One month down in 2025: How are your resolutions coming along? Check out how to get back on track here.
Forum Discussion
Solved
refresh token is malformed
I am trying to generate new access token using app_key, app_secret and refresh_token obtained using the following url.
https://www.dropbox.com/oauth2/authorize?client_id=<APP_KEY>&token_access_...
Thanks for following up and sharing your code. I'm glad to hear you got this sorted out.
To confirm, the refresh token is not the value returned by www.dropbox.com/oauth2/authorize... itself. Using www.dropbox.com/oauth2/authorize with 'response_type=code' gives an 'authorization code' (sometimes also called 'access code').
The refreshToken value should be the 'refresh_token' returned by /oauth2/token when you called /oauth2/token with 'grant_type=authorization_code'. That's different from the 'access token' as well as the 'authorization code'; the three are not interchangeable.
For anyone looking for more information, refer to the following resources for information on how to use the app authorization flow:
Hi helloBichya,
Ok, but how/where did you get your refresh token from? 🧐 You haven't shown that in your post. 🤔.
... or maybe you're trying use the code as a refresh token? 😁 They are different things. 😉 Take a look once again in documentation.
Hope this helps.
Yes, you are right. I am dumb. Thank you for the help @Здравко . I treated the authorization code as refresh token.
My story -
I want to post images to dropbox from netlify functions. I used short lived access tokens , since they expire i wanted refresh token to get a new short lived access token.
Solution for someone like me- (If your use case is similar to mine)
Step 1 - Generate authorization code for your app through the following url by replacing <APP_KEY> with your app key.
https://www.dropbox.com/oauth2/authorize?client_id=<APP_KEY>&token_access_type=offline&response_type=code
Step 2 - After replacing visit the url and grant authorization. An authorization code will get generated (43 characters approx). copy that.
Step 3 - Now we have to pass authorization code, app_key , app_secret to curl request to generate refresh token. I am using postman.
Flow - Open Postman -> Import -> Raw text -> paste curl request and replace <APP_KEY>, <APP_SECRET>, <ACCESS_CODE> (i.e authorization code) -> Continue -> Send Request.
curl --location --request POST 'https://api.dropboxapi.com/oauth2/token' \
-u '<APP_KEY>:<APP_SECRET>'
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'code=<ACCESS_CODE>' \
--data-urlencode 'grant_type=authorization_code'
Done - You have obtained json which contains refresh_token.
________________________________________________________________________________
Now if you want to get new access token , you can use below code. or use dropbox sdk.
Code -
const axios = require('axios');
const clientId = 'xx';
const clientSecret = 'xx';
const refreshToken = 'xx';
axios({
method: 'post',
url: 'https://api.dropbox.com/oauth2/token',
params: {
grant_type: 'refresh_token',
refresh_token: refreshToken,
client_id: clientId,
client_secret: clientSecret
}
})
.then(response => {
const accessToken = response.data.access_token;
console.log(`Access token: ${accessToken}`);
// Use the access token to make API requests
})
.catch(error => {
console.error(error);
});
About Discuss Dropbox Developer & API
Make connections with other developers
