Child Item

Getting refresh token for shiny app using rdrop2 and drop_auth()

I'm trying to create a shiny app, using R Studio, which links to my dropbox using the package rdrop2.

I have successfully managed to deploy the app and it runs as planned for around 4 hours. However, I need long lasting offline access.

Dropbox help pages say that I'll need a 'refresh token'.

Currently to get my token I am using:

library(rdrop2)
token <- drop_auth() # gets credentials

saveRDS(token, "droptoken.rds") # saves credentials


token<-readRDS("droptoken.rds") # read in credentials

drop_auth(new_user = FALSE,
          cache = TRUE,
          rdstoken = "droptoken.rds")

ui <- # some UI code



server <- function(input, output,session) {
  # some server code
}

shinyApp(ui = ui, server = server)

This creates a token that has a 'sl.' access token (short lived) which expires_in 14400, which is 4 hours. After 4 hours, the app no longer works due to an 'Unathorised HTTP 401' error.

Could anyone provide me help on how to adapt this code to obtain a refresh token?

NB: I am aware that dropbox no longer allow tokens with no expiry (as of September 2021) so I need to go down the refresh token route.

Find more posts tagged with

API

Abuse

Comments

Здравко

Hi @rs123,

Seems you are using unsupported SDK. Regular access tokens expire in 4 hours as you noted.

@rs123 wrote:
...
NB: I am aware that dropbox no longer allow tokens with no expiry (as of September 2021) so I need to go down the refresh token route.

Not exactly! Existing long lived access tokens (if you have any) keep validity. You can't create new such token; all new access tokens are short lived (but only access tokens). It's not the same for refresh tokens; they are without due date!

I don't know what exactly is available in your environment, but if there isn't newer version of the SDK, used by you, and supported SDKs can not be used in your case, you have to manage direct access points call (to receive and manage tokens, at least). You should make sure authorization rules are followed strictly and selected token type is "offline". So aside of the regular access token your application will receive refresh token too. When the due date gets close, you can use received refresh token to get a new regular access token in a /oauth2/token call. This should repeat on regular basis whenever need. The rest of the code could work without change with ensured valid access token. That's it.

Hope this helps.

rs123

Thank you very much for the information. I understand what you are saying I need to do, although my very limited experience in this matter is not allowing me to complete this. Do you have any resources on SDKs in R directly? I'm struggling to find any help on R that isn't related to the out of date SDK (rdrop2). I have looked at the links you provided and tried to follow the HTTP (since my programme wasn't listed) and some of the community SDKs but just not managing to get anywhere.

Здравко

Unfortunately, I don't have any info on this regard.

Try edit the SDK used by you. Only the part related to authentication need changes, so shouldn't be a big deal. Just add there refresh token handling and... that's all (I hope the rest works properly). I can't say anything more.

Good luck.

rs123

Thank you for the help you have given, it is much appreciated!

Greg-DB

[Cross-linking for reference: https://stackoverflow.com/questions/71393752/get-a-refresh-token-for-dropbox-api-using-rdrop2-and-drop-auth ]

As you found, Dropbox is in the process of switching to only issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here. We don't have any resources for R in particular unfortunately.

Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation. Support for refresh tokens would ideally be built in to the "rdrop2" library you're using. That's not made by Dropbox though so I can't offer help with that.

As Здравко noted, while the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption, if you have any. Also, note though that after the change you won't be able to create new long-lived access tokens.

While the change began on September 30th 2021, we're releasing it gradually, so you may not have seen your app(s) affected until now. Once it applies to your app, it would apply regardless of the "Access token expiration" setting for your app, and that setting may no longer be available for your app.

rs123

Thank you for your help.

TessaP

My shiny app doesn't work anymore after 4 hrs because of a 'Unauthorized (HTTP 401)'. I read the above tips but there is not enough specific information for me to solve it. I use the key and secret that rdrop2 provides, store it and call it. It would be very helpful if someone can provide code in R to solve this, or provide more information how to request 'offline access' as suggested. The app is intended to enable others (anyone who has the link to the shiny app) to add to a master spreadsheet in dropbox.

Здравко

@TessaP wrote:
... I read the above tips but there is not enough specific information for me to solve it. I use the key and secret that rdrop2 provides, store it and call it. It would be very helpful if someone can provide code in R to solve this, or provide more information how to request 'offline access' as suggested. ...

Hi @TessaP,

I am not familiar with "rdrop2", but since you are posting your question now, seems it's still not updated and refresh token isn't supported there. Can you clarify what kind of "specific information" do you need? 🤔 In above posts, all needed for refresh token support to be implemented, is available. About "how to request offline access", if you used long lived token before, most probably you have done already everything needed and have received 'offline access'. 😉 You have to just find out your received already refresh token and keep it for later use. In addition you have to implement some code that initiate refresh when needed, as described above (that's what missing). Actually, it's a single HTTPS call. If you need more info about how to invoke web calls, take a look on 'httr' documentation (it's a 'curl' wrapper actually).

Hope this gives direction.

Add: The problem is that 'rdrop2' launches default authentication only. By default Dropbox gives short lived access token. All that need fix is here. Try play with 'query_authorize_extra' parameter of 'oauth2.0_token()' (according to Dropbox documentation for /oauth2/authorize).

Greg-DB

@TessaP Здравко is correct, this is something that would need to be supported in rdrop2. You may need to reach out to the developer of rdrop2 for help or an update.