Re: How to get refresh token without User interaction

Julian Li · ‎01-31-2023

As a regular automation task, we have a cronjob that uploads files to dropbox as a backup. This cronjob is not a web app and only talks to dropbox directly via API. Thus, in this case, how could we obtain a token without authorisation via the browser? And for this case, I only need to access my own dropbox account.

Greg-DB · ‎01-31-2023

@Julian Li Dropbox refresh tokens do not expire, so you can re-use them for long-term access without repeated manual operation.

View solution in original post

Julian Li · ‎01-31-2023

It seems that this is no longer true as the access token got from settings page becomes short-lived.

Julian Li · ‎01-31-2023

Could we have another oauth2 flow that don't need user to authorise via browser please. For background job like a cronjob, it is not a web app.

Здравко · ‎01-31-2023

@Julian Li wrote:
... Thus, in this case, how could we obtain a token without authorisation via the browser? ...

Hi @Julian Li,

It's still impossible if you want long term access. You can get access token without browser, but it would be short-lived token (most probably not what you want).

@Julian Li wrote:
... And for this case, I only need to access my own dropbox account.

Doesn't matter what you need long term access (refresh token) for, you need least one interaction through the browser. This interaction doesn't need to be implemented in your cronjob, but can be run anywhere, anyhow. Once you get to the refresh token, you can use it into your cronjob (without any further user interactions). 😉 That's it.

Greg-DB · ‎01-31-2023

@Julian Li Dropbox is no longer offering the option for creating new long-lived access tokens. Dropbox is switching to only issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here.

Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example.

For reference, while the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption, if you have any. Also, note though that after the change you won't be able to create new long-lived access tokens.

While the change began on September 30th 2021, we released it gradually, so you may not have seen your app(s) affected until more recently. Once it applies to your app, it would apply regardless of the "Access token expiration" setting for your app, and that setting may no longer be available for your app.

Note that this is something that would need to be implemented by the programmer of the app though, so if you are not the programmer responsible for this integration, you may need to get an update from them to support this.

Julian Li · ‎01-31-2023

2 questions in regard to the refresh token.

1. Will the refresh token have no expiration?

2. If the answer to 1 is No. Then will dropbox have any plan to offer another OAuth flow to get the auth code directly via API call? From the current of the Oauth flow documents, users must manually approve from a web browser for the auth code, but a cronjob doesn't need any manual operation.

Greg-DB · ‎01-31-2023

@Julian Li Dropbox refresh tokens do not expire, so you can re-use them for long-term access without repeated manual operation.

Julian Li · ‎01-31-2023

Thanks for the clarification, that's all I need. 😊

Re: How to get refresh token without User interaction

Re: How to get refresh token without User interaction

Top contributors to this post