Child Item

Dropbox sign refresh token getting expire after 1 hour

Hello,

I have successfully implemented the authentication flow for the Dropbox Sign API and obtained the initial access token and refresh token. However, I noticed that the refresh token expires after only 1 hour, which requires frequent reauthorization and disrupts the seamless user experience. I expected the refresh token to have a longer validity period for smoother token management.

authUrl='https://app.hellosign.com/oauth/authorize?response_type=code&client_id=12345678&redirect_uri=redirect-url&token_access_type=offline&state=121324234'

----------------------------------------------------------------
// code exchange req

curl --location 'https://app.hellosign.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \

--data '{
    "code": "code",
    "grant_type": "authorization_code",
    "redirect_uri": "redirect_uri",
    "client_id": "client_id",
    "client_secret": "client_secret"
}'

Upon making a request for refresh token I am getting the below error

req schema:-
curl --location 'https://app.hellosign.com/oauth/token?=null' \
--header 'Content-Type: application/json' \

--data '{
    "grant_type": "refresh_token",
    "refresh_token": "refresh_token"
}'
______________________________________________________________________________
response:-
{
    "error": "invalid_grant",
    "error_description": "Invalid grant data (refresh token)"
}

Thank you in advance for your support and contributions.

Find more posts tagged with

Comments

DB-Des

For security reasons, the access tokens have a short TTL, not refresh tokens.

Feel free to reference Dropbox Sign's API OAuth Walkthrough for details on how to obtain another access token.

useparagon

Thanks for the quick reply, I understand that access tokens have a short lifespan and refresh tokens have a large lifespan but in my case, both tokens seem to work fine for 1 hour. If I try to refresh the access token after 1 hour I am simply getting the error that I have mentioned above in the conversation.

DB-Des

Did you get a chance to read over the documentation for Dropbox Sign's OAuth workflow?

Only reason I'm asking is because the samples you provided include endpoints not related to Dropbox Sign API, with parameters that seem to be for Dropbox API's OAuth workflow and not Dropbox Sign's.

For example, your authUrl :

authUrl='https://app.hellosign.com/oauth/authorize?response_type=code&client_id=12345678&redirect_uri=redirect-url&token_access_type=offline&state=121324234'

is using endpoint /oauth/authorize which is not an endpoint for Dropbox Sign API. Also, the query parameters are not relevant to Dropbox Sign — except for client_id and state.

Additionally, the body you are sending on your request:

--data '{
    "code": "code",
    "grant_type": "authorization_code",
    "redirect_uri": "redirect_uri",
    "client_id": "client_id",
    "client_secret": "client_secret"
}'

is missing the state parameter. Also redirect_uri is not relevant to Dropbox Sign.

I would recommend attempting the following cURL command to generate an access token:

curl -X POST 'https://app.hellosign.com/oauth/token' \
  -u 'YOUR_API_KEY:' \
  -F 'client_id=YOUR_CLIENT_ID' \
  -F 'state=state' \
  -F 'code=code' \
  -F 'grant_type=authorization_code' \
  -F 'client_secret=client_secret'

And the following to generate a new access token, when needed:

curl -X POST 'https://app.hellosign.com/oauth/token?refresh' \
  -u 'YOUR_API_KEY:' \
  -F 'grant_type=refresh_token' \
  -F 'refresh_token=refresh_token'

If you are still receiving errors from Sign's API OAuth endpoints. Go ahead and contact our support team, from the email you are using to test Dropbox Sign's API, so they can further troubleshoot.