legacy token

Hurray made it

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, 'https://api.dropbox.com/oauth2/token');

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_POST, 1);

curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=refresh_token&refresh_token=***refreshtoken******");

curl_setopt($ch, CURLOPT_USERPWD, '**AppKey' . ':' . '***AppSecret*****');

$headers = array();

$headers[] = 'Content-Type: application/x-www-form-urlencoded';

curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$result = curl_exec($ch);

echo $result;

if (curl_errno($ch)) {

echo 'Error:' . curl_error($ch);

}

curl_close($ch);

All comments

Rich

@bspindia wrote:
my token is expiring while making api calls and getting unauthorised error due to short live tokens, how to generate unexpired token

Long-lived (non-expiring) tokens can no longer be generated. They were deprecated and later replaced with short-lived and refresh tokens. A refresh token is used to automatically renew access as needed.

how to generate short live tokens using fetch api

@bspindia Apps can get long-term access by requesting "offline" access, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation. I don't have a sample for this with fetch in particular, but there's a basic outline of processing this flow in this blog post which may serve as a useful example so you can translate it to fetch.

i am trying to take code in res please correct headers, right now i am having error as invalid_request

fetch('https://api.dropboxapi.com/oauth2/token',{method:'post',headers:{

"Content-Type":"application/json",

"Authorization":"Bearer "+dropBox.apiKey+":"+dropBox.keySecret,

}}).then(req=>req.json()).then(res=>console.log(res)).catch(error=>console.log(error))

Hi @bspindia,

The call /oauth2/token doesn't support Bearer authorization. It's used to receive such a token, not to use it. Can be used Basic authorization to pass application key and secret or pass them as parameters. Depending on exact step you are performing other parameters should be passed too, but you are skipping them in your code. Take a look on the documentation.

Hope this sheds some light.

@bspindia Здравко is correct; your request is not formatted properly. You should use "Basic" authorization for that particular call, not "Bearer". Also, make sure you supply the necessary parameters as shown in the documentation. Check out step 5 in section 2 of this blog post for an example to translate.

i am getting the code when i manually enter url in browser, but how to get using fetch api

// authorization

let dropBox = new Object();

dropBox.apiKey = 'XXXXXXXXXX';

dropBox.apiSecret = 'XXXXXXXXX';

fetch('https://www.dropbox.com/oauth2/authorize',{method:'get',headers:{

"Content-Type":"application/json",

"client_id":dropBox.apiKey,

"response_type":"code",

"token_access_type":"offline",

"state":"",

"redirect_uri":"https://bspindia.online"

}})

.then(authReq=>authReq.json())

.then(authRes=>{

// obtain token

console.log(authRes)

// store token in indexedDB

}).then(calldBox=>{

// call api

})

Hi @bspindia,

You cannot call /oauth2/authorize as regular API call (or similar)! This is address you should redirect to (either explicitly or with web link) your web session to let user authenticates. So you cannot use 'fetch'. To get some of results fields (including the code) you have to "catch" it in your browser address line. 😉 Example how you can get code may be seen here and how you can get access token (short lived) may be seen here. Again, 'fetch' or any other similar method to make a web request is inapplicable in this very first step! 'fetch' is usable for all remaining API calls (regular or not).

Read the documentation with more attention to details (devil is in details 😈).

@bspindia Здравко is correct; /oauth2/authorize is a web page, not an API call. It's where you should send the user, in their web browser, to authorize your app.

ok used location.assign()

and got code in redirected url

used url searchparamaters and stored code

again i made a location.assign("

https://www.dropbox.com/oauth2/authorize?client_id=81q62jqcjxcyu4x&redirect_uri=https://bspindia.online/test.html&code="+code+"&state=state

but got 400 error as Unexpected response_type request param value.

@bspindia wrote:
...
again i made a location.assign("
...

Why "again"?! 🤔 You have already all you can get from this page (i.e. the code). What are you looking for there again? 🧐

@bspindia wrote:
...
but got 400 error as Unexpected response_type request param value.

Yes, it's normal. You haven't set 'response_type' parameter - a mandatory parameter! Here the error message can be a bit more clear (i.e. something like "missing request param", not "unexpected"), but...

means i have to make fetch with received code for token, right

@bspindia wrote:
means i have to make fetch with received code for token, right

Did you read the documentation? What is the call /oauth2/token, you asked about previously for? 😉

Also, take in mind the above call is used in different situations, with different params (different results, of course) - when you are getting your refresh token and when you are using this token (to get refreshed access token)! Don't forget what are you doing in any particular situation (forgetting means error).

i compress the input file image to webp using canvas,

and uploaded using token

now due to short live tokens, i am getting unauthorised error while uploading blob

hence to i need unexpired token,

now as dropbox is not giveing legacy tokens,

i have to authorize app-> generate new token with code->upload blob to dropbox with token

@bspindia, don't be so lazy! Don't ask question that I just explained in my previous post above. Ok. I'll repeat again: one of the possible usage of mentioned call is access token refresh!!! Do you need such a refresh (i.e. your access token expired as explained here, for instance)?

@bspindia Здравко is correct; you can use a refresh token to get new short-lived access tokens when needed without having the user manually re-authorize the app each time. Please refer to the resources linked earlier in this thread for more information on that.

as per my understanding,

i got the code, and when i made a curl request from terminal window received short live token and refresh token

i should keep refresh token and request for shorl live token using refresh token using curl to make api calls,

am i right

@bspindia wrote:
...
i should keep refresh token and request for shorl live token using refresh token using curl to make api calls,
...

Either 'curl' or 'fetch'... Yes.

every thing is fine when run from terminal, but can you please correct paramenters, i am getting this error

{"error": "invalid_request", "error_description": "The request parameters do not match any of the supported authorization flows. Please refer to the API documentation for the correct parameters."}

$headers[]="Accept:application/json";$headers[]="Content-Type:application/json";

$cl = curl_init();

curl_setopt($cl, CURLOPT_URL,'https://api.dropbox.com/oauth2/token');

curl_setopt($cl, CURLOPT_POST,true);

curl_setopt($cl,CURLOPT_HTTPHEADER,$headers);

curl_setopt($cl,CURLOPT_POSTFIELDS,'{"grant_type":"refresh_token"}');

curl_setopt($cl,CURLOPT_POSTFIELDS,'{"refresh_token":"****refresh_token_generated_from terminl******"}');

curl_setopt($cl,CURLOPT_POSTFIELDS,'{"****my_AppKey******":"***AppSecret*******"}');

curl_setopt($cl,CURLOPT_CONNECTTIMEOUT,2);

curl_setopt($cl,CURLOPT_RETURNTRANSFER,true);

$clRes = curl_exec($cl);

echo $clRes;

curl_close($cl);

@bspindia wrote:
...
curl_setopt($cl,CURLOPT_POSTFIELDS,'{"****my_AppKey******":"***AppSecret*******"}');
...

What's this? 🤔 Why it's here? Authentication passes through BASIC authentication or passed as a independent parameter(s) (what's this post parameter that you are posting above actually 🧐). Can you point exact parameter matching in the description?