Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

re-usable refresh tokens for dropbox api?

Tags:

dropbox-api

I'm using the .net api for v2 using the code flow scenario. I was under the impression that this is what you use to get a refresh token you can save and re-use to get new access tokens after the user authorizes your app once.

after a doing a call like below, I navigate the uri the call provides.

var redirect = DropboxOAuth2Helper.GetAuthorizeUri(OauthResponseType.Code, AppKey, RedirectUri, user.ConnectState);

I parse the result for the code parameter which I then feed to ProcessCodeFlowAsync(). That only works to get the access token once. If I save and try to use it again, I get "code has already been used : invalid grant" errors.

I thought what I was getting was a refresh token but repeatedly feeding it ProcessCodeFlowAsync is not working. How do I get a refresh token that I can use repeatedly to get access tokens without having to have the user authorize every time. I am cacheing and re-using the auth token not the access token by the way.

like image 241
Dan G Avatar asked Nov 01 '16 20:11

Dan G

People also ask

How do I refresh my Dropbox access token?

To update your access token, call the /oauth2/token endpoint - specifying your refresh_token as a parameter and using the grant_type of refresh_token. The endpoint will return a new short-lived access token and a timestamp indicating its expiration time. Working with refresh tokens is easier with an SDK.

Can refresh tokens be reused?

This protection mechanism works regardless of whether the legitimate client or the malicious client is able to exchange refresh token 1 for a new token pair before the other. As soon as reuse is detected, all subsequent requests will be denied until the user re-authenticates.

How long does a Dropbox refresh token last?

That token will last for 4 hours, before expiring. It's enough to test your app, but not for long-term use. We'll cover how to create a long-lived access token (with a refresh token) shortly.

How do I get my API refresh token?

To get a refresh token, you must include the offline_access scope when you initiate an authentication request through the /authorize endpoint. Be sure to initiate Offline Access in your API. For more information, read API Settings.

2 Answers

The Dropbox API doesn't use refresh tokens. Instead, you should just store and re-use the access token you get at the end of the app authorization flow.

The user or app can revoke an access token at any time though, so if/when API calls start failing due to a revoked access token, you can prompt the user to re-link the app if they want to continue using the integration, so the app can get a new token.

(The "code" you pass to ProcessCodeFlowAsync is an "authorization code", which is not re-usable.)

like image 139
Greg Avatar answered Sep 28 '22 05:09

Greg

The accepted answer was probably correct at the time but Dropbox API now does support refresh tokens.

Check the Refresh token section here: https://www.dropbox.com/lp/developers/reference/oauth-guide

like image 35
Adarsh Konchady Avatar answered Sep 28 '22 05:09

Adarsh Konchady
Sign in to Comment

Related questions

How do I authenticate a Dropbox app and use the API without leaving the webpage?
iOS Dropbox API "not currently support by MPOAuthConnection" occur after changing user
reading raw data in R to be saved as .RData file using the dropbox api
How to upload/download a file from/to dropbox using Xcode
Dropbox.js authentication in Cordova/PhoneGap
Dropbox web hook on file added?
How to import dropbox Chooser SDK in Android Studio?
Do I need a Dropbox app to upload files to my own Dropbox?
What is maximum file size to upload via Dropbox API v2?
Reading .txt file from shared linked from dropbox Android studio
How to unlink or log out of dropbox account on iOS
Dropbox api "USER TOKEN", "USER SECRET"

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!