfkvel6ql',
  clientSecret: 'f0i5w4e6mlbbme5',
};

const { Dropbox } = require('dropbox'); // eslint-disable-line import/no-unresolved

const dbx = new Dropbox(config);&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;That way I initialize Dropbox in the server using clientId and clientSecret.&lt;/P&gt;&lt;P&gt;What's next in order to enable this.dbx.filesListFolder ?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I'm a bit tangled up looking and playing with the APIs at &lt;A href="https://github.com/dropbox/dropbox-sdk-js/blob/main/src/auth.js" target="_blank"&gt;https://github.com/dropbox/dropbox-sdk-js/blob/main/src/auth.js&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Also, given the context I've mentioned and my app objectives (basically, to use Dropbox as a kind CDN for my app's images), would you advise a better way to use the Dropbox SDK and App folder to achieve my goals?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thanks a lot.&lt;/P&gt;</description>
    <pubDate>Tue, 08 Mar 2022 20:25:50 GMT</pubDate>
    <dc:creator>lalomores</dc:creator>
    <dc:date>2022-03-08T20:25:50Z</dc:date>
    <item>
      <title>"App Authentication" for App (without tokens). Yet another migration from long lived tokens question</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582192#M2458</link>
      <description>&lt;P&gt;Hi there! I see there have been a lot of questions in the forum on this topic, so I'll just cut to the chase.&lt;/P&gt;
&lt;P&gt;My app is made in Meteor (NodeJS) and React. Clients of my app do not need to handle files, just see them. Files are not client related, only related to my Dropbox App and corresponding Dropbox app folder.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Checking the &lt;A href="https://www.dropbox.com/developers/reference/auth-types" target="_self"&gt;Authentication Types&lt;/A&gt; the most obvious candidate to replace my long lived token, seems to be "App Authentication": "This type only uses the app's own app key and secret, and doesn't identify a specific user or team". That's perfect. I can safely provide app key and secret in the server exclusively, as the client will never need those. The question is how do I achieve that type of auth?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;In the &lt;A href="https://github.com/dropbox/dropbox-sdk-js" target="_self"&gt;js sdk&lt;/A&gt;, I only found &lt;A href="https://github.com/dropbox/dropbox-sdk-js/blob/main/examples/javascript/simple-backend/code_flow_example.js" target="_self"&gt;this example&lt;/A&gt; using app key and secret, yet afterwards it goes through the oauth process in the browser anyways. If I don't do that oauth part, I get an error [*] as a result of calling dbx.filesListFolders({ path: '', recursive: true }):&lt;/P&gt;
&lt;P&gt;Any ideas what may I be missing?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;[*]:&lt;/P&gt;
&lt;DIV&gt;
&lt;DIV&gt;&lt;SPAN&gt;"error"&lt;/SPAN&gt;&lt;SPAN&gt;: {&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; "name"&lt;/SPAN&gt;&lt;SPAN&gt;: &lt;/SPAN&gt;&lt;SPAN&gt;"DropboxResponseError"&lt;/SPAN&gt;&lt;SPAN&gt;,&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; "status"&lt;/SPAN&gt;&lt;SPAN&gt;: &lt;/SPAN&gt;&lt;SPAN&gt;409&lt;/SPAN&gt;&lt;SPAN&gt;,&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; "headers"&lt;/SPAN&gt;&lt;SPAN&gt;: {},&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; "error"&lt;/SPAN&gt;&lt;SPAN&gt;: {&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "error_summary"&lt;/SPAN&gt;&lt;SPAN&gt;: &lt;/SPAN&gt;&lt;SPAN&gt;"path/unsupported_content_type/..."&lt;/SPAN&gt;&lt;SPAN&gt;,&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "error"&lt;/SPAN&gt;&lt;SPAN&gt;: {&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; ".tag"&lt;/SPAN&gt;&lt;SPAN&gt;: &lt;/SPAN&gt;&lt;SPAN&gt;"path"&lt;/SPAN&gt;&lt;SPAN&gt;,&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "path"&lt;/SPAN&gt;&lt;SPAN&gt;: {&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; ".tag"&lt;/SPAN&gt;&lt;SPAN&gt;: &lt;/SPAN&gt;&lt;SPAN&gt;"unsupported_content_type"&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; }&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; }&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; }&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;DIV&gt;&lt;SPAN&gt;}&lt;/SPAN&gt;&lt;/DIV&gt;
&lt;/DIV&gt;</description>
      <pubDate>Tue, 08 Mar 2022 20:45:32 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582192#M2458</guid>
      <dc:creator>lalomores</dc:creator>
      <dc:date>2022-03-08T20:45:32Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582208#M2459</link>
      <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1524329"&gt;@lalomores&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;... Files are not client related, only related to my Dropbox App and corresponding &lt;STRONG&gt;Dropbox app folder&lt;/STRONG&gt;.&lt;/P&gt;&lt;DIV&gt;&lt;DIV&gt;...&lt;/DIV&gt;&lt;/DIV&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;Hi &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1524329"&gt;@lalomores&lt;/a&gt;,&lt;/P&gt;&lt;P&gt;Hmm... &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@9AD39CA637682E9616FBE31CDAF1B6C4/emoticons/1f914.png" alt=":thinking_face:" title=":thinking_face:" /&gt; Ok, is the application folder for anyone particular application (including your) just a single thing or is it something specific to every one account, which the same application gets link to?! 🤫&lt;/P&gt;&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1524329"&gt;@lalomores&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;...&lt;/P&gt;&lt;P&gt;Checking the &lt;A href="https://www.dropbox.com/developers/reference/auth-types" target="_self"&gt;Authentication Types&lt;/A&gt; the most obvious candidate to replace my long lived token, seems to be "App Authentication": "This type only uses the app's own app key and secret, and doesn't identify a specific user or team". That's perfect....&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;In context of findings achieved above (I hope), are you keep thinking "App Authentication" is perfect for your case? 🧐&lt;/P&gt;&lt;P&gt;You have correctly noted that "doesn't identify a specific user or team". That means the Application folder will left out untouchable, because it's an account specific thing, NOT application specific (or not only, at lest)! Application authentication is usable in case of processing resources unassigned to any particular account. The example, you provided above, describes process of assigning application to account. At the beginning only application has to be authenticated because it's still not linked to an account and that's why can't do anything account related. Next user confirmation, the example rely on token from that moment on, not to Application authentication only! That's why access to user related data gets possible.&lt;/P&gt;&lt;P&gt;Application authentication is convenient for use in cases like performing actions on public data like shared links, for example. Like a person receiving a link can see&amp;nbsp; it and so on, your application can do the same without user authentication. Accessing link doesn't need user authentication in context of account. If there is any kind of additional authentication set by the link issuer, it can be applied too in borders of Application authentication, like human will do.&lt;/P&gt;&lt;P&gt;Again, inapplicable when any kind of account access is need, even when seems negligible! &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@41457EF40051AFF130FDBFE21B496926/emoticons/1f609.png" alt=":winking_face:" title=":winking_face:" /&gt;&lt;/P&gt;&lt;P&gt;Hope this clarifies matter.&lt;/P&gt;</description>
      <pubDate>Tue, 08 Mar 2022 00:52:18 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582208#M2459</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-03-08T00:52:18Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582332#M2460</link>
      <description>&lt;P&gt;Hi &lt;SPAN class=""&gt;&lt;A href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/422790" target="_self"&gt;&lt;SPAN class=""&gt;Здравко&lt;/SPAN&gt;&lt;/A&gt;&lt;/SPAN&gt;, thanks for the quick answer!&lt;/P&gt;&lt;P&gt;Your answer makes me think there might be some fundamental missunderstanding/missinterpretation of what an "App folder" is (from my side).&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Now, my intentions are to obtain an equivalent effect to that of the long lived token. In my app, that was:&lt;/P&gt;&lt;P&gt;1. My app silently synchronized whatever the Dropbox App Folder had. By synchronize I mean it kept a Mongo table with data about the files names, paths, extensions and created/obtained shared links to each file in the app folder. It did this regularly (say each 15')&lt;/P&gt;&lt;P&gt;2. End users had no idea Dropbox was involved in anyway&lt;/P&gt;&lt;P&gt;3. End users never had to sign in into dropbox. They in fact don't need dropbox accounts to use this app.&lt;/P&gt;&lt;P&gt;4. Whenever an end user searched for a product that had related files (as per their names), they saw the product images or documents (by using the shared links the synchronization made sure exists)&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;The dropbox App Folder was used to:&lt;/P&gt;&lt;P&gt;- Upload product images&lt;/P&gt;&lt;P&gt;- Upload product documents&lt;/P&gt;&lt;P&gt;This would be done either by the owner of the dropbox account (same that created the app in the app console), or by another Dropbox account which the app folder (or a subfolder) has been shared with.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I hope this better clarifies my context and intentions.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Long lived tokens allowed me to achieve this transparency to the end users.&lt;/P&gt;&lt;P&gt;Is there a way to achieve the same now with the new approach Dropbox is taking?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 08 Mar 2022 16:57:23 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582332#M2460</guid>
      <dc:creator>lalomores</dc:creator>
      <dc:date>2022-03-08T16:57:23Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582346#M2461</link>
      <description>&lt;P&gt;Hi &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1524329"&gt;@lalomores&lt;/a&gt;,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;It sounds like your application needs to have indefinite access to only your account and no other account. For that, you should generate a refresh token and use that to create an access token as needed. For more information getting a refresh token, see the &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-token" target="_self"&gt;/oauth2/token documentation&lt;/A&gt;. Refresh tokens can be used indefinitely without manual interaction like long lived tokens.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Also, with app auth, you may only access content which is publicly available (since there is no user or team auth associated with it). So you would need to make a shared link for your folder in order for an app with app auth to access it, otherwise you will need to use user auth with a refresh token.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Hope this helps!&lt;/P&gt;</description>
      <pubDate>Tue, 08 Mar 2022 18:00:41 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582346#M2461</guid>
      <dc:creator>Scott-DB</dc:creator>
      <dc:date>2022-03-08T18:00:41Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582386#M2462</link>
      <description>&lt;P&gt;Thank you very much @serickson&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Does the dropbox-sdk-js have a way to obtain the refresh token programmatically without prompting the user? As per your feedback I guess it does, but I'm just not hitting that nail it seems.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;From the aforementioned &lt;A href="https://github.com/dropbox/dropbox-sdk-js/blob/main/examples/javascript/simple-backend/code_flow_example.js" target="_self"&gt;example&lt;/A&gt;:&lt;/P&gt;&lt;LI-CODE lang="javascript"&gt;const config = {
  fetch,
  clientId: 'jg8wc1hfkvel6ql',
  clientSecret: 'f0i5w4e6mlbbme5',
};

const { Dropbox } = require('dropbox'); // eslint-disable-line import/no-unresolved

const dbx = new Dropbox(config);&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;That way I initialize Dropbox in the server using clientId and clientSecret.&lt;/P&gt;&lt;P&gt;What's next in order to enable this.dbx.filesListFolder ?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I'm a bit tangled up looking and playing with the APIs at &lt;A href="https://github.com/dropbox/dropbox-sdk-js/blob/main/src/auth.js" target="_blank"&gt;https://github.com/dropbox/dropbox-sdk-js/blob/main/src/auth.js&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Also, given the context I've mentioned and my app objectives (basically, to use Dropbox as a kind CDN for my app's images), would you advise a better way to use the Dropbox SDK and App folder to achieve my goals?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thanks a lot.&lt;/P&gt;</description>
      <pubDate>Tue, 08 Mar 2022 20:25:50 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582386#M2462</guid>
      <dc:creator>lalomores</dc:creator>
      <dc:date>2022-03-08T20:25:50Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582389#M2463</link>
      <description>&lt;P&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1524329"&gt;@lalomores&lt;/a&gt; Just like with long-lived access tokens, the user needs to manually authorize the app once to get the refresh token, which can then be stored and re-used without further manual user interaction. In that example, you can see where&amp;nbsp;the SDK returns the refresh token, which is then set on the client, on this line:&amp;nbsp;&lt;A href="https://github.com/dropbox/dropbox-sdk-js/blob/main/examples/javascript/simple-backend/code_flow_example.js#L38" target="_blank"&gt;https://github.com/dropbox/dropbox-sdk-js/blob/main/examples/javascript/simple-backend/code_flow_example.js#L38&lt;/A&gt; . You can store and programmatically re-use that 'token.result.refresh_token' value similar to how you would store and programmatically re-use a long-lived access token.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;The refresh token is used to programmatically retrieve new short-lived access tokens whenever needed, without the user necessarily present. Those new short-lived access tokens that get retrieved automatically are what are used to then make actual API calls, such as filesListFolder (or usersGetCurrentAccount, as in the example).&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Anyway, while Dropbox and the Dropbox API aren't really designed to be used as a CDN, we do recommend using the official SDK(s) whenever possible for accessing the Dropbox API. And using the app folder access type whenever that works for the use case is also a best practice.&lt;/P&gt;</description>
      <pubDate>Tue, 08 Mar 2022 20:35:27 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582389#M2463</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-03-08T20:35:27Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582741#M2470</link>
      <description>&lt;P&gt;Oh, I see. I finally understand. Thank you Greg and everybody for your patience.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;So, in short, what I want is not possible:&lt;/P&gt;&lt;P&gt;1. It is not enough with the client Id and client Secret to programmatically obtain a refresh token.&lt;/P&gt;&lt;P&gt;2. I can't avoid having to go through at least one oauth flow in the client to retrieve a refresh token.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;If I want to entirely hide the Dropbox oauth flow from my users, I need to do it in a kind-of-hacky way: run it myself either in my app or in an example code as the aforementioned, capturing the generated refresh-token in the server and then using it as a constant for my app's initial setup. Is that right?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I think my confusion came from the fact that it didn't quite feel like I was authorizing anything when I generated a long-lived token in the app panel. The same way it didn't feel like I was authorizing the client id and secret when I created the app in the console. It felt more like configuring/setting up.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;So, to give closure to this matter and if you would be so kind to answer me one more time: Would you say obtaining a refresh token, capturing it and using it as a long-lived token is something that goes against Dropbox's intended/best practices?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Otherwise, if Dropbox is actually expecting refresh tokens to be used as long-lived ones, an idea that comes to mind is maybe replacing the "Generate access token" with a "Generate refresh token" in the app console, as this section feels more like configuration than temporary data. And maybe leaving the "Generate access token" (and maybe calling it: Generate short-lived access token) in the API explorer, so it is clear it can be used for a little while just for testing purpose.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thanks a lot for your insights and help.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Best regards&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 10 Mar 2022 16:46:23 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582741#M2470</guid>
      <dc:creator>lalomores</dc:creator>
      <dc:date>2022-03-10T16:46:23Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582765#M2471</link>
      <description>&lt;P&gt;Yes, that's correct. The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. While it is technically possible to always connect to just one account for all users, we do not officially support this, for various technical and security reasons.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I'll also pass this along as a request for a "Generate refresh token" option, as well as to clarify the token lifetime in the API v2 Explorer, but I can't promise if or when that might be implemented.&lt;/P&gt;</description>
      <pubDate>Thu, 10 Mar 2022 17:48:30 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582765#M2471</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-03-10T17:48:30Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582831#M2472</link>
      <description>&lt;P&gt;Thanks a lot.&lt;/P&gt;</description>
      <pubDate>Thu, 10 Mar 2022 21:53:54 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/582831#M2472</guid>
      <dc:creator>lalomores</dc:creator>
      <dc:date>2022-03-10T21:53:54Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/587045#M2493</link>
      <description>&lt;P&gt;+1 for&amp;nbsp;&lt;SPAN&gt;"Generate refresh token"&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 29 Mar 2022 18:20:38 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/587045#M2493</guid>
      <dc:creator>Black Jack</dc:creator>
      <dc:date>2022-03-29T18:20:38Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596363#M2591</link>
      <description>&lt;P&gt;I have spent hours trying to get the API working.&amp;nbsp; It worked great before the tokens started expiring every 4 hours.&amp;nbsp; I have read everything I can find about this, but I can't piece it together.&amp;nbsp; I have an app that need to access a dedicated Dropbox folder.&amp;nbsp; I don't care who is using the app, and I don't want the users to need to authenticate.&amp;nbsp; It worked well with the long term token I generated in the app console before that option was removed.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;It seems like now I have to figure out how to build a separate app just to authorize and create the token.&amp;nbsp; I would love to be able to generate a token from the app console similar to how we could before.&amp;nbsp; This would save me many, many hours of work.&lt;/P&gt;</description>
      <pubDate>Wed, 11 May 2022 04:19:54 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596363#M2591</guid>
      <dc:creator>dwissing</dc:creator>
      <dc:date>2022-05-11T04:19:54Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596380#M2592</link>
      <description>&lt;P&gt;Hi &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1298935"&gt;@dwissing&lt;/a&gt;,&lt;/P&gt;&lt;P&gt;Take a look on &lt;A href="https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Issue-in-generating-access-token/td-p/592667" target="_blank"&gt;https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Issue-in-generating-access-token/td-p/592667&lt;/A&gt; how you would be able do the same in regular terminal. &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@41457EF40051AFF130FDBFE21B496926/emoticons/1f609.png" alt=":winking_face:" title=":winking_face:" /&gt;&lt;/P&gt;&lt;P&gt;Hope this helps.&lt;/P&gt;</description>
      <pubDate>Wed, 11 May 2022 07:51:04 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596380#M2592</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-05-11T07:51:04Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596431#M2593</link>
      <description>&lt;P&gt;So this shows how to refresh a token &lt;EM&gt;manually in terminal.&amp;nbsp; My app is Vue.js.&amp;nbsp; Current code is:&amp;nbsp;import { Dropbox } from 'dropbox'&amp;nbsp;&lt;/EM&gt;&lt;/P&gt;&lt;LI-CODE lang="javascript"&gt;import { Dropbox } from 'dropbox'
import axios from 'axios'
async function get_thumbnail() {
  const dropbox_token =
    'sl.**CODE**'
  const options = {
    format: 'jpeg',
    mode: 'strict',
    path: found_file_path.value,
    size: 'w64h64'
  }
  var dbx = new Dropbox({
    accessToken: dropbox_token
  })
  try {
    const response = await dbx.filesGetThumbnail(options)
    return response
  } catch (error) {
    console.log(error)
  }
}&lt;/LI-CODE&gt;&lt;P&gt;&lt;EM&gt;&lt;BR /&gt;&amp;nbsp;&lt;/EM&gt;&lt;/P&gt;&lt;P&gt;I can use the info you provided in a terminal to get a new access token, but how do I do it automatically?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="javascript"&gt;&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="javascript"&gt;&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 11 May 2022 13:48:06 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596431#M2593</guid>
      <dc:creator>dwissing</dc:creator>
      <dc:date>2022-05-11T13:48:06Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596439#M2594</link>
      <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1298935"&gt;@dwissing&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;...&lt;/P&gt;&lt;P&gt;I can use the info you provided in a terminal to get a new access token, but how do I do it automatically?&lt;/P&gt;&lt;P&gt;...&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;&lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@FBF7D2AB59A0D6E861EBF6A36F93B7E2/emoticons/1f642.png" alt=":slightly_smiling_face:" title=":slightly_smiling_face:" /&gt; No, no, no... Seems my forwarding was too brief and no very clear.&lt;/P&gt;&lt;P&gt;On the page, I referred to above, entire work flow is described, not only initial authentication! The last part there, as you noticed, is refresh description. Since you are using Dropbox SDK, where refresh process is implemented internally, you don't need to do it by hand. &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@D88F213CAFB196B6AB70612B08AD9D31/emoticons/1f601.png" alt=":beaming_face_with_smiling_eyes:" title=":beaming_face_with_smiling_eyes:" /&gt; In such a way you would do some job of SDK by hand.&lt;/P&gt;&lt;P&gt;The only thing you need to do is initialization of Dropbox client object using refresh token, instead of access token. That's it. In addition it's NOT good idea every time when need to perform particular operation, new object sets up (like you are doing now). This leads to efficiency lost. Better, set one client object at the beginning (with global view or so), keep it, and use it till the end.&lt;/P&gt;&lt;P&gt;Take a look &lt;A href="https://github.com/dropbox/dropbox-sdk-js/blob/main/examples/javascript/simple-backend/code_flow_example.js#L38" target="_blank" rel="noopener"&gt;here&lt;/A&gt; how you can initialize a client object using refresh token. &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@41457EF40051AFF130FDBFE21B496926/emoticons/1f609.png" alt=":winking_face:" title=":winking_face:" /&gt;&lt;/P&gt;&lt;P&gt;Hope it's a bit more clear now.&lt;/P&gt;</description>
      <pubDate>Wed, 11 May 2022 14:10:04 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596439#M2594</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-05-11T14:10:04Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596448#M2595</link>
      <description>&lt;P&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1298935"&gt;@dwissing&lt;/a&gt; Здравко is correct, and offered helpful guidance, so please refer to that. Also, note that refresh tokens don't expire, so you can store and re-use them repeatedly. &lt;/P&gt;</description>
      <pubDate>Wed, 11 May 2022 14:57:31 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596448#M2595</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2022-05-11T14:57:31Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596451#M2596</link>
      <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/10"&gt;@Greg-DB&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;... , so you can store and re-use them repeatedly.&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/10"&gt;@Greg-DB&lt;/a&gt;, better let &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1298935"&gt;@dwissing&lt;/a&gt; focus on the particular setup. No storage or reusage is need in particular case. The refresh token is available as a constant and can be used as a replacement for 'token.result.refresh_token', in particular.&lt;/P&gt;</description>
      <pubDate>Wed, 11 May 2022 15:10:48 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596451#M2596</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-05-11T15:10:48Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596456#M2597</link>
      <description>&lt;P&gt;Thank you.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I tried just replacing the access token with the refresh token in the dbx - new Dropbox() line, but that did not work.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;The example you pointed to uses the key and secret in this command, along with "fetch".&amp;nbsp; I am not familiar with fetch, but I get the following error:&amp;nbsp;&lt;/P&gt;&lt;P&gt;TypeError: Failed to execute 'fetch' on 'Window': Illegal invocation&lt;BR /&gt;at Dropbox2.fetch (&amp;lt;anonymous&amp;gt;:1:876)&lt;BR /&gt;at dropbox.js:108:22&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="javascript"&gt;import { Dropbox } from 'dropbox'
import axios from 'axios'
const config = {
  fetch,
  clientId: 'app_key',
  clientSecret: 'app_secret'
}
var dbx = new Dropbox(config)

async function get_thumbnail() {
  const options = {
    format: 'jpeg',
    mode: 'strict',
    path: found_file_path.value,
    size: 'w64h64'
  }

  try {
    const response = await dbx.filesGetThumbnail(options)
    return response
  } catch (error) {
    console.log(error)
  }
}&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 11 May 2022 15:52:15 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596456#M2597</guid>
      <dc:creator>dwissing</dc:creator>
      <dc:date>2022-05-11T15:52:15Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596466#M2598</link>
      <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/422790"&gt;@Здравко&lt;/a&gt;wrote:&lt;P&gt;...&lt;/P&gt;&lt;P&gt;The only thing you need to do is initialization of Dropbox client object using refresh token, instead of access token.&lt;/P&gt;&lt;P&gt;...&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1298935"&gt;@dwissing&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;...&lt;/P&gt;&lt;P&gt;I tried just replacing the access token with the refresh token in the dbx - new Dropbox() line, but that did not work.&lt;/P&gt;&lt;P&gt;...&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;Of course, what did you expect??? &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@9AD39CA637682E9616FBE31CDAF1B6C4/emoticons/1f914.png" alt=":thinking_face:" title=":thinking_face:" /&gt; Did you expect different way of initialization and replacement to be the same? Does referred example use refresh token just as an access token replacement? (or not exactly) 🤷&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Where you are getting this 'fetch' from? 🧐 (take a look on the example once again) &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@41457EF40051AFF130FDBFE21B496926/emoticons/1f609.png" alt=":winking_face:" title=":winking_face:" /&gt;&lt;/P&gt;&lt;P&gt;Where you are setting your refresh token actually??? 🤦 (focus on the enlightened line in the example, once again)&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Ensharp your attention little bit! &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@FBF7D2AB59A0D6E861EBF6A36F93B7E2/emoticons/1f642.png" alt=":slightly_smiling_face:" title=":slightly_smiling_face:" /&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 11 May 2022 16:12:55 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596466#M2598</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-05-11T16:12:55Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596476#M2599</link>
      <description>&lt;P&gt;The example you linked to above has this setup:&lt;/P&gt;&lt;LI-CODE lang="javascript"&gt;const fetch = require('node-fetch');
const app = require('express')();

const hostname = 'localhost';
const port = 3000;

const config = {
  fetch,
  clientId: 'jg8wc1hfkvel6ql',
  clientSecret: 'f0i5w4e6mlbbme5',
};

const { Dropbox } = require('dropbox'); // eslint-disable-line import/no-unresolved

const dbx = new Dropbox(config);&lt;/LI-CODE&gt;&lt;P&gt;Instead of using an access token in the "new Dropbox()" command, they are using the above config including "fetch".&amp;nbsp; I don't really understand how this works, or where I can put the refresh token in order to use it to create a new Dropbox object.&lt;/P&gt;</description>
      <pubDate>Wed, 11 May 2022 16:35:28 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596476#M2599</guid>
      <dc:creator>dwissing</dc:creator>
      <dc:date>2022-05-11T16:35:28Z</dc:date>
    </item>
    <item>
      <title>Re: "App Authentication" for App (without tokens). Yet another migration from long lived t</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596479#M2600</link>
      <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1298935"&gt;@dwissing&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;...&amp;nbsp; I don't really understand how this works, or where I can put the refresh token in order to use it to create a new Dropbox object.&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;Ok, I'm putting the example with enlightened line &lt;A href="https://github.com/dropbox/dropbox-sdk-js/blob/main/examples/javascript/simple-backend/code_flow_example.js#L38" target="_blank" rel="noopener"&gt;here&lt;/A&gt; again. Can you explain what exactly this line is doing (exactly this, no any other)? What will change if you replace the argument there to your refresh token literal? &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@9AD39CA637682E9616FBE31CDAF1B6C4/emoticons/1f914.png" alt=":thinking_face:" title=":thinking_face:" /&gt;&lt;/P&gt;&lt;P&gt;Don't go fast! Relax little bit (as much as need). When you get ready, take a look on the line. What are you seeing there, what this line does actually? What if you put this line at the beginning? (next client object creation)&lt;/P&gt;</description>
      <pubDate>Wed, 11 May 2022 16:45:56 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/quot-App-Authentication-quot-for-App-without-tokens-Yet-another/m-p/596479#M2600</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2022-05-11T16:45:56Z</dc:date>
    </item>
  </channel>
</rss>

