ASP.NET MVC refresh token for DropBox have an error invalid_grant

[Cross-linking for reference: https://stackoverflow.com/questions/75426433/asp-net-mvc-refresh-token-for-dropbox-have-error-invalid-grant ]

An 'invalid_grant' error can indicate that the values you're supplying to ProcessCodeFlowAsync are incorrect/invalid, or that they don't match the configuration used with GetAuthorizeUri to get that particular authorization.

For example, in the version of the code you shared here, you're setting the first parameter to "http://127.0.0.1:52475/", which would be incorrect as that's neither an authorization code nor a redirect URI containing an authorization code, i.e., "responseUri". I see that the code in your StackOverflow post is different though, and does seem to contain the resulting redirect URI for the responseUri parameter.

Or, for instance, if you set a "redirectUri" when calling GetAuthorizeUri, you need to supply that same redirectUri to ProcessCodeFlowAsync to validate that request. That is, in addition to setting the responseUri parameter on ProcessCodeFlowAsync, you should set redirectUri as well (matching the redirectUri value you gave to GetAuthorizeUri). Or, if you didn't set a redirectUri when calling GetAuthorizeUri, you shouldn't set redirectUri when calling ProcessCodeFlowAsync.

Also, note that authorizations codes are only valid for a few minutes, and can only be used once each. You can store and re-use the resulting refresh tokens though; refresh tokens can be re-used and don't expire. Once you have a refresh token for an account, you don't need to run the authorization flow (GetAuthorizeUri and ProcessCodeFlowAsync) for that account again. You would just make the DropboxClient with the app key/secret and refresh token.

Refer to the documentation linked above for information on using these methods, and the sample apps here for examples of how to use them. The OAuth Guide can also be a helpful resources for understanding how this flow works.