cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
If you’ve changed your email address, now's the perfect time to update it on your Dropbox account and we’re here to help! Learn more here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Error when attempting to get an access token using refresh token

Error when attempting to get an access token using refresh token

GIS_questions
Explorer | Level 4

I keep encountering the same error when I attempt to use my refresh token, client id and client secret to get a new access token in my javascript code:

" Error in call to API function "files/upload": Invalid authorization value in HTTP header "Authorization": "Bearer". Expecting "Bearer <oauth2-access-token>".

 

I've tried many times but I keep coming back to the same error, whether I use a fetch method, post, or get. I know my information is correct, because a curl request gives me a working access token, but I seem to be messing something up. I've read through all the resources I can find, but I think I must be making a mistake when applying this code.

 

Any help would be greatly appreciated, as I am very new to javascript and the removal of long-lived access tokens has thrown me for a loop!

 

(The images below are all different attempts, each of which failed with the same error.)

 

attempt1_Dropbox.pngattempt2_dropbox.pngattempt3_dropbox.pngattempt4_dropbox.png

6 Replies 6

Greg-DB
Dropbox Staff

It looks like you're attempting to use a refresh token as a "Bearer" token in a few places in this case (where you set the "Authorization" header to "Bearer" + refreshToken). Refresh tokens themselves are not access tokens and cannot be used as Bearer tokens though, so please update your code to remove that. Refresh tokens should only be used as the "refresh_token" parameter value (as you do have) when calling /oauth2/token.

 

Also, I see in one line that you have a reference to "api.dropboxapi.com/oauth2/token_access_type=offline". That is not correct, and appears to be a combination of "api.dropboxapi.com/oauth2/token", which is the Dropbox OAuth 2 token endpoint, and "token_access_type=offline" which is only a parameter/option on www.dropbox.com/oauth2/authorize. You can find more information in the OAuth Guide and authorization documentation.

 

This comment with a basic example of the whole procedure may be a useful reference.

GIS_questions
Explorer | Level 4

Hi Greg,

 

Thank you so much for your reply!

 

Do you have any basic examples of doing this through javascript? I've been able to get the refresh token using curl, but I haven't had the same luck with my code. I've looked at the documentation on the OAuth guide and authorization documentation but I can't get the Javascript to function.

 

Thank you!

Здравко
Legendary | Level 20

Greg-DB
Dropbox Staff

@GIS_questions As Здравко referred to, I recommend using the official Dropbox JavaScript SDK if possible, as it will do much of the work for you. Alternatively, it may also just serve as a good example even if you can't use it.

GIS_questions
Explorer | Level 4

Hi @Greg-DB,

 

Would you mind taking a look at this code and telling me where I'm going wrong? Currently I'm getting a 400 error regarding the bearer. I am using the access code for the bearer, though I don't know if it has to be the access token? The problem there being that I have to use this code to get the temporary access token, so I don't know how to request the access token without a preexisting access token, if that makes any sense? I'm using the url: https://api.dropbox.com/oauth2/token. I've also tried this without the Authorization request header, and with a grant_type of client_credentials.

 

GIS_questions_0-1663681370554.png

 

Thank you so much for your help!

Greg-DB
Dropbox Staff

Whenever you get an error like this 400 error response, be sure to print out the response body as it will generally contain a more useful error message. What does it contain in this case?

 

Looking at your code though, I see you're attempting the step where you call /oauth2/token with the existing refresh token to get a new short-lived access token. That corresponds to the "refresh token request" example in the documentation for /oauth2/token. There are a few things that look wrong in your code as compared to that:

  • you should not be supplying a Bearer token/code; this step does not require or accept an access token or authorization code
  • you should not be setting the Content-Type to application/json or JSON-encoding your parameters; this OAuth endpoint expects the parameters as application/x-www-form-urlencoded POST parameters
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    GIS_questions Explorer | Level 4
  • User avatar
    Здравко Legendary | Level 20
What do Dropbox user levels mean?