legacy token

bspindia · ‎12-07-2022

my token is expiring while making api calls and getting unauthorised error due to short live tokens, how to generate unexpired token

please assist

regards,

Sikandar

bspindia · ‎12-09-2022

Hurray made it

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'https://api.dropbox.com/oauth2/token');

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=refresh_token&refresh_token=***refreshtoken******");

curl_setopt($ch, CURLOPT_USERPWD, '**AppKey' . ':' . '***AppSecret*****');

$headers = array();

$headers[] = 'Content-Type: application/x-www-form-urlencoded';

curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$result = curl_exec($ch);

echo $result;

if (curl_errno($ch)) {

echo 'Error:' . curl_error($ch);

}

curl_close($ch);

View solution in original post

Rich · ‎12-07-2022

@bspindia wrote:

my token is expiring while making api calls and getting unauthorised error due to short live tokens, how to generate unexpired token

Long-lived (non-expiring) tokens can no longer be generated. They were deprecated and later replaced with short-lived and refresh tokens. A refresh token is used to automatically renew access as needed.

bspindia · ‎12-07-2022

how to generate short live tokens using fetch api

Greg-DB · ‎12-07-2022

@bspindia Apps can get long-term access by requesting "offline" access, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation. I don't have a sample for this with fetch in particular, but there's a basic outline of processing this flow in this blog post which may serve as a useful example so you can translate it to fetch.

bspindia · ‎12-07-2022

i am trying to take code in res please correct headers, right now i am having error as invalid_request

fetch('https://api.dropboxapi.com/oauth2/token',{method:'post',headers:{

"Content-Type":"application/json",

"Authorization":"Bearer "+dropBox.apiKey+":"+dropBox.keySecret,

}}).then(req=>req.json()).then(res=>console.log(res)).catch(error=>console.log(error))

Здравко · ‎12-07-2022

Hi @bspindia,

The call /oauth2/token doesn't support Bearer authorization. It's used to receive such a token, not to use it. Can be used Basic authorization to pass application key and secret or pass them as parameters. Depending on exact step you are performing other parameters should be passed too, but you are skipping them in your code. Take a look on the documentation.

Hope this sheds some light.

Greg-DB · ‎12-07-2022

@bspindia Здравко is correct; your request is not formatted properly. You should use "Basic" authorization for that particular call, not "Bearer". Also, make sure you supply the necessary parameters as shown in the documentation. Check out step 5 in section 2 of this blog post for an example to translate.

bspindia · ‎12-07-2022

i am getting the code when i manually enter url in browser, but how to get using fetch api

// authorization

let dropBox = new Object();

dropBox.apiKey = 'XXXXXXXXXX';

dropBox.apiSecret = 'XXXXXXXXX';

fetch('https://www.dropbox.com/oauth2/authorize',{method:'get',headers:{

"Content-Type":"application/json",

"client_id":dropBox.apiKey,

"response_type":"code",

"token_access_type":"offline",

"state":"",

"redirect_uri":"https://bspindia.online"

}})

.then(authReq=>authReq.json())

.then(authRes=>{

// obtain token

console.log(authRes)

// store token in indexedDB

}).then(calldBox=>{

// call api

})

Здравко · ‎12-08-2022

Hi @bspindia,

You cannot call /oauth2/authorize as regular API call (or similar)! This is address you should redirect to (either explicitly or with web link) your web session to let user authenticates. So you cannot use 'fetch'. To get some of results fields (including the code) you have to "catch" it in your browser address line. 😉 Example how you can get code may be seen here and how you can get access token (short lived) may be seen here. Again, 'fetch' or any other similar method to make a web request is inapplicable in this very first step! 'fetch' is usable for all remaining API calls (regular or not).

Read the documentation with more attention to details (devil is in details 😈).

Greg-DB · ‎12-08-2022

@bspindia Здравко is correct; /oauth2/authorize is a web page, not an API call. It's where you should send the user, in their web browser, to authorize your app.

legacy token

legacy token

Top contributors to this post