cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Share your feedback on the Document Scanning Experience in the Dropbox App right here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Using /authorize passing client_id & redirect_uri next /token don't retrieve refresh_token

Using /authorize passing client_id & redirect_uri next /token don't retrieve refresh_token

bebuccio
New member | Level 2

I have written a webapp to make the whole procedure to retreive a REFRESH_TOKEN so I can ask for a TOKEN when I want interacxt with DropBox.

When I invoke this my page, it send a GET to https://api.dropbox.com/oauth2/authorize with this params:

?client_id=<my_app_key>&redirect_uri=<myRedirectUri>&response_type=code

 

After this GET, I receive at my server (<myRedirectUri>) a GET with the param &code=<the_code_received>

With this code received, according with the documentation, DropBox give me the opportunity to get the REFRESH_TOKEN (this is "long-life" token).

To do this, when I receive at my site the GET on <myRedirectUri>,  I send a POST https://api.dropbox.com/oauth2/token with this data:

{ "code": <the_code_received>,
  "grant_type": "authorization_code",
  "redirect_uri": <myRedirectUri>,
  "client_id": <my_app_key>,
  "client_secret": <my_app_secret>
}

 

As result of the POST I receive this result:

{"access_token": <the_token>,

 "token_type": "bearer",

  "expires_in": 14400,

  "scope": "account_info.read files.content.read files.content.write files.metadata.read",

  "uid": <the_id>,

  "account_id": <the_account_id>

}

 

In this response it is missing the REFRESH_TOKEN.

 

If I do the same process but without the "redirect_uri" facility:

1) send a GET like https://www.dropbox.com/oauth2/authorize?client_id=<my_app_key>&token_access_type=offline&response_type=code

2) receive on my browser the code <the_code_received>

3) sending (i.e. with curl) a POST to https://api.dropbox.com/oauth2/token with data:

    { "code": <the_code_received>,
      "grant_type": "authorization_code",
      "client_id": <my_app_key>,
      "client_secret": <my_app_secret>
    }

  I receive the correct data with the REFRESH_TOKEN

 

Why with the first method it doesn't work?

Where is the error?

1 Accepted Solution

Accepted Solutions

Здравко
Legendary | Level 20

@bebuccio wrote:

I have written a webapp to make the whole procedure to retreive a REFRESH_TOKEN so I can ask for a TOKEN when I want interacxt with DropBox.

When I invoke this my page, it send a GET to https://api.dropbox.com/oauth2/authorize with this params:

?client_id=<my_app_key>&redirect_uri=<myRedirectUri>&response_type=code

...

In this response it is missing the REFRESH_TOKEN.

 

If I do the same process but without the "redirect_uri" facility:

1) send a GET like https://www.dropbox.com/oauth2/authorize?client_id=<my_app_key>&token_access_type=offline&response_type=code

...

  I receive the correct data with the REFRESH_TOKEN

...


Hi @bebuccio,

Did you pass "token_access_type=offline" with the first variant too? 🧐:winking_face:

Hope this helps.

View solution in original post

1 Reply 1

Здравко
Legendary | Level 20

@bebuccio wrote:

I have written a webapp to make the whole procedure to retreive a REFRESH_TOKEN so I can ask for a TOKEN when I want interacxt with DropBox.

When I invoke this my page, it send a GET to https://api.dropbox.com/oauth2/authorize with this params:

?client_id=<my_app_key>&redirect_uri=<myRedirectUri>&response_type=code

...

In this response it is missing the REFRESH_TOKEN.

 

If I do the same process but without the "redirect_uri" facility:

1) send a GET like https://www.dropbox.com/oauth2/authorize?client_id=<my_app_key>&token_access_type=offline&response_type=code

...

  I receive the correct data with the REFRESH_TOKEN

...


Hi @bebuccio,

Did you pass "token_access_type=offline" with the first variant too? 🧐:winking_face:

Hope this helps.

Need more support?