cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Share your feedback on the Document Scanning Experience in the Dropbox App right here.

Discuss Dropbox Developer & API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ASP.NET MVC refresh token for DropBox have an error invalid_grant

ASP.NET MVC refresh token for DropBox have an error invalid_grant

Tomtit
Explorer | Level 3

I'm trying to refresh a Dropbox token in my ASP.NET MVC application. But I get an error:

Spoiler
invalid_grant.

My code:

 

 

 OAuth2Response tokenResult = await DropboxOAuth2Helper.ProcessCodeFlowAsync("http://127.0.0.1:52475/", ApiKey, ApiSecret);
            accessToken = tokenResult.AccessToken;
            refreshToken = tokenResult.RefreshToken;

 

1 Reply 1

Greg-DB
Dropbox Staff

[Cross-linking for reference: https://stackoverflow.com/questions/75426433/asp-net-mvc-refresh-token-for-dropbox-have-error-invali... ]

 

An 'invalid_grant' error can indicate that the values you're supplying to ProcessCodeFlowAsync are incorrect/invalid, or that they don't match the configuration used with GetAuthorizeUri to get that particular authorization.

 

For example, in the version of the code you shared here, you're setting the first parameter to "http://127.0.0.1:52475/", which would be incorrect as that's neither an authorization code nor a redirect URI containing an authorization code, i.e., "responseUri". I see that the code in your StackOverflow post is different though, and does seem to contain the resulting redirect URI for the responseUri parameter.

 

Or, for instance, if you set a "redirectUri" when calling GetAuthorizeUri, you need to supply that same redirectUri to ProcessCodeFlowAsync to validate that request. That is, in addition to setting the responseUri parameter on ProcessCodeFlowAsync, you should set redirectUri as well (matching the redirectUri value you gave to GetAuthorizeUri). Or, if you didn't set a redirectUri when calling GetAuthorizeUri, you shouldn't set redirectUri when calling ProcessCodeFlowAsync.

 

Also, note that authorizations codes are only valid for a few minutes, and can only be used once each. You can store and re-use the resulting refresh tokens though; refresh tokens can be re-used and don't expire. Once you have a refresh token for an account, you don't need to run the authorization flow (GetAuthorizeUri and ProcessCodeFlowAsync) for that account again. You would just make the DropboxClient with the app key/secret and refresh token.

 

Refer to the documentation linked above for information on using these methods, and the sample apps here for examples of how to use them. The OAuth Guide can also be a helpful resources for understanding how this flow works.

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?