Child Item

Python API Short-lived access token for Dropbox

I may not be fully understanding this, but here's the issue. I'm trying to get a short-lived token that can be used repeatedly. The first time through, I am prompting through the command line. I can get the token from Dropbox and when I test it (using files_list_folder) it works.

However, if I try to then use that token on subsequent Dropbox API calls, I get invalid_access_token.

Here is the code I am using to get the access token.

    def get_token_no_redirect(self):
        oauth_result = ""
        auth_flow = oauth.DropboxOAuth2FlowNoRedirect(consumer_key=self.app_key, consumer_secret=self.app_secret,
                                                      token_access_type="offline")
        authorize_url = auth_flow.start()
        print(f"1. Go to: {authorize_url})")
        print("2. Click \\Allow\\ (you might have to log in first).")
        print("3. Copy the authorization code.")
        auth_code = input("Enter the authorization code here: ").strip()
        try:
            oauth_result = auth_flow.finish(auth_code)
        except Exception as e:
            print('Error: %s' % (e,))
        return oauth_result

I also tried this sending "online" instead but still got the error.

Is there another way to get a token that can then be used on future requests?

Find more posts tagged with

Developers

Accepted answers

PHAnetwork

Okay, I see the problem, and now realize that it's time for me to retire from this business😔!!

I was pasting the initial code from the Dropbox authorization section, which is used to obtain the access token instead of the actual access token. That's where the confusion was. I'm familiar with what the access token should look like, so I'm not sure why I didn't recognize that earlier.

It's working now. Thanks for your help and patience!

All comments

Здравко

Hi @PHAnetwork,

Your code looks fine. There is not something wrong. Important thing is what are you doing later with the result though! If I have to bet, you have some mistake on client object initialization. Make review there. 😉 Did you by any chance skip refresh token there? 🙋

Good luck.

PHAnetwork

Thanks for the reply!

So, what I'm doing is capturing the generated access token, and then trying to use that later on. Here is the code that uses that token.

access_token = "{ACCESS_TOKEN_PASTED_HERE}"
dbx = Dropbox(access_token)

I copy the token generated in the previous Python code and then paste it here. The token works once on the initial generation, but if I try to use the same token a second time it shows as invalid.

Does that mean that this is NOT a short-lived access token? Do I need to refresh this token in the example here and if so, how do I do that with the Python API. I couldn't find anything in the documents about this.

Thanks

Здравко

@PHAnetwork, What is the meaning of word "short" (either about token or whatever else)? 🧐

Of course, I hope you know. In the same context why are you surprised that a short-lived access token expires?

Your code is wrong (the second part) of course. As I supposed you have skipped the refresh token (part of the result also). In addition you have to add the applications key and secret (needed for automated token refreshing).

Hope this gives direction.

PHAnetwork

Actually, it's the Refresh Token process that I'm struggling with. I can't seem to find out how to request a refresh token using the Python API.

Здравко

@Здравко wrote:
... As I supposed you have skipped the refresh token (part of the result also). ...

@PHAnetwork wrote:
... I can't seem to find out how to request a refresh token using the Python API.

Do I need to say (or rather repeat) that you have it done already? 🤔

PHAnetwork

Okay, still confused.

You said, "As I supposed you have skipped the refresh token" and then you said, "I have done it already". Did I skip the refresh token, or did I do it correctly?

Sorry, but your reply really didn't help.

Здравко

Nobody can help you when you don't read your own writings!

Yes, you have requested and received refresh token (offline declaration is enough), but later skipped it. You have fetched from the result only access token, but not the refresh token! 🤦 Why?

I cannot say it clearer.

PS: The example here shows how you can do it - to initialize client object from oauth result.

PHAnetwork

Okay, I see the problem, and now realize that it's time for me to retire from this business😔!!

It's working now. Thanks for your help and patience!