You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

baltasarq's avatar
baltasarq
Helpful | Level 5
2 years ago

Dropbox Java client for Android: how to refresh token?

My app just needs to upload a backup file to a dropbox account from mine, so the access must be off-line (no prompting to the user, that would be confusing). This is carried out when the user finishes inputting data. I previously used the API with the following code (Java SDK):

 

DbxRequestConfig config = DbxRequestConfig.newBuilder( getPackageName() ).build();
DbxClientV2 client = new DbxClientV2( config, getString( R.string.dropbox_token ) );

client.files()
.uploadBuilder( toPath )
.withMode( WriteMode.OVERWRITE )
.uploadAndFinish( in );

 

But now this does not work anymore, or better speaking, it works but the token expires, so it only works once. I've looked the docs for the Java SDK, but there doesn't seem to be a simple example for offline access.

What I tried so far:
- I obtained an access token, that allows the initial authentication.
- I substituted the generated short-lived token with an access token. But this does not work by itself.
- There is a promising method in the client that refreshes a token, so I tried calling it and creating a new client, before uploading the file:

 

try {
    DbxRefreshResult result = client.refreshAccessToken();
    DbxCredential credentials = new DbxCredential(
        getString( R.string.dropbox_token ),
        Long.MAX_VALUE,
        result.getAccessToken(),
        getString( R.string.dropbox_key ),
        getString( R.string.dropbox_secret ) );

client = new DbxClientV2( config, credentials );
} catch (DbxException e) {
    System.err.println( "Error refreshing token: " + e.getMessage());
}

 

The refreshing apparently works (no errors, at least), but then the upload fails with a new error: invalid_access_token.

So, should I create a new client with the refresh token or not? Am I refreshing the token correctly?

 

  • baltasarq's avatar
    baltasarq
    2 years ago

    Okay, solved.

    I summarized the process in the following notes:

     

    Dropbox client API

     

    1Cloud backup with the Dropbox API

    Until september 2022, it was possible to generate an access token, use it when creating the client, and don’t worry again about authorization. This is not possible anymore, so in order to create a backup system the most similar access system is PKCE for an offline app.

    2Refresh token

    After creating the app in the App Console, ignore the “generate token” option since this only creates a token valid for about 4 hours (though there is no note about this). Keep the PKCE activated.

     

    Now, paste the following line in the address bar of your browser:

     

    https://www.dropbox.com/oauth2/authorize?token_access_type=offline&response_type=code&client_id=<App key>

     

    You need to substitute <App Key> for the application key that appears in the App Console. Keep the App Secret code near, as well.

     

    You will authorize the app only once through that URL, and the answer will be the so called authorization code, an hexadecimal code. You need to take note of this code.

     

    3Obtaining the refresh token

    Now you have to open a terminal and paste there:

     

    curl https://api.dropbox.com/oauth2/token -d code=<Authorization Code> -d grant_type=authorization_code -u <App key>:<App secret>

     

    You have to substitute <Authorization Code> with the last obtained token, <App Key> with the App Key and <App Secret> with the App Secret, these latter appearing in the App Console.

     

    The answer will be a JSON piece of data similar to the following one:

     

    {
        "access_token":"sl...",
        "token_type": "bearer",
        "expires_in": 14400,
        "refresh_token": "oDfT54975DfGh12345KlMnOpQrSt01a",
        "scope": "account_info.read files.content.read ...",
        "uid": "123...",
        "account_id": "dbid:AB..."
    }

     

    The access token would be valid for the app to access Dropbox for 4 hours (expires_in). Note the “sl.” prefix (Short Lived). The important code here is refresh_token, which is a permanent token that you can access Dropbox with.

     

    4Using the Java API

    The problem with the API is that it is not always intuitive to use. With the PKCE access system, we only need to change the Dropbox client object in respect to what appears in the documentation.

     

            final String APP_PACKAGE = OWNER.getPackageName();
            final DbxRequestConfig CONFIG = DbxRequestConfig.newBuilder( APP_PACKAGE ).build();
            final DbxCredential CREDENTIALS = new DbxCredential(
                    "",
                    0L,
                    <dropbox refresh token>,
                    <app key>,
                    <app secret> );
    
            this.DBOX_CLIENT = new DbxClientV2( this.CONFIG, CREDENTIALS );

     

    The remaining code is left untouched.

     

    • baltasarq's avatar
      baltasarq
      Helpful | Level 5

      The problem is that I'm not using the HTTP API, I have to refer myself to the Java SDK API, and I don't understand how the possible HTTP messages should be "translated" to the API calls.

       

      • Здравко's avatar
        Здравко
        Legendary | Level 20

        baltasarq wrote:

        The problem is that I'm not using the HTTP API, I have to refer myself to the Java SDK API, ...


        You don't need to do much more than you already have done. You're using HTTP API actually, in spit not directly; That's what Dropbox SDKs are for (not only Java Dropbox SDK). 😉 Of course, you can manage the API calls directly, but you don't need to.

         


        baltasarq wrote:

        ... I don't understand how the possible HTTP messages should be "translated" to the API calls.


        They should NOT!!! 😁 All Dropbox API calls themselves are HTTP requests. SDK just hides this and make developer life easier. That's it.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    [Cross-linking for reference: https://stackoverflow.com/questions/77059304/dropbox-java-client-for-android-how-to-refresh-token ]

     

    Dropbox is no longer offering the option for creating new long-lived access tokens. Dropbox is now issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here.

    Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. Refresh tokens do not expire and can be store and re-used repeatedly. While you do need to use the OAuth app authorization flow to get a refresh token, this only needs to be done once per account. You can find more information in the OAuth Guide and authorization documentation. There's a basic outline of processing this flow in this blog post which may serve as a useful example.

     

    The official Dropbox Java SDK can actually handle the process for you automatically, as long as you supply the necessary credentials, e.g., as shown retrieved in the examples here. For instance, for a client-side app, such as a desktop app, you should use the PKCE flow, e.g., as shown here. That allows you to make and save a DbxCredential with a refresh token as shown here. With that, you can make API calls like shown here.
     
    For Android apps using the official Dropbox Java SDK, you should use the updated authorization functionality, starting with the startOAuth2PKCE method. You can find an example app here. For instance, you can see where that starts in the code here and how the result is handled here. When you use that functionality as shown, the SDK will then handle the refresh process for you automatically.

    • baltasarq's avatar
      baltasarq
      Helpful | Level 5

      Hi Greg, many thanks for answering. I guess you're tired of answering (more or less) the same questions repeatedly.

       

      > Dropbox is no longer offering the option for creating new long-lived access tokens. (...)

      Sure I know, that's why my life is miserable. 😉

       

      > Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. (...)

      Great. I've already got this token through a call to the HTTP API, though I thought it was called "access token".

       

      > The official Dropbox Java SDK can actually handle the process for you automatically, as long as you supply the necessary credentials, e.g., as shown retrieved in the examples here

      The problem with all these examples is that they trigger an oauth2 web page authorization which must be answered by the user, something I don't want.

       

      > There's a basic outline of processing this flow in this blog post which may serve as a useful example.
      The matter is how to these HTTP API calls should be translated to method calls in the Java SDK, something that is not detailed anywhere for my particular case.

       

      > For Android apps using the official Dropbox Java SDK, you should use the updated authorization functionality, starting with the startOAuth2PKCE method.

      Okay, then should I forget about tokens and use this PKCE method? Just to be sure.

       

      Many thanks again.
      -- Baltasar

       

  • Здравко's avatar
    Здравко
    Legendary | Level 20

    baltasarq wrote:

    ...

        DbxCredential credentials = new DbxCredential(
            getString( R.string.dropbox_token ),
            Long.MAX_VALUE,
            result.getAccessToken(),
            getString( R.string.dropbox_key ),
            getString( R.string.dropbox_secret ) );

    client = new DbxClientV2( config, credentials );

    ...


    baltasarq, You can correct the above code in following way:

        DbxCredential credentials = new DbxCredential(
            "", // Empty values here to force the initial refresh.
            0, //
            refreshToken,
            appKey,
            appSecret );

    client = new DbxClientV2( config, credentials );

    Assign to refreshToken, appKey, and appSecret to the values according to the guide here. So you wouldn't need to do anything OAuth related inside your application.

    Hope this gives answer to your "main" question. 😉

    Good luck.

    • baltasarq's avatar
      baltasarq
      Helpful | Level 5

      > You can correct the above code in following way:

      Done, thank you.

      > Assign to refreshToken, appKey, and appSecret to the values according to the guide here. So you wouldn't need to do anything OAuth related inside your application. Hope this gives answer to your "main" question. 😉


      It works!! But I have a side problem, for some reason, (probably because I entered the curl commands you linked in my computer's console), now my personal Dropbox is connected to the app, while I wanted another specific Dropbox to be linked... I'll probably have to unlink and start the process again, I guess converting all the curl commands to URL's.

       

      Also, I want to check tomorrow whether it still works or something is still expiring, which would mean that I'd anyway have to refresh inside my code. Let's see.

       

      Many thanks,

      -- Baltasar

       

      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Staff rankDropbox Staff

        baltasarq The account that gets connected is determined by which account you're signed in to in your browser when you authorize the app. If you want to use a different account, you'll need to switch to that account in your browser and process the authorization flow again.

    • baltasarq's avatar
      baltasarq
      Helpful | Level 5

      Okay, solved.

      I summarized the process in the following notes:

       

      Dropbox client API

       

      1Cloud backup with the Dropbox API

      Until september 2022, it was possible to generate an access token, use it when creating the client, and don’t worry again about authorization. This is not possible anymore, so in order to create a backup system the most similar access system is PKCE for an offline app.

      2Refresh token

      After creating the app in the App Console, ignore the “generate token” option since this only creates a token valid for about 4 hours (though there is no note about this). Keep the PKCE activated.

       

      Now, paste the following line in the address bar of your browser:

       

      https://www.dropbox.com/oauth2/authorize?token_access_type=offline&response_type=code&client_id=<App key>

       

      You need to substitute <App Key> for the application key that appears in the App Console. Keep the App Secret code near, as well.

       

      You will authorize the app only once through that URL, and the answer will be the so called authorization code, an hexadecimal code. You need to take note of this code.

       

      3Obtaining the refresh token

      Now you have to open a terminal and paste there:

       

      curl https://api.dropbox.com/oauth2/token -d code=<Authorization Code> -d grant_type=authorization_code -u <App key>:<App secret>

       

      You have to substitute <Authorization Code> with the last obtained token, <App Key> with the App Key and <App Secret> with the App Secret, these latter appearing in the App Console.

       

      The answer will be a JSON piece of data similar to the following one:

       

      {
          "access_token":"sl...",
          "token_type": "bearer",
          "expires_in": 14400,
          "refresh_token": "oDfT54975DfGh12345KlMnOpQrSt01a",
          "scope": "account_info.read files.content.read ...",
          "uid": "123...",
          "account_id": "dbid:AB..."
      }

       

      The access token would be valid for the app to access Dropbox for 4 hours (expires_in). Note the “sl.” prefix (Short Lived). The important code here is refresh_token, which is a permanent token that you can access Dropbox with.

       

      4Using the Java API

      The problem with the API is that it is not always intuitive to use. With the PKCE access system, we only need to change the Dropbox client object in respect to what appears in the documentation.

       

              final String APP_PACKAGE = OWNER.getPackageName();
              final DbxRequestConfig CONFIG = DbxRequestConfig.newBuilder( APP_PACKAGE ).build();
              final DbxCredential CREDENTIALS = new DbxCredential(
                      "",
                      0L,
                      <dropbox refresh token>,
                      <app key>,
                      <app secret> );
      
              this.DBOX_CLIENT = new DbxClientV2( this.CONFIG, CREDENTIALS );

       

      The remaining code is left untouched.

       

      • Здравко's avatar
        Здравко
        Legendary | Level 20

        baltasarq, Just a note: In your web browser you're receiving authorization code, not access token! They are different things. 😉

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,882 PostsLatest Activity: 3 years ago
325 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!