cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
What’s new: end-to-end encryption, Replay and Dash updates. Find out more about these updates, new features and more here.

Discuss Dropbox Developer & API

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Powershell Oauth2 Refresh Token

Powershell Oauth2 Refresh Token

lucasj
Explorer | Level 3
‎04-21-2023 10:45 AM
Go to solution

Hey all!  Thanks in advanced.

 

I am trying to write a powershell script to get an offline refresh token so I can do unattended uploads.

 

The problem is that I have to authenticate for an authorization code manually each time it is ran.  How do I make it unattended?  Here is the code:

$client_id = "CLIENTID"
$client_secret = "CLIENTSECRET"

# Set up the OAuth2 authorization URL
#$scope = "offline"
#$auth_url = "{0}?response_type=code&client_id={1}&scope={2}" -f $auth_url, $client_id, $scope

# Open the authorization URL in the default web browser and prompt the user to sign in and authorize your app
Start-Process $auth_url
Write-Host "Please sign in and authorize your app in the browser window that just opened."

# Prompt the user to enter the authorization code provided by Dropbox after they have authorized your app
$authorization_code = Read-Host "Enter the authorization code provided by Dropbox"
# Set up the access token request parameters
$body = @{
    code = $authorization_code
    grant_type = "authorization_code"
    client_id = $client_id
    redirect_uri = $redirectUri
    client_secret = $client_secret
}

# Send the access token request and parse the response for the access token and refresh token
$response = Invoke-RestMethod -Method Post -Uri $token_url -Body $body
$access_token = $response.access_token
$refresh_token = $response.refresh_token

# Use the access token to make API calls to Dropbox
# For example, you can list the contents of the root folder like this:
$headers = @{
    "Authorization" = "Bearer $access_token"
}
$list_body = @{
    path = ""
    recursive = $false
}
$list_response = Invoke-RestMethod -Method Post -Uri $list_url -Headers $headers -Body ($list_body | ConvertTo-Json)
$list_response.entries | Select-Object name, path_display

# Output the access token and refresh token to the console
Write-Host "Your access token is: $access_token"
Write-Host "Your refresh token is: $refresh_token"
  • 0 Likes
  • 8 Replies
  • 2,072 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
‎04-25-2023 11:24 AM
Go to solution

I'm not sure what you mean when you say you are "not getting any type of response from the curl command". For reference, if you need to debug something with curl, you can use the "-v" flag to enable verbose mode.

 

In any case, I haven't tested your new code, but the parameters look right. I also don't see where you retrieve the access token from the new /oauth2/token call, but assuming you do either manually or in code not shown, it seems right. Does it work for you when you run it?

View solution in original post

0 Likes
8 Replies 8

Greg-DB
Dropbox Staff
‎04-21-2023 02:25 PM
Go to solution

It is not possible to fully automate the OAuth process where the user chooses to authorize the app and the app then receives the resulting access token and optional refresh token. This needs to be done manually by the user at least once.

 

If your app needs to maintain long-term access without the user manually re-authorizing it repeatedly, the app should request "offline" access so that it gets a refresh token. The refresh token doesn't expire and can be stored and used repeatedly to get new short-lived access tokens whenever needed, without the user manually reauthorizing the app.

You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post  which may serve as a useful example of how to use a refresh token to maintain long-term unattended access.

0 Likes

lucasj
Explorer | Level 3
‎04-24-2023 07:48 AM
Go to solution

Thanks for the reply Greg -

 

The script above does request offline access.  If you see line 10, the authentication url has "token_access_type=offline". 

 

I get the refresh token once, and I plug it in, but it doesn't last more than a couple of hours before it expires.

0 Likes

Greg-DB
Dropbox Staff
‎04-24-2023 08:45 AM
Go to solution

I see you are requesting the refresh token, but you don't seem to actually be using it anywhere in the code you shared.

 

Whenever you need a new short-lived access token, you should call /oauth2/token with grant_type=refresh_token, as shown in step 5 of the offline example in this post.

0 Likes

lucasj
Explorer | Level 3
‎04-25-2023 06:20 AM
Go to solution

So I used this code to upload files.  I tried using the refresh token and it doesn't work...

 

$refresh_token = "hssEaww....REFRESHTOKENWENTHERE"
$headers = @{
    Authorization  = "Bearer $refresh_token"
    "Content-Type" = "application/octet-stream"
}

# Read the file as a byte array and upload it to Dropbox
$file_bytes = [System.IO.File]::ReadAllBytes($file_path)

$outputFile = Split-Path "C:\FILEHERE.TXT" -leaf
$TargetFilePath = "/$outputFile"
$arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
$authorization = "Bearer " + $refresh_token
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", $authorization)
$headers.Add("Dropbox-API-Arg", $arg)
$headers.Add("Content-Type", 'application/octet-stream')
$response = Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
0 Likes

Greg-DB
Dropbox Staff
‎04-25-2023 07:18 AM
Go to solution

Access tokens and refresh tokens are different objects and are not interchangeable, so you can't use a refresh token as an access token like that. Instead, whenever you need a new short-lived access token you should call /oauth2/token with grant_type=refresh_token and refresh_token set to the refresh token, like in step 5 of this example. That call will return a new short-lived access token which you can then use to make further API calls, such as /2/files/upload.

0 Likes

lucasj
Explorer | Level 3
‎04-25-2023 11:12 AM
Go to solution

Is this correct?  If so, I'm not getting any type of response from the curl command

 

    $refreshToken = "REFRESHTOKENHERE"
    $appKey = "APPKEYHERE"
    $appSecret = "APPSECRETHERE"

   $response =  Invoke-RestMethod -Uri "https://api.dropbox.com/oauth2/token" -Method POST -Body @{
        refresh_token = $refreshToken
        grant_type    = "refresh_token"
        client_id     = $appKey
        client_secret = $appSecret
    }

    $response
    # Set up the URL to upload the file

    # Set up the request headers with the authorization and content-type
    $headers = @{
        Authorization  = "Bearer $access_token"
        "Content-Type" = "application/octet-stream"
    }
0 Likes

Greg-DB
Dropbox Staff
‎04-25-2023 11:24 AM
Go to solution

I'm not sure what you mean when you say you are "not getting any type of response from the curl command". For reference, if you need to debug something with curl, you can use the "-v" flag to enable verbose mode.

 

In any case, I haven't tested your new code, but the parameters look right. I also don't see where you retrieve the access token from the new /oauth2/token call, but assuming you do either manually or in code not shown, it seems right. Does it work for you when you run it?

0 Likes

lucasj
Explorer | Level 3
‎04-27-2023 06:28 AM
Go to solution

Thanks Greg!  I think I figured it out.  I'm going to post code for future users with this problem.

 

This is the full code to get the refresh token.  Replace the variables at the top where it cays CLIENTIDHERE and CLIENTSECRETHERE.  Also the auth_url has a space where you have to put the CLIENTID

 

Once you run it, a web browser will pop up and you'll need to copy the code on the right side of the URL that pops up.  This is your authorization_code that you'll have to enter in the prompt.  Once you enter in the authorization code, it will give you a refresh token:

 

$client_id = "CLIENTIDHERE"
$client_secret = "CLIENTSECRETHERE"

# Set up the OAuth2 authorization URL
#$scope = "offline"
#$auth_url = "{0}?response_type=code&client_id={1}&scope={2}" -f $auth_url, $client_id, $scope

# Open the authorization URL in the default web browser and prompt the user to sign in and authorize your app
Start-Process $auth_url
Write-Host "Please sign in and authorize your app in the browser window that just opened."

# Prompt the user to enter the authorization code provided by Dropbox after they have authorized your app
$authorization_code = Read-Host "Enter the authorization code provided by Dropbox"

# Set up the access token request parameters
$body = @{
    code = $authorization_code
    grant_type = "authorization_code"
    client_id = $client_id
    redirect_uri = $redirectUri
    client_secret = $client_secret
}

# Send the access token request and parse the response for the access token and refresh token
$response = Invoke-RestMethod -Method Post -Uri $token_url -Body $body
$access_token = $response.access_token
$refresh_token = $response.refresh_token

# Use the access token to make API calls to Dropbox
# For example, you can list the contents of the root folder like this:
$headers = @{
    "Authorization" = "Bearer $access_token"
}
$list_body = @{
    path = ""
    recursive = $false
}
$list_response = Invoke-RestMethod -Method Post -Uri $list_url -Headers $headers -Body ($list_body | ConvertTo-Json)
$list_response.entries | Select-Object name, path_display

# Output the access token and refresh token to the console
Write-Host "Your access token is: $access_token"
Write-Host "Your refresh token is: $refresh_token"
 
 
 
 
Then this is the code that creates a function to use the refresh token to upload a file.  You just need the file path as a parameter to the function.
 
function DropBox-Upload {
    [CmdletBinding()]
    param (
        [Parameter (Mandatory = $True, ValueFromPipeline = $True)]
        [Alias("f")]
        [string]$SourceFilePath
    )
    $refreshToken = "REFRESHTOKENHERE"
    $appKey = "CLIENTIDHERE"
    $appSecret = "CLIENTSECRETHERE"

   $response =  Invoke-RestMethod -Uri "https://api.dropbox.com/oauth2/token" -Method POST -Body @{
        refresh_token = $refreshToken
        grant_type    = "refresh_token"
        client_id     = $appKey
        client_secret = $appSecret
    } -Verbose

    $responseAccessToken = $response | select-object -expand "access_token"
    $responseAccessToken
   
    # Set up the URL to upload the file

    # Set up the request headers with the authorization and content-type
    $access_token = $responseAccessToken
    $headers = @{
        Authorization  = "Bearer $access_token"
        "Content-Type" = "application/octet-stream"
    }
 

    $outputFile = Split-Path $SourceFilePath -leaf
    $TargetFilePath = "/$outputFile"
    $arg = '{ "path": "' + $TargetFilePath + '", "mode": "add", "autorename": true, "mute": false }'
    $authorization = "Bearer " + $access_token
    $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
    $headers.Add("Authorization", $authorization)
    $headers.Add("Dropbox-API-Arg", $arg)
    $headers.Add("Content-Type", 'application/octet-stream')

    $response = Invoke-RestMethod -Uri https://content.dropboxapi.com/2/files/upload -Method Post -InFile $SourceFilePath -Headers $headers
}
0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    lucasj Explorer | Level 3
  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?