cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Would you some tips on how to search images on Dropbox? Get some expert advice from our very own Lainie right here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
1
Ask
2
Comments

Re: How to get refresh token without User interaction

Re: How to get refresh token without User interaction

Julian Li
Explorer | Level 4

As a regular automation task, we have a cronjob that uploads files to dropbox as a backup. This cronjob is not a web app and only talks to dropbox directly via API. Thus, in this case, how could we obtain a token without authorisation via the browser? And for this case, I only need to access my own dropbox account.

1 Accepted Solution

Accepted Solutions

Re: How to get refresh token without User interaction

Greg-DB
Dropboxer

@Julian Li Dropbox refresh tokens do not expire, so you can re-use them for long-term access without repeated manual operation.

View solution in original post

7 Replies 7

Re: Cron job to upload files from server to Dropbox

Julian Li
Explorer | Level 4

It seems that this is no longer true as the access token got from settings page becomes short-lived.

Re: Permanent Access token

Julian Li
Explorer | Level 4

Could we have another oauth2 flow that don't need user to authorise via browser please. For background job like a cronjob, it is not a web app.

Re: How to get refresh token without User interaction

Здравко
Super Collaborator | Level 20

@Julian Li wrote:

... Thus, in this case, how could we obtain a token without authorisation via the browser? ...


Hi @Julian Li,

It's still impossible if you want long term access. You can get access token without browser, but it would be short-lived token (most probably not what you want).

 


@Julian Li wrote:

... And for this case, I only need to access my own dropbox account.


Doesn't matter what you need long term access (refresh token) for, you need least one interaction through the browser. This interaction doesn't need to be implemented in your cronjob, but can be run anywhere, anyhow. Once you get to the refresh token, you can use it into your cronjob (without any further user interactions). 😉 That's it.

Re: How to get refresh token without User interaction

Greg-DB
Dropboxer

@Julian Li Dropbox is no longer offering the option for creating new long-lived access tokens. Dropbox is switching to only issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here.

Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example.

For reference, while the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption, if you have any. Also, note though that after the change you won't be able to create new long-lived access tokens.

While the change began on September 30th 2021, we released it gradually, so you may not have seen your app(s) affected until more recently. Once it applies to your app, it would apply regardless of the "Access token expiration" setting for your app, and that setting may no longer be available for your app.

Note that this is something that would need to be implemented by the programmer of the app though, so if you are not the programmer responsible for this integration, you may need to get an update from them to support this.

Re: How to get refresh token without User interaction

Julian Li
Explorer | Level 4

2 questions in regard to the refresh token.

1. Will the refresh token have no expiration?

2. If the answer to 1 is No. Then will dropbox have any plan to offer another OAuth flow to get the auth code directly via API call? From the current of the Oauth flow documents,  users must manually approve from a web browser for the auth code, but a cronjob doesn't need any manual operation.

 

Re: How to get refresh token without User interaction

Greg-DB
Dropboxer

@Julian Li Dropbox refresh tokens do not expire, so you can re-use them for long-term access without repeated manual operation.

Re: How to get refresh token without User interaction

Julian Li
Explorer | Level 4

Thanks for the clarification, that's all I need. 😊

Who's talking

Top contributors to this post

  • User avatar
    Julian Li Explorer | Level 4
  • User avatar
    Greg-DB Dropboxer
  • User avatar
    Здравко Super Collaborator | Level 20
What do Dropbox user levels mean?
Need more support?