Discuss Dropbox Developer & API
Hello Team,
As Drop Box Access Token is invalid after 4 hr. I want to implement refresh token mechanism at Backend Java code without User Interaction i.e fully automated. so I have a requirement to get refresh token without User Interaction based on two parameter on UI
1 . App Key
2. Access Token Generated
Please share any link or documentation for same any Java code written ?
@makrand kulkarni Здравко is correct. Please refer to the documentation they linked to for information on how this is passed on the redirect, and the example they linked to for a sample of how to handle this with the Java SDK.
@makrand kulkarni Dropbox doesn't offer a Spring Boot sample in particular, but I'll pass this along as a feature request. I can't promise if or when that might be implemented though.
I am following Drop box documentation
https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize
I am not able to get the "Code" embedded in Redirect URI. Sample request is
GET Method
In response getting Html Code /Website in Postman
As Per Documentation it should provide me Query response with Code
Any help will be appreciated.
Thanks
As can be seen on documentation (and on your screenshot) "Because /oauth2/authorize is a web site, there is no direct return value". What is a web site? 🧐 Ooo... it's HTML. 😉 Read more carefully.
@makrand kulkarni As Здравко indicated, /oauth2/authorize is a web page, not an API call, so you should not be accessing it programmatically. You should send the user there in their own system web browser to interactively click the button to authorize your app to access their account. If you specify a redirect URI, the user will be redirected to it upon authorizing the app and the app can parse that resulting redirected URI to retrieve the authorization code.
Hi Greg.
Somewhat this is still confusing for me.
I was following this example:
https://github.com/dropbox/dropbox-sdk-python/blob/main/example/oauth/commandline-oauth-scopes.py#L8...
and this guide:
https://developers.dropbox.com/oauth-guide
From your comment:
@Greg-DB wrote:If your app needs to maintain long-term access without the user manually re-authorizing it repeatedly, the app should request "offline" access so that it gets a refresh token. The refresh token doesn't expire and can be stored and used repeatedly to get new short-lived access tokens whenever needed, without the user manually reauthorizing the app.
and from the DropBox Oauth Guide:
> When using refresh tokens, your call to the /oauth2/token endpoint with the grant_type of authorization_code will return a short-lived access token and a refresh token, which should be securely stored.
so why does this endpoint return a new refresh token?
but as I understand - your comment is more correct - the Refresh Token is permanent and if I perform a "manual flow" like here:
https://github.com/dropbox/dropbox-sdk-python/blob/main/example/oauth/commandline-oauth-scopes.py#L1...
and save the refresh token, I should be able to use it forever?
let's say I perform the above manual and initial OAuth flow (DropboxOAuth2FlowNoRedirect - in Python SDK), and save the refresh token and access token somewhere.
then, let's say I have a task - a script that re-runs periodically and needs to call DropBox API without user interaction - I make it read the previously saved Access and Request tokens, and make a call like this:
https://github.com/dropbox/dropbox-sdk-python/blob/main/example/oauth/commandline-oauth-scopes.py#L7...
?
does this mean, that after the above Dropbox client operation, I don't get a new Access Token, but the one which I saved just becomes valid again?
both the AccessToken and Refresh Token stay valid and the same all the time?
AccessToken can even become expired for a long time, and you only need Refresh Token to make a new Dropbox API connection at any time?
Hi @tkozuch,
As seems you haven't read entire documentation. /oauth2/token endpoint can be used for different things including initial token receiving from access code (note here code, no token) where you get refresh token and access token on one side and consecutive usage to get access token from refresh token (something the can be used repeatedly; the first case cannot - the code is for single time usage). For some more details in deep take a look here. That's for clarity only - when using SDK you don't need to call endpoints directly. So:
@tkozuch wrote:...
so why does this endpoint return a new refresh token?
...
When you start OAuth flow from "zero" (i.e. new code) you get new refresh token. You don't need to repeat it! You only need to do it once on linking time and after that proceed without further user interaction - then only new access token comes back. Actually the SDK takes care for this, you can ignore this part completely in your code.
@tkozuch wrote:...
and save the refresh token, I should be able to use it forever?
...
Yes, or till revoke either from your application or from user side.
@tkozuch wrote:...
both the AccessToken and Refresh Token stay valid and the same all the time?
...
Refresh token stay valid indefinitely while access token expire in time noted on receiving (typical 4 hours or so).
@tkozuch wrote:...
AccessToken can even become expired for a long time, and you only need Refresh Token to make a new Dropbox API connection at any time?
Almost... Once the existing access token expires, you need new access token for regular API work - that's what the refresh process is for. As I mentioned SDK takes care for this internal. To "refresh" the token you need application key at least and in some cases application secret (when non PKCE OAuth flow is used).
Hope this sheds additional light.
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!