cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Share your feedback on the Document Scanning Experience in the Dropbox App right here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Non expiring token kept on changing

Non expiring token kept on changing

cfishere
Explorer | Level 3

So i tried following this article about obtaining my perm app token. I did the exact steps. but it always gives me a different Token when i try to access the link
https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Tokens-only-valid-for-4-hours-from-app-...
am I doing something wrong here? it feels very confusing.

27 Replies 27

Greg-DB
Dropbox Staff

@simatec Whether using the old long-lived access tokens, or new short-lived access tokens/refresh tokens, 'redirect_uri' is optional when you're using 'response_type=code' (such as for the standard code flow for server-side apps, or PKCE flow for client-side apps). When it is omitted, the user is presented with the authorization code directly on the Dropbox web site after authorizing the app, which they would then copy/paste into the third party app for it to complete the flow, that is, calling /oauth2/token to get the resulting access token/refresh token.

simatec1976
Explorer | Level 3

Thank you for your explanations. I integrated the authorization into our GUI and submitted the APP for production due to around 45,000 users of our plugin. How long does this test normally take? I currently have many users with problems and the support effort is currently very high. I hope that the app will be released for production soon so that users can use it normally again. The app is called: Backup-DropCloud Thanks in advance.

Greg-DB
Dropbox Staff

@simatec1976 That should be processed within a few business days. If you need help with a production request you can always open a ticket via https://www.dropbox.com/developers/contact .

simatec1976
Explorer | Level 3

@Greg-DB 

My request was denied because the app name doesn't match the plugin name.

Unfortunately, this name is already taken and I can't do anything about it

Greg-DB
Dropbox Staff

@simatec1976 I just checked on this, and it looks like you already have an open support ticket for that, so they'll follow up with you there soon.

simatec1976
Explorer | Level 3

@Greg-DB 

thx for your support.
Yes, I opened a ticket or replied to the rejection by email.
Unfortunately, the app can only be checked if you install the iot system iobroker.

That means there is no website or access to test it.
The whole thing is integrated in the plugin backitup for the iobroker.

simatec1976
Explorer | Level 3

@Greg-DB 

I've come a long way now.

However, I'm hanging on refresh_token with PKCE.

How can I do a refresh with the VERIFICATION_CODE.

 

I didn't want to work with client_secret.

with client_secret the example looks like this:

 

curl https://api.dropbox.com/oauth2/token \
    -d grant_type=refresh_token \
    -d refresh_token=<REFRESH_TOKEN> \
    -u <APP_KEY>:<APP_SECRET>

 


Is there also a way to refresh_token with the VERIFICATION_CODE instead of the client_secret?

I really don't want the client_secet in the Source code

tahsini
Dropbox Staff

Hey @simatec1976 

 

To use the /oauth2/token with a refresh token that was retrieved via the PKCE flow to get a new short-lived access token without using the app secret would look like this:

curl https://api.dropbox.com/oauth2/token \
    -d refresh_token=<REFRESH_TOKEN> \
    -d grant_type=refresh_token \
    -d client_id=<APP_KEY>

 

 

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    tahsini Dropbox Staff
  • User avatar
    simatec1976 Explorer | Level 3
  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?