You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
baltasarq
2 years agoHelpful | Level 5
Dropbox Java client for Android: how to refresh token?
My app just needs to upload a backup file to a dropbox account from mine, so the access must be off-line (no prompting to the user, that would be confusing). This is carried out when the user finishe...
- 2 years ago
Okay, solved.
I summarized the process in the following notes:
Dropbox client API
1Cloud backup with the Dropbox API
Until september 2022, it was possible to generate an access token, use it when creating the client, and don’t worry again about authorization. This is not possible anymore, so in order to create a backup system the most similar access system is PKCE for an offline app.
2Refresh token
After creating the app in the App Console, ignore the “generate token” option since this only creates a token valid for about 4 hours (though there is no note about this). Keep the PKCE activated.
Now, paste the following line in the address bar of your browser:
https://www.dropbox.com/oauth2/authorize?token_access_type=offline&response_type=code&client_id=<App key>
You need to substitute <App Key> for the application key that appears in the App Console. Keep the App Secret code near, as well.
You will authorize the app only once through that URL, and the answer will be the so called authorization code, an hexadecimal code. You need to take note of this code.
3Obtaining the refresh token
Now you have to open a terminal and paste there:
curl https://api.dropbox.com/oauth2/token -d code=<Authorization Code> -d grant_type=authorization_code -u <App key>:<App secret>
You have to substitute <Authorization Code> with the last obtained token, <App Key> with the App Key and <App Secret> with the App Secret, these latter appearing in the App Console.
The answer will be a JSON piece of data similar to the following one:
{ "access_token":"sl...", "token_type": "bearer", "expires_in": 14400, "refresh_token": "oDfT54975DfGh12345KlMnOpQrSt01a", "scope": "account_info.read files.content.read ...", "uid": "123...", "account_id": "dbid:AB..." }
The access token would be valid for the app to access Dropbox for 4 hours (expires_in). Note the “sl.” prefix (Short Lived). The important code here is refresh_token, which is a permanent token that you can access Dropbox with.
4Using the Java API
The problem with the API is that it is not always intuitive to use. With the PKCE access system, we only need to change the Dropbox client object in respect to what appears in the documentation.
final String APP_PACKAGE = OWNER.getPackageName(); final DbxRequestConfig CONFIG = DbxRequestConfig.newBuilder( APP_PACKAGE ).build(); final DbxCredential CREDENTIALS = new DbxCredential( "", 0L, <dropbox refresh token>, <app key>, <app secret> ); this.DBOX_CLIENT = new DbxClientV2( this.CONFIG, CREDENTIALS );
The remaining code is left untouched.
baltasarq
Helpful | Level 5
The problem is that I'm not using the HTTP API, I have to refer myself to the Java SDK API, and I don't understand how the possible HTTP messages should be "translated" to the API calls.
Greg-DB
2 years agoDropbox Staff
baltasarq Здравко is correct; the Dropbox SDKs, including the Dropbox Java SDK, themselves call the Dropbox HTTP API. You can certainly just use the Dropbox Java SDK though. The second half of my previous message contains links specific to the Dropbox Java SDK, so refer to those for information on how to use that.
Anyway, to be clear, "access tokens" and "refresh tokens" are different types of tokens, and are not interchangeable. Refresh tokens can be used to programmatically retrieve more access tokens.
In order to get a refresh token, it is necessary to authorize the app via the app authorization web page. This only needs to be done once per account though.
The Dropbox Java SDK implements the same functionality as documented for the HTTP API. You can use the SDK or the HTTP interface directly; either way is fine and that is up to you.
The PKCE flow is recommended for client-side applications, such as Android apps.
If you're implementing the authorization flow on Android, it is recommended that you use the startOAuth2PKCE functionality as shown in the example I linked. That functionality in the SDK will do most of the work for you.
- baltasarq2 years agoHelpful | Level 5
> the Dropbox SDKs, including the Dropbox Java SDK, themselves call the Dropbox HTTP API. You can certainly just use the Dropbox Java SDK...
I know that, I was simply noting that this does not help me to know the sequence of which classes and methods to call.
> The PKCE flow is recommended for client-side applications, such as Android apps. If you're implementing the authorization flow on Android, it is recommended that you use the startOAuth2PKCE functionality as shown in the example I linked. That functionality in the SDK will do most of the work for you.
Maybe I'm missing something big, but the app (Kotlin, not Java, but all right, I guess I'd be able to translate), does not contain a call to startOAuth2PKCE() which I had been able to find.
I'will try and pick up from here with PKCE. I'd like to note, however, that for a such important change in the API there is scarce info and documentation (many times obsolete), to follow, at least for the type of app (off-line) that I intend to write.
Thanks,
-- Baltasar
- Greg-DB2 years agoDropbox Staff
baltasarq Thanks for the feedback!
The startOAuth2PKCE method is defined here. If you're not seeing that method in your installation, please make sure you're using a recent version of the SDK. The latest version is currently v5.4.5.
Also, the Android example here is written in Kotlin, e.g., see the DropboxOAuthUtil.kt file.
For reference the startOAuth2PKCE method does automatically request "offline" access, in order to get a refresh token.
- baltasarq2 years agoHelpful | Level 5
> @baltasarq Thanks for the feedback!
I found the code in the internal/ folder.
> The startOAuth2PKCE method is defined here. If you're not seeing that method in your installation, please make sure you're using a recent version of the SDK. The latest version is currently v5.4.5.
Yep. But, I guess that this initial authorize is only needed once, right? Then I should be able to access with a single token...
Thanks,
-- Baltasar
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,886 PostsLatest Activity: 2 hours agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!