cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Share your feedback on the Document Scanning Experience in the Dropbox App right here.

Discuss Dropbox Developer & API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Access token generated with refresh token got permissions revoked

Access token generated with refresh token got permissions revoked

andrejpet
Explorer | Level 4

As per the dropbox offline flow, I've set up a flow where I've generated a refresh token after the owner of the dropbox (me) 
- Generated an access code using this URL
https://www.dropbox.com/oauth2/authorize?client_id<YOUR_APP_KEY>&response_type=code&token_access_type=offline
- Used the access code to generate a token using this request
curl https://api.dropbox.com/oauth2/token -d code=<ACCESS_CODE> -d grant_type=authorization_code -u <APP_KEY>:<APP_SECRET> 

I was succesfully generating an access token with the refresh token that I got and my files were being uploaded.
After a month I come back and I get errors that my token no longer has permissions to do so.
This should not be the case since I did not set an expiration date on the refresh token or revoked any permissions.

Because this flow starts with an owner interaction, it cannot be restarted with an app in production as many uploads will be lost.
A new refresh token was generated and it all works now, but again I don't want this to happen in production.

How do I solve the issue?

12 Replies 12

andrejpet
Explorer | Level 4

Could be that during the dev process I accidentally created a refresh token without the app having valid permissions.
Can we keep this discussion alive just in case something pops up again?

I just want confirmation that the refresh token lives forever.

Thanks for your replies, in the end I re-started the whole process
1. Generated an access code
2. Requested a refresh token
3. Used the refresh token to get a new access token on each upload
4. Uploaded files.

Was pretty sure I got the whole flow right from the get go, this surprised me as I did not recall creating an app without permissions, but let's see if the token scope goes missing again.
I've saved all the creds so if anything pops up I'll contact you again.

Thank you for your help.

Greg-DB
Dropbox Staff

Dropbox API refresh tokens do not expire automatically, but they can be revoked on demand by the app or user.

 

And yes, you can reply here again if/when needed.

Здравко
Legendary | Level 20

@andrejpet wrote:

Could be that during the dev process I accidentally created a refresh token without the app having valid permissions.
...


If you used that token, for sure.

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Здравко Legendary | Level 20
  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    andrejpet Explorer | Level 4
What do Dropbox user levels mean?