cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Get summer ready with Dropbox basic - travel documents, plans, progress reminders and more, right over here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

No Refresh token is returned

No Refresh token is returned

Thomi
Explorer | Level 4

Hey,

 

I'm trying to figure out how the refresh token oauth2 process is working.

When I navigate to

https://www.dropbox.com/oauth2/authorize?client_id=<client_id>&token_access_type=offline&response_type=code

and grant premission I only get an oauth2 code but no refresh token. What am I doing wrong?

Do I have to enable something in the app center?

1 Accepted Solution

Accepted Solutions

Re: No Refresh token is returned

TaylorKrusen
Dropboxer

When you swap that code for an access token(https://api.dropbox.com/oauth2/token), the resulting payload will contain an access_token and a refresh_token, which can be stored and used to issue a new access token later.

View solution in original post

10 Replies 10

Re: No Refresh token is returned

TaylorKrusen
Dropboxer

Is this a newly created scoped app or an app that you're migrating? The OAuth Guide or blog post, Migrating App Permissions and Access Tokens, might be useful resources here.

In your app's settings there is an OAuth 2 section. Is the "Access token expiration" set to "Short-lived"? 

 

 

Re: No Refresh token is returned

Thomi
Explorer | Level 4

Its a new scoped app and "Access token expiration" is set to "Short-lived".

Re: No Refresh token is returned

TaylorKrusen
Dropboxer

When you swap that code for an access token(https://api.dropbox.com/oauth2/token), the resulting payload will contain an access_token and a refresh_token, which can be stored and used to issue a new access token later.

Re: No Refresh token is returned

MarteIT
Explorer | Level 3

Hi! I have exactly the same problem. Can you please clarify what you mean by "swap"?

Where should I use the code (https://api.dropbox.com/oauth2/token)? curl? With any parameter/ID?

Can you please give me an easy procedure to follow, or an example? Thank you

Re: No Refresh token is returned

Greg-DB
Dropboxer

@MarteIT By "swap", Taylor was referring to how the app sends the "authorization code" (which is received from the /oauth2/authorize OAuth step) in the request to the Dropbox /oauth2/token endpoint, and how the Dropbox API would send the access token and refresh token back in the response.

 

I recommend reading the OAuth Guide for an overview of how this process works. Then, refer to the authorization documentation for information on the specific endpoints and parameters to use, including examples of calling /oauth2/token using curl.

Re: No Refresh token is returned

MarteIT
Explorer | Level 3

Hi Greg, thank you for your reply. I thought Taylor was referring to a somehow different procedure.

What you wrote was already clear to me and that's what I've been trying many times. The problem is that whenever I use the "authorization code" (which is received from the /oauth2/authorize OAuth step) and use it in the request to the Dropbox /oauth2/token endpoint, I get the following error:

{"error_description": "refresh token is malformed", "error": "invalid_grant"}

I'm just using the following command:

curl https://api.dropbox.com/oauth2/token -d grant_type=refresh_token -d refresh_token=["authorization code"] -u [xxxxxx]:[yyyyyyy]

Where am I wrong?

Re: No Refresh token is returned

Greg-DB
Dropboxer

@MarteIT To exchange or "swap" the authorization code for an access token and refresh token you should use "grant_type=authorization_code", as shown in the "access token request in code flow" example (or "PKCE code flow token request" example, if using PKCE) in the /oauth2/token documentation.

 

Using "grant_type=refresh_token" is for when you would later use a refresh token to get a new short-lived access token.

Re: No Refresh token is returned

MarteIT
Explorer | Level 3

Oh alright! I didn't get that. Honestly I find the documentation really misleading:

Example: refresh token request

curl https://api.dropbox.com/oauth2/token \
    -d grant_type=refresh_token \
    -d refresh_token=<REFRESH_TOKEN> \
    -u <APP_KEY>:<APP_SECRET>

Anyway, now I used:

curl https://api.dropbox.com/oauth2/token -d code=[auth code] -d grant_type=authorization_code -d redirec...https://www.dropbox.com/1/oauth2/display_token -u [xxxxxx]:[yyyyyy]

and I got this error:

{"error_description": "redirect_uri mismatch", "error": "invalid_grant"}

 

I set the Redirect URIs --https://www.dropbox.com/1/oauth2/display_token--

as indicated in some of your previous replies. Still can't get it work. Any suggestion? Thank you.

Re: No Refresh token is returned

Greg-DB
Dropboxer

@MarteIT The 'redirect_uri' value you supply to /oauth2/token, if any, should exactly match the 'redirect_uri' value supplied to /oauth2/authorize, if any, when that particular authorization code was retrieved. If they don't match, you'll get this error.

 

The https://www.dropbox.com/1/oauth2/display_token  page is a basic page provided by Dropbox for use with the "token" flow (if the app doesn't have its own redirect URI to use and so instead needs to display the access token directly to the user), not the "code" flow as you're using here, so it probably doesn't make sense for your use case.

Poll
Which Dropbox Plan do you have?
Who's talking

Top contributors to this post

  • User avatar
    MarteIT Explorer | Level 3
  • User avatar
    Greg-DB Dropboxer
What do Dropbox user levels mean?
Need more support?