cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Discuss Dropbox Developer & API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: How to get refresh token without User interaction

How to get refresh token without User interaction

makrand kulkarni
Explorer | Level 4

Hello Team,

As Drop Box Access Token is invalid after 4 hr. I want to implement refresh token mechanism at Backend Java code without User Interaction i.e fully automated. so I have a requirement to get refresh token without User Interaction based on two parameter on UI

1 . App Key

2. Access Token Generated

Please share any link or documentation for same any Java code written ?

17 Replies 17

Greg-DB
Dropbox Staff

It is not possible to get a refresh using an app key and access token programmatically. You can only get a refresh token using the OAuth app authorization flow.

 

Likewise, it is not possible to fully automate the OAuth process where the user chooses to authorize the app and the app then receives the resulting access token and optional refresh token. This needs to be done manually by the user at least once. If your app needs to maintain long-term access without the user manually re-authorizing it repeatedly, the app should request "offline" access so that it gets a refresh token. The refresh token doesn't expire and can be stored and used repeatedly to get new short-lived access tokens whenever needed, without the user manually reauthorizing the app.

 

You can find examples of this functionality in the Dropbox API v2 Java SDK here.

Здравко
Legendary | Level 20

Hi @makrand kulkarni,

😁 You are in  confusion. There is no way to get refresh token based on access token; the sequence is opposite! You have to get a refresh token and after that you SDK will take care for the rest (including access token generation. Take a look here and here for more info.

Hope this helps.

makrand kulkarni
Explorer | Level 4

@Greg-DB,

 

Thanks, I have one more query,  As Per Example Given, Auth Code needs to be Enter manually by User to get Access and Refresh Token, 

For A Company Clients this could not be Implemented as there are multiple users which will use our application. 

1  Is there any other solution where Auth code can be taken Internally by Application ?

2. In which Parameter Auth Code can be taken in response of redirect-uri ?

It will be great help on this . 

 

Здравко
Legendary | Level 20

@makrand kulkarni wrote:

...

1  Is there any other solution where Auth code can be taken Internally by Application ?

...


As you already guessed, Yes, using redirect URI.

 


@makrand kulkarni wrote:

...

2. In which Parameter Auth Code can be taken in response of redirect-uri ?

...


You can take a look on a web example to take idea from or on general authorization doc.

Good luck.

Greg-DB
Dropbox Staff

@makrand kulkarni Здравко is correct. While the authorization process needs to be processed manually once per user, you can use a redirect URI to make that process easier. Please refer to the resources that Здравко linked to.

makrand kulkarni
Explorer | Level 4

@Greg-DB 

 

I still have question that , In what Param Auth Code will get in Response of redirect URI ?

Здравко
Legendary | Level 20

While using SDK, the care for details is usually SDKs code's task, not to the code where SDK features are called from. Though, for all possible parameters in redirect URI you can take a look on /oauth2/authorize, in RETURNS section.

makrand kulkarni
Explorer | Level 4

Thanks, I am using  Authorize URI with Token Access type as Offline 

https://www.dropbox.com/oauth2/authorize?client_id=xxxxxx&token_access_type=offline&response_type=co...

 I want to read Auth Code Internally in Java Code return by above URI. suggest a way how to read the Auth Code by Java code only

Здравко
Legendary | Level 20

Hi @makrand kulkarni,

As result of your request, on confirmation, new request will be directed according to then redirect URI with only parameter 'code' inside. It would look like:

<Your redirect URI>?code=<code to be used in /oauth2/token>

You can use any code able to handle your URI (either provided by Dropbox or no). Some sort of service need to be provided that serve as a callback (no direct response is possible). Typically it's a some sort of web server (local HTTP handler) or something else, depending on the URI type (is it URL or something else). You can take a look here for some web example.

Hope this gives direction.

Need more support?