I have written a webapp to make the whole procedure to retreive a REFRESH_TOKEN so I can ask for a TOKEN when I want interacxt with DropBox.
When I invoke this my page, it send a GET to https://api.dropbox.com/oauth2/authorize with this params:
?client_id=<my_app_key>&redirect_uri=<myRedirectUri>&response_type=code
After this GET, I receive at my server (<myRedirectUri>) a GET with the param &code=<the_code_received>
With this code received, according with the documentation, DropBox give me the opportunity to get the REFRESH_TOKEN (this is "long-life" token).
To do this, when I receive at my site the GET on <myRedirectUri>, I send a POST https://api.dropbox.com/oauth2/token with this data:
{ "code": <the_code_received>,
"grant_type": "authorization_code",
"redirect_uri": <myRedirectUri>,
"client_id": <my_app_key>,
"client_secret": <my_app_secret>
}
As result of the POST I receive this result:
{"access_token": <the_token>,
"token_type": "bearer",
"expires_in": 14400,
"scope": "account_info.read files.content.read files.content.write files.metadata.read",
"uid": <the_id>,
"account_id": <the_account_id>
}
In this response it is missing the REFRESH_TOKEN.
If I do the same process but without the "redirect_uri" facility:
1) send a GET like https://www.dropbox.com/oauth2/authorize?client_id=<my_app_key>&token_access_type=offline&response_type=code
2) receive on my browser the code <the_code_received>
3) sending (i.e. with curl) a POST to https://api.dropbox.com/oauth2/token with data:
{ "code": <the_code_received>,
"grant_type": "authorization_code",
"client_id": <my_app_key>,
"client_secret": <my_app_secret>
}
I receive the correct data with the REFRESH_TOKEN
Why with the first method it doesn't work?
Where is the error?
