cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Are you new to Dropbox? Our Newcomers group is the perfect place to learn the basics, find out more here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to create oauth2 access token from code?

How to create oauth2 access token from code?

Pelleman
Explorer | Level 4
Go to solution

Hello, I have written a backup solution and want to automatically post the backup file (a zip) to my Dropbox account every day when backup finishes.

How can I create an auth2 token by code and use it to post my file?

I have solved the issues around posting the file, but I have not figured out how to automatically create the auth2 token. I can only generate demo tokens valid for 24 hours but I need the ability to at any time generate the token automatically based on the app key/secret for my account.

 

I have tried "converting oauth1 to oauth2" using

 

 

curl -X POST https://api.dropboxapi.com/2/auth/token/from_oauth1 \
    --header "Authorization: Basic xxxx" \
    --header "Content-Type: application/json" \
    --data "{\"oauth1_token\":\"<token>\",\"oauth1_token_secret\":\"<token security>\"}"

 

 

but any combination of the data I have available generate errors.

Please provide an explanation in detailed steps how to accomplish this by automation (http requests etc).

Thanks!

1 Accepted Solution

Accepted Solutions

Здравко
Legendary | Level 20
Go to solution

Hi @Pelleman,

Access token received in whatever way is short lived and can't be used alone for a long time (4 hours, at most). For long term access (solution) you need to get to and store refresh token, which doesn't expire automatically. This token could be used to regenerate access token on demand and use the access token while valid for all regular API calls. For more info how you can get to such a refresh token and how you can automate "refreshing", take a look here. 😉

Hope this helps.

View solution in original post

4 Replies 4

Pelleman
Explorer | Level 4
Go to solution

I should add that I have spent a few hours trying to use 

https://api.dropboxapi.com/oauth2/token

but it does not seem to provide a way to actually create a fully automated flow based on just the app id and secret. I don't want the step where a user has to open a browser or use some silly intermediary/proxy web server to make additional requests. It would not improve security in my project.

So I want to 

1. "Login" automatically in my code to dropbox, based on credentials saved in a file, to get the Oauth2 access code to use in step 2.

2. Upload my file using the Oauth2 access code

Is this even possible? Or should I look at other solutions/storage applications which allows a fully automated flow? Please provide an elaborated answer on how to achieve steps 1 and 2. Thanks!

 

Здравко
Legendary | Level 20
Go to solution

Hi @Pelleman,

Access token received in whatever way is short lived and can't be used alone for a long time (4 hours, at most). For long term access (solution) you need to get to and store refresh token, which doesn't expire automatically. This token could be used to regenerate access token on demand and use the access token while valid for all regular API calls. For more info how you can get to such a refresh token and how you can automate "refreshing", take a look here. 😉

Hope this helps.

Greg-DB
Dropbox Staff
Go to solution

@Pelleman It is not possible to fully automate the OAuth process where the user chooses to authorize the app and the app then receives the resulting access token and optional refresh token. This needs to be done manually by the user once. It's not possible to programmatically get an access token or refresh token using only the app key and secret.

 

As Здравко noted, Dropbox issues short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. Apps can get long-term access by requesting "offline" access though, in which case the app receives a "refresh token", which doesn't expire and can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation.

Pelleman
Explorer | Level 4
Go to solution

Thanks for the help both of you, I think that refresh token solution suits my needs perfectly. I just tested it and it works as advertised.

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Pelleman Explorer | Level 4
  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    Здравко Legendary | Level 20
What do Dropbox user levels mean?