We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.

Forum Discussion

helloBichya's avatar
helloBichya
Explorer | Level 4
2 years ago

refresh token is malformed

I am trying to generate new access token using app_key, app_secret and refresh_token obtained using the following url.

 

https://www.dropbox.com/oauth2/authorize?client_id=<APP_KEY>&token_access_type=offline&response_type=code

but the response returned is

 

 

 

 

    data: {
      error: 'invalid_grant',
      error_description: 'refresh token is malformed'
    }

 

 

 

 

My App Specifications -

Permission Type -Scoped App (App Folder)

 

Code - 

 

 

 

 

const axios = require('axios');

	const clientId = 'xx';
	const clientSecret = 'xx';
	const refreshToken = 'xx';
	
	axios({
	  method: 'post',
	  url: 'https://api.dropbox.com/oauth2/token',
	  params: {
		grant_type: 'refresh_token',
		refresh_token: refreshToken,
		client_id: clientId,
		client_secret: clientSecret
	  }
	})
	.then(response => {
	  const accessToken = response.data.access_token;
	  console.log(`Access token: ${accessToken}`);
	  // Use the access token to make API requests
	})
	.catch(error => {
	  console.error(error);
	});
	

 

 

 

 

 

 

  • Здравко's avatar
    Здравко
    Legendary | Level 20

    Hi helloBichya,

    Ok, but how/where did you get your refresh token from? 🧐 You haven't shown that in your post. 🤔.

     

    ... or maybe you're trying use the code as a refresh token? 😁 They are different things. 😉 Take a look once again in documentation.

    Hope this helps.

    • helloBichya's avatar
      helloBichya
      Explorer | Level 4

      Yes, you are right. I am dumb. Thank you for the help @Здравко . I treated the authorization code as refresh token.
      My story -

      I want to post images to dropbox from netlify functions. I used short lived access tokens , since they expire i wanted refresh token to get a new short lived access token.

       

      Solution for someone like me- (If your use case is similar to mine)

       

      Step 1 - Generate authorization code for your app through the following url by replacing <APP_KEY> with your app key.

      https://www.dropbox.com/oauth2/authorize?client_id=<APP_KEY>&token_access_type=offline&response_type=code

      Step 2 - After replacing visit the url and grant authorization. An authorization code will get generated (43 characters approx). copy that.

      Step 3 - Now we have to pass authorization code, app_key , app_secret to curl request to generate refresh token. I am using postman.  

      Flow - Open Postman -> Import -> Raw text -> paste curl request and replace <APP_KEY>, <APP_SECRET>, <ACCESS_CODE> (i.e authorization code) -> Continue -> Send Request.

       

      curl --location --request POST 'https://api.dropboxapi.com/oauth2/token' \
      -u '<APP_KEY>:<APP_SECRET>'
      -H 'Content-Type: application/x-www-form-urlencoded' \
      --data-urlencode 'code=<ACCESS_CODE>' \
      --data-urlencode 'grant_type=authorization_code'

       

       Done - You have obtained json which contains refresh_token. 

      ________________________________________________________________________________

       

      Now if you want to get new access token , you can use below code. or use dropbox sdk.

       

      Code - 

       

      const axios = require('axios');
      
      	const clientId = 'xx';
      	const clientSecret = 'xx';
      	const refreshToken = 'xx';
      	
      	axios({
      	  method: 'post',
      	  url: 'https://api.dropbox.com/oauth2/token',
      	  params: {
      		grant_type: 'refresh_token',
      		refresh_token: refreshToken,
      		client_id: clientId,
      		client_secret: clientSecret
      	  }
      	})
      	.then(response => {
      	  const accessToken = response.data.access_token;
      	  console.log(`Access token: ${accessToken}`);
      	  // Use the access token to make API requests
      	})
      	.catch(error => {
      	  console.error(error);
      	});

       

       

       

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    Thanks for following up and sharing your code. I'm glad to hear you got this sorted out.

     

    To confirm, the refresh token is not the value returned by www.dropbox.com/oauth2/authorize... itself. Using www.dropbox.com/oauth2/authorize with 'response_type=code' gives an 'authorization code' (sometimes also called 'access code').

     

    The refreshToken value should be the 'refresh_token' returned by /oauth2/token when you called /oauth2/token with 'grant_type=authorization_code'. That's different from the 'access token' as well as the 'authorization code'; the three are not interchangeable.

     

    For anyone looking for more information, refer to the following resources for information on how to use the app authorization flow:

About Discuss Dropbox Developer & API

Node avatar for Discuss Dropbox Developer & API

Make connections with other developers

795 PostsLatest Activity: 7 days ago
192 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!