Problem with refreshing token

[hapicatto]

I'm not making it work the SDK for renewing the authorization token, so after 4hs my apis stop working. Even the example returns error:

# YOU NEED TO INSERT YOUR APP KEY AND SECRET BELOW!
# Go to dropbox.com/developers/apps to create an app.
from selenium import webdriver
import dropbox
app_key = MY KEY
app_secret = MY SECRET

auth_flow = dropbox.DropboxOAuth2FlowNoRedirect(consumer_key=app_key, consumer_secret=app_secret, token_access_type='offline')

authorize_url = auth_flow.start()
print("1. Go to: " + authorize_url)
print("2. Click \"Allow\" (you might have to log in first).")
print("3. Copy the authorization code.")
auth_code = input("Enter the authorization code here: ").strip()

try:
    oauth_result = auth_flow.finish(auth_code)
except Exception as e:
    print('Error: %s' % (e,))
    exit(1)

with dropbox.Dropbox(oauth2_refresh_token=oauth_result.refresh_token, app_key=app_key) as dbx:
    dbx.users_get_current_account()
    print("Successfully set up client!")

it returns:

1. Go to: https://www.dropbox.com/oauth2/authorize?response_type=code&client_id=jk6ig4490l1ssa0&token_access_type=offline
2. Click "Allow" (you might have to log in first).
3. Copy the authorization code.
Enter the authorization code here: I INPUT THE CODE
Traceback (most recent call last):
  File "C:\Users\herna\Documents\VideoProcessingProject\renovating.py", line 23, in <module>
    dbx.users_get_current_account()
  File "C:\Users\herna\anaconda3\envs\intel\lib\site-packages\dropbox\base.py", line 5090, in users_get_current_account
    r = self.request(
  File "C:\Users\herna\anaconda3\envs\intel\lib\site-packages\dropbox\dropbox.py", line 292, in request
    self.check_and_refresh_access_token()
  File "C:\Users\herna\anaconda3\envs\intel\lib\site-packages\dropbox\dropbox.py", line 357, in check_and_refresh_access_token
    self.refresh_access_token(scope=self._scope)
  File "C:\Users\herna\anaconda3\envs\intel\lib\site-packages\dropbox\dropbox.py", line 397, in refresh_access_token
    res.raise_for_status()
  File "C:\Users\herna\anaconda3\envs\intel\lib\site-packages\requests\models.py", line 943, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://api.dropboxapi.com/oauth2/token

I'm using a windows machine with the intel python version 3.7 as I'm using it in combination with tensorflow I've tried every possible SO post but not sure where the error can be.

[rogebrd]

Hello!

I believe your problem is with the client initialization. Since you are not using PKCE, you need to include the app_secret when you initialize the client in order for it to properly refresh.

[hapicatto]

I did try with PKCE, and I tried adding the app_secret. No luck

[rogebrd]

The next steps to debug would be to try printing off oauth_result before the creation of the client. Assuming that there is a valid token (please do not paste results here), next step would be to paste the code that also includes the app_secret in the client initialization (just to confirm and further debug on my end)

[kaleb-keny]

hey @rogebrd I think i am facing the same issue, and the reason is short-lived tokens https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Tokens-only-valid-for-4-hours-from-app-console/m-p/425358/highlight/true#M22718 I believe the issue is from the dropbox console app itself which isn't generating permanent tokens

[rogebrd]

Hi @kaleb-keny,

We made a conscious decision to change the behavior of tokens from long living to short living in order to make our platform more secure. If you are running into issues with the token expiring, you will need to be using refresh tokens.

The app console gives short lived tokens as a way to quickly get on boarded to the system, this is not meant to be a permanent solution for getting tokens. It should be quickly replaced with a proper oauth flow.

Thanks, Brad

[kaleb-keny]

yeah that makes sense, thank you

[k4976]

i think their is problem in auth either you have entered wrong authorization code,etc. auth_flow command is proper , and i am using it's working properly when you get result from oauth result save refresh token and when you initialize your dropbox client give oauth_refresh_token with app key(consumer key) and app sercret (consumer secret) and if you have access token then you don't need key and secret while initializing the dropbox client

• Note: Legacy token access type is deprecated and access token gets expired if you set token access type to offline while authorization then you can get oauth_refresh_token by which you can generate new access_token when it gets expired

*pkce is mainly for web apps when you can't hide app_secret from source code for using it in background you shouldn't use pkce and according to dropbox it's less secure than normal auth flow

and if you want to store your app key somewhere then you can convert it in base64,etc. and then store it like in plain text file or in database,etc.

[k4976]

i am also new to this, so i am also learning all this by doing and experiencing the problems