Login/Register
How to create not expires token in Dropbox API v2?
Asked Answered
Solved videodropbox-api
H

3

6

As the title says, after the recent revision of the Dropbox API, the Token started to have an expiration time..

In the past, if I did not revoke, the Token could be used permanently. Maybe the expiration time is added for security reasons.

However, this is very inconvenient for my application. I will need to upload files for a very long time (maybe for more than a month at a time).

According to the current API, I can only refresh the token repeatedly to keep the token no expires...

Does anyone know if there is still a way to create a set of tokens that will not expire in the current Dropbox API?

Harveyharvie answered 18/3, 2022 at 8:29 Comment(1)
i have the same problem, i migrated to google drive and it's much cheaperChlorosis
L
5

Dropbox is in the process of switching to only issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here.

Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation.

For reference, while the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption, if you have any. Also, note though that after the change you won't be able to create new long-lived access tokens.

While the change began on September 30th 2021, we're releasing it gradually, so you may not have seen your app(s) affected until now. Once it applies to your app, it would apply regardless of the "Access token expiration" setting for your app, and that setting may no longer be available for your app.

Launceston answered 18/3, 2022 at 11:57 Comment(3)
What if i am running a process that can't be interrupted and lasts more than 4 hours (the default expiration time for the access tokens) . In this case, the refresh token is not useful as the process can't be interrupted or it will start from scratch.Laryngoscope
@Laryngoscope if you have a refresh token, you can programmatically get a new short-lived access token whenever you need during your process. While individual short-lived access tokens only last for four hours each, you can get a new one before or after four hours as necessary, in order to continue making further API calls uninterrupted during your process.Launceston
I am talking about rclone => I am afraid this is not possible in my case.Laryngoscope
S
6

Here is all you need to do to get the refresh token, code snippets are in C#

Step 1: Visit the following URL and finish the steps. in the final step, you should see the Access Code Generated printed on the screen, copy the code.

https://www.dropbox.com/oauth2/authorize?client_id=YOUR_APP_KEY&response_type=code&token_access_type=offline

Step 2: Get the refresh token using the following code: (NOTE: you'll only need to do it once)

using (var httpClient = new HttpClient())
{
    using (var request = new HttpRequestMessage(new HttpMethod("POST"), "https://api.dropbox.com/oauth2/token"))
    {
        var base64authorization = Convert.ToBase64String(Encoding.ASCII.GetBytes("YOUR_APP_KEY:YOUR_APP_SECRET"));
        request.Headers.TryAddWithoutValidation("Authorization", $"Basic {base64authorization}"); 

        var contentList = new List<string>();
        contentList.Add("code=ACCESS_CODE_FROM_STEP_1");
        contentList.Add("grant_type=authorization_code");
        request.Content = new StringContent(string.Join("&", contentList));
        request.Content.Headers.ContentType = MediaTypeHeaderValue.Parse("application/x-www-form-urlencoded"); 

        var response = await httpClient.SendAsync(request);
        // process the response
    }
}

The response should be something like this:

{
    "uid": "XXXXXXXX",
    "access_token": "XXXXXXXX",
    "expires_in": 14400,
    "token_type": "bearer",
    "scope": "files.content.read files.content.write",
    "refresh_token": "XXXXXXXX",
    "account_id": "dbid:XXXXXXXX"
}

You're looking for the refresh_token. you should securely store it

Step 3: Anytime you need a new access token, run the following code:

using (var httpClient = new HttpClient())
{
    using (var request = new HttpRequestMessage(new HttpMethod("POST"), $"https://api.dropbox.com/oauth2/token"))
    {
        var base64authorization = Convert.ToBase64String(Encoding.ASCII.GetBytes("YOUR_APP_KEY:YOUR_APP_SECRET"));
        request.Headers.TryAddWithoutValidation("Authorization", $"Basic {base64authorization}");

        var contentList = new List<string>();
        contentList.Add("refresh_token=REFRESH_TOEKN");
        contentList.Add("grant_type=refresh_token");
        request.Content = new StringContent(string.Join("&", contentList));
        request.Content.Headers.ContentType = MediaTypeHeaderValue.Parse("application/x-www-form-urlencoded");

        var res = httpClient.SendAsync(request).Result;
        // process the response
    }
}

The response should be something like this:

{
    "access_token": "XXXXXXXX",
    "token_type": "bearer",
    "expires_in": 14400
}

You're looking for the access_token. and also pay attention to expires_in value, you can and probably should store the access_token in some sort of memory cache in order to prevent requesting a new token on every API call.

Here is the curl for getting a new refresh token.

curl https://api.dropbox.com/oauth2/token -d grant_type=refresh_token -d refresh_token=<REFRESH_TOKEN> -u <APP_KEY>:<APP_SECRET>
Sparrow answered 16/11, 2022 at 6:51 Comment(0)
L
5

Dropbox is in the process of switching to only issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here.

Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation.

For reference, while the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption, if you have any. Also, note though that after the change you won't be able to create new long-lived access tokens.

While the change began on September 30th 2021, we're releasing it gradually, so you may not have seen your app(s) affected until now. Once it applies to your app, it would apply regardless of the "Access token expiration" setting for your app, and that setting may no longer be available for your app.

Launceston answered 18/3, 2022 at 11:57 Comment(3)
What if i am running a process that can't be interrupted and lasts more than 4 hours (the default expiration time for the access tokens) . In this case, the refresh token is not useful as the process can't be interrupted or it will start from scratch.Laryngoscope
@Laryngoscope if you have a refresh token, you can programmatically get a new short-lived access token whenever you need during your process. While individual short-lived access tokens only last for four hours each, you can get a new one before or after four hours as necessary, in order to continue making further API calls uninterrupted during your process.Launceston
I am talking about rclone => I am afraid this is not possible in my case.Laryngoscope
T
1

I've created a GitHub repo for this which handles this problem. https://github.com/FranklinThaker/Dropbox-API-Uninterrupted-Access

let me know if I'm missing something or something needs to be fixed in this repo. Thanks.

I've followed the official steps from here: https://www.dropbox.com/developers/documentation/http/documentation

enter image description here

Theis answered 10/4 at 6:44 Comment(3)
@starball It's updated in README.md in Github file. But, I'll also update my answer with more explanation as well.Theis
I provided also ES Module library to help in the same way : github.com/boly38/dropbox-refresh-tokenLilt
@Lilt I've been busy lately but I'll check that repo & NPM soon enough. Thanks for upgrading to more easy & flexible solution. I appreciate that.Theis

© 2022 - 2024 — McMap. All rights reserved.