Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
Hi
In our Website, written with ASP.NET and C#, we want to use .NET API in offline access manner. So I think we need to get access token by using refresh token. I read the documentation and find out we had to call /oauth2/token for that.
I use Dropbox`s .NET SDK, but it`s documentation is missing. My question is: what function should I call in .NET SDK to achive same functionlity as calling /oauth2/token.
Thankyou.
The SDK does it for you. You don't need to do anything explicitly.
@Esikhoob As Здравко said, the .NET SDK will handle this /oauth2/token request for you. It will automatically use the refresh token to get a new access token whenever needed.
You can find the documentation for the .NET SDK here, and example code for the authorization flow here.
I think, you mean DropboxClient class instance will do this job.
I had to explain our goal more: We are adding Dropbox upload capability to our ASP.NET website. As a matter of fact, I have used java script SDK for achieving our goals , but I think I should not put app key or secret in java script, which will observable to all users.
so I think, we will generate access token in server side (aka .NET), and send that to java script side.
Is my assumption true? If yes, by reading the document I cannot find a way to get access token out of .NET SDK DropboxClient. how can I get it?
thanks in advance.
Hi again @Esikhoob,
I see what you mean. Dropbox .NET SDK unfortunately is not designed in a way to be possible such things. The fields you're interested in are hidden/private. So no, you cannot use the provided SDK as is, but you can use the sources as a template and re-implement it (with some slight changes - expose needed access token with some method for instance) so you can get access token after you make sure it's actual (using the proper method). You don't need a client object if you don't plane make regular API calls server side. The only object you need, in such a case, is DropboxRequestHandler class instance (after the class modification or another derived class declaration). 😉
Hope this gives direction.
@Esikhoob As it is best not to leak your app secret to users, you can instead use the "PKCE" app authorization flow with the JavaScript SDK itself. The PKCE flow is intended for client-side applications and does not require the use of the app secret. You can find an example of using it with the JavaScript SDK here.
Thanks all for these helping answers.
@Greg-DBI read PKCE documentation, but I don`t understand the purpose of eliminating app secret, since others also can call the API without it.
@Esikhoob PKCE is a feature of the OAuth 2 specification. For more information on it, in addition to our own OAuth Guide and authorization documentation, you may be interested in reading the OAuth 2 PKCE specification and resources.
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!