We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.

Forum Discussion

rafaelbelda's avatar
rafaelbelda
New member | Level 2
2 years ago

Problems with the short-lived token for my App

Hello,

I am making a python script that downloads all the files in a Apps folder that I set up for this specific reason. The script is ment to keep me and my friends updated in our workflow. However, after a while, the App token expired and we lost access to the folder; with a bit of research I found out that Dropbox is no longer using permanent tokens and migrated to short-lived tokens and a optional refresh token w/ oauth2.

I am very confused on how to keep the connection alive and from the tutorials that I've watched on YouTube, it looks way to complicated for a simple script, because of this I am even considering changing services and trying to find a easier option. I've never worked with oauth2 before if you haven't guessed already, do I really need to authenticate every time to get the token? I really don't want 50% of my code being just the auth process.


That's lliterally what I was using to connect to DB with the short-lived token:

def getDropbox():
    dbx_token = open(os.path.join(path_config,"dropbox_token.txt"),"r").read()
    return dropbox.Dropbox(dbx_token)


I know there are security risks involved in a permanent token but this is just a quick fix for something that doesn't need to be that secured. I just wanted that my script could always download that files everytime without having to manually generate a new token. 


Thank you if you have the time to answer. Also, sorry for any English/code knowledge mistakes, I just program for fun    = )

 

- Rafael 

  • Здравко's avatar
    Здравко
    Legendary | Level 20
    2 years ago

    In a very similar way, just instead of single access token, use refresh token and application key/secret for the client object initialization. Everything else can stay the same.

    Hope this gives direction.

    • rafaelbelda's avatar
      rafaelbelda
      New member | Level 2
      2 years ago
      Thank you for replying and for the direction, I will try to integrate that tomorrow and I will get back with the solution.
  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff
    2 years ago

    rafaelbelda Здравко is correct; for long-term access you should use a refresh token. Refresh tokens do not expire and can be used repeatedly. You do not need to re-authorize the app each time. Once you have a refresh token you can store and re-use that refresh token without further manual action.

     

    The official Dropbox Python SDK will handle the details of how to use a refresh token for you, so you would just need to make the Dropbox client object like this, if you used PKCE to retrieve the refresh token:

    dropbox.Dropbox(oauth2_refresh_token=REFRESH_TOKEN, app_key=APP_KEY)

    or like this, if you did not use PKCE to retrieve the refresh token:

    dropbox.Dropbox(oauth2_refresh_token=REFRESH_TOKEN, app_key=APP_KEY, app_secret=APP_SECRET)

     

    For reference, you can find more information on how this works at the following resources:

     

    • rafaelbelda's avatar
      rafaelbelda
      New member | Level 2
      2 years ago

      Thank you for the extra detail, that was easier than I thought it was; I will try that later. Appreciate the help.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,877 PostsLatest Activity: 12 months ago
325 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!