<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: refresh token is malformed in Discuss Dropbox Developer &amp; API</title>
    <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/refresh-token-is-malformed/m-p/669514#M3275</link>
    <description>&lt;P&gt;Thanks for following up and sharing your code. I'm glad to hear you got this sorted out.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;To confirm, the refresh token is not the value returned by &lt;A href="http://www.dropbox.com/oauth2/authorize" target="_blank"&gt;www.dropbox.com/oauth2/authorize&lt;/A&gt;... itself. Using &lt;A href="http://www.dropbox.com/oauth2/authorize" target="_blank"&gt;www.dropbox.com/oauth2/authorize&lt;/A&gt; with 'response_type=code' gives an 'authorization code' (sometimes also called 'access code').&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;The refreshToken value should be the 'refresh_token' returned by &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-token" target="_blank"&gt;/oauth2/token&lt;/A&gt; when you called &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-token" target="_blank"&gt;/oauth2/token&lt;/A&gt; with 'grant_type=authorization_code'. That's different from the 'access token' as well as the 'authorization code'; the three are not interchangeable.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;For anyone looking for more information, refer to the following resources for information on how to use the app authorization flow:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://developers.dropbox.com/oauth-guide" target="_blank"&gt;https://developers.dropbox.com/oauth-guide&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#authorization" target="_blank"&gt;https://www.dropbox.com/developers/documentation/http/documentation#authorization&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://dropbox.tech/developers/using-oauth-2-0-with-offline-access" target="_blank"&gt;https://dropbox.tech/developers/using-oauth-2-0-with-offline-access&lt;/A&gt; =&lt;/LI&gt;
&lt;/UL&gt;</description>
    <pubDate>Mon, 20 Mar 2023 14:09:08 GMT</pubDate>
    <dc:creator>Greg-DB</dc:creator>
    <dc:date>2023-03-20T14:09:08Z</dc:date>
    <item>
      <title>refresh token is malformed</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/refresh-token-is-malformed/m-p/669304#M3270</link>
      <description>&lt;P&gt;I am trying to generate new access token using app_key, app_secret and refresh_token obtained using the following url.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;PRE&gt;https://www.dropbox.com/oauth2/authorize?client_id=&amp;lt;APP_KEY&amp;gt;&amp;amp;token_access_type=offline&amp;amp;response_type=code&lt;/PRE&gt;
&lt;P&gt;but the response returned is&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;LI-CODE lang="markup"&gt;    data: {
      error: 'invalid_grant',
      error_description: 'refresh token is malformed'
    }&lt;/LI-CODE&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;My App Specifications -&lt;/P&gt;
&lt;DIV class=""&gt;
&lt;DIV class=""&gt;
&lt;DIV class=""&gt;
&lt;DIV class=""&gt;Permission Type -Scoped App (App Folder)&lt;/DIV&gt;
&lt;/DIV&gt;
&lt;/DIV&gt;
&lt;/DIV&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Code -&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;LI-CODE lang="markup"&gt;const axios = require('axios');

	const clientId = 'xx';
	const clientSecret = 'xx';
	const refreshToken = 'xx';
	
	axios({
	  method: 'post',
	  url: 'https://api.dropbox.com/oauth2/token',
	  params: {
		grant_type: 'refresh_token',
		refresh_token: refreshToken,
		client_id: clientId,
		client_secret: clientSecret
	  }
	})
	.then(response =&amp;gt; {
	  const accessToken = response.data.access_token;
	  console.log(`Access token: ${accessToken}`);
	  // Use the access token to make API requests
	})
	.catch(error =&amp;gt; {
	  console.error(error);
	});
	&lt;/LI-CODE&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 20 Mar 2023 10:47:09 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/refresh-token-is-malformed/m-p/669304#M3270</guid>
      <dc:creator>helloBichya</dc:creator>
      <dc:date>2023-03-20T10:47:09Z</dc:date>
    </item>
    <item>
      <title>Re: refresh token is malformed</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/refresh-token-is-malformed/m-p/669306#M3271</link>
      <description>&lt;P&gt;Hi &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1645042"&gt;@helloBichya&lt;/a&gt;,&lt;/P&gt;&lt;P&gt;Ok, but how/where did you get your refresh token from? 🧐 You haven't shown that in your post. &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@9AD39CA637682E9616FBE31CDAF1B6C4/emoticons/1f914.png" alt=":thinking_face:" title=":thinking_face:" /&gt;.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;... or maybe you're trying use the code as a refresh token? &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@D88F213CAFB196B6AB70612B08AD9D31/emoticons/1f601.png" alt=":beaming_face_with_smiling_eyes:" title=":beaming_face_with_smiling_eyes:" /&gt; They are different things. &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@41457EF40051AFF130FDBFE21B496926/emoticons/1f609.png" alt=":winking_face:" title=":winking_face:" /&gt; Take a look once again in documentation.&lt;/P&gt;&lt;P&gt;Hope this helps.&lt;/P&gt;</description>
      <pubDate>Sun, 19 Mar 2023 17:55:16 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/refresh-token-is-malformed/m-p/669306#M3271</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2023-03-19T17:55:16Z</dc:date>
    </item>
    <item>
      <title>Re: refresh token is malformed | How to get new access token by refresh token</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/refresh-token-is-malformed/m-p/669370#M3272</link>
      <description>&lt;P&gt;Yes, you are right. I am dumb. Thank you for the help @&lt;A href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/422790" target="_self"&gt;&lt;SPAN class=""&gt;Здравко&lt;/SPAN&gt;&lt;/A&gt;&amp;nbsp;. I treated the authorization code as refresh token.&lt;BR /&gt;My story -&lt;/P&gt;&lt;P&gt;I want to post images to dropbox from netlify functions. I used short lived access tokens , since they expire i wanted refresh token to get a new short lived access token.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Solution for someone like me- (If your use case is similar to mine)&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Step 1 - Generate authorization code for your app through the following url by replacing &amp;lt;APP_KEY&amp;gt; with your app key.&lt;/P&gt;&lt;PRE&gt;https://www.dropbox.com/oauth2/authorize?client_id=&amp;lt;APP_KEY&amp;gt;&amp;amp;token_access_type=offline&amp;amp;response_type=code&lt;/PRE&gt;&lt;P&gt;Step 2 - After replacing visit the url and grant authorization. An authorization code will get generated (43 characters approx). copy that.&lt;/P&gt;&lt;P&gt;Step 3 - Now we have to pass authorization code, app_key , app_secret to curl request to generate refresh token. I am using postman.&amp;nbsp;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Flow - Open Postman -&amp;gt; Import -&amp;gt; Raw text -&amp;gt; paste curl request and replace &amp;lt;APP_KEY&amp;gt;, &amp;lt;APP_SECRET&amp;gt;, &amp;lt;ACCESS_CODE&amp;gt; (i.e authorization code) -&amp;gt; Continue -&amp;gt; Send Request.&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;curl --location --request POST 'https://api.dropboxapi.com/oauth2/token' \
-u '&amp;lt;APP_KEY&amp;gt;:&amp;lt;APP_SECRET&amp;gt;'
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'code=&amp;lt;ACCESS_CODE&amp;gt;' \
--data-urlencode 'grant_type=authorization_code'&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;Done - You have obtained json which contains refresh_token.&amp;nbsp;&lt;/P&gt;&lt;P&gt;________________________________________________________________________________&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Now if you want to get new access token , you can use below code. or use dropbox sdk.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Code -&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;LI-CODE lang="markup"&gt;const axios = require('axios');

	const clientId = 'xx';
	const clientSecret = 'xx';
	const refreshToken = 'xx';
	
	axios({
	  method: 'post',
	  url: 'https://api.dropbox.com/oauth2/token',
	  params: {
		grant_type: 'refresh_token',
		refresh_token: refreshToken,
		client_id: clientId,
		client_secret: clientSecret
	  }
	})
	.then(response =&amp;gt; {
	  const accessToken = response.data.access_token;
	  console.log(`Access token: ${accessToken}`);
	  // Use the access token to make API requests
	})
	.catch(error =&amp;gt; {
	  console.error(error);
	});&lt;/LI-CODE&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 20 Mar 2023 03:15:38 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/refresh-token-is-malformed/m-p/669370#M3272</guid>
      <dc:creator>helloBichya</dc:creator>
      <dc:date>2023-03-20T03:15:38Z</dc:date>
    </item>
    <item>
      <title>Re: refresh token is malformed</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/refresh-token-is-malformed/m-p/669514#M3275</link>
      <description>&lt;P&gt;Thanks for following up and sharing your code. I'm glad to hear you got this sorted out.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;To confirm, the refresh token is not the value returned by &lt;A href="http://www.dropbox.com/oauth2/authorize" target="_blank"&gt;www.dropbox.com/oauth2/authorize&lt;/A&gt;... itself. Using &lt;A href="http://www.dropbox.com/oauth2/authorize" target="_blank"&gt;www.dropbox.com/oauth2/authorize&lt;/A&gt; with 'response_type=code' gives an 'authorization code' (sometimes also called 'access code').&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;The refreshToken value should be the 'refresh_token' returned by &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-token" target="_blank"&gt;/oauth2/token&lt;/A&gt; when you called &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-token" target="_blank"&gt;/oauth2/token&lt;/A&gt; with 'grant_type=authorization_code'. That's different from the 'access token' as well as the 'authorization code'; the three are not interchangeable.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;For anyone looking for more information, refer to the following resources for information on how to use the app authorization flow:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://developers.dropbox.com/oauth-guide" target="_blank"&gt;https://developers.dropbox.com/oauth-guide&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#authorization" target="_blank"&gt;https://www.dropbox.com/developers/documentation/http/documentation#authorization&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://dropbox.tech/developers/using-oauth-2-0-with-offline-access" target="_blank"&gt;https://dropbox.tech/developers/using-oauth-2-0-with-offline-access&lt;/A&gt; =&lt;/LI&gt;
&lt;/UL&gt;</description>
      <pubDate>Mon, 20 Mar 2023 14:09:08 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/refresh-token-is-malformed/m-p/669514#M3275</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2023-03-20T14:09:08Z</dc:date>
    </item>
  </channel>
</rss>

