1

In Refresh token is not returned from Dropbox API when using grant_type=refresh_token

The poster asks why he's not getting a new refresh token when using the new dropbox v2 api.

The answer is that it's not needed. Refresh tokens don't expire from dropbox unless revoked.

Is that still the case? I'm reading in https://developers.dropbox.com/oauth-guide

That "When using refresh tokens, your call to the /oauth2/token endpoint with the grant_type of authorization_code will return a new short-lived access token and a new refresh token, which should be securely stored."

But I'm still not seeing a refresh token when I use one to get an access token.

Request: POST https://api.dropbox.com/oauth2/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: api.dropbox.com Content-Length: 363 Expect: 100-continue Connection: Keep-Alive refresh_token=<TOKEN>&grant_type=refresh_token&client_id=<ID>&client_secret=<Secret>&scope=account_info.write+account_info.read+files.metadata.write+files.metadata.read+files.content.write+files.content.read+sharing.write+sharing.read+file_requests.write+file_requests.read+contacts.write Response HTTP/1.1 200 OK Cache-Control: no-cache Content-Type: text/javascript Date: Thu, 29 Apr 2021 13:30:50 GMT Pragma: no-cache Server: envoy X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Server-Response-Time: 35 Vary: Accept-Encoding X-Dropbox-Response-Origin: far_remote X-Dropbox-Request-Id: 744233e362ac4b20a00e7a862ae90a16 Content-Length: 395 {"token_type": "bearer", "access_token": "token", "expires_in": 14400, "scope": "account_info.read contacts.write file_requests.read file_requests.write files.content.read files.content.write files.metadata.read files.metadata.write sharing.read sharing.write"}

I'm using the .net api to exchange my refresh token for an access token. But don't see how I'd get the new refresh token back even if it was on the wire. Which it does not appear to be. The refresh tokens themselves don't seem to be expiring when I use them to get access tokens. Will that change in the future?

_DropBoxClient = new DropboxClient(string.Empty, dbap.RefreshToken, sApiKey, sApiSecret, config); var newScopes = new string[] { "account_info.write", "account_info.read", "files.metadata.write", "files.metadata.read", "files.content.write", "files.content.read", "sharing.write", "sharing.read", "file_requests.write", "file_requests.read", "contacts.write" }; bool success = Task.Run<bool>(async () => await _DropBoxClient.RefreshAccessToken(newScopes)).Result;
Improve this question
1
  • Ah above, my grant type is "refresh_token" not "authorization" as it mentions in the documentation I quoted. So maybe that's why I get no new refresh token. We don't need it. Commented Apr 29, 2021 at 15:29

1 Answer 1

Reset to default
1

The Dropbox API /oauth2/token endpoint does not return a new refresh token during the refresh process, nor are there plans to make it do so. The official documentation for the Dropbox /oauth2/token endpoint can be found here.

The Dropbox OAuth Guide is referring to when you call /oauth2/token for grant_type=authorization_code, i.e., when first exchanging the authorization code for a short-lived token and (optional) refresh token. (Apologies the "new" there is misleading. We'll fix that up.)

When you call /oauth2/token for grant_type=refresh_token, i.e., when using a refresh token to get a new short-lived access token, it will not return another refresh token.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.