Child Item

refresh token is malformed

Hello!

I need help because I'm a little confused with the refresh token for integrations via API

I am using this guide: https://www.dropbox.com/developers/documentation/http/documentation#oauth2-token, and I follow these steps but I always get the malformed token response

1 - Get the code from https://www.dropbox.com/oauth2/authorize?client_id=<client_id>&response_type=code&token_access_type=offline

2- The result of the previous request, use it in https://api.dropbox.com/oauth2/token?grant_type=authorization_code&code=<code_1>&client_id=<client_id>&client_secret=<client_secret>

3 - Finally, the token from point 2 is used in https://api.dropbox.com/oauth2/token?grant_type=refresh_token&refresh_token=<refreshToken2>&client_id=<client_id>&client_secret=<client_secret>

Regarding point 3, I am structuring the request like this in NestJs. The rest I consult in Postman

    try {

      const response = await axios.post('https://api.dropbox.com/oauth2/token', null, {
        
        params: {
          grant_type: 'refresh_token',
          refresh_token: "token",
          client_id: "clientid",
          client_secret: "clientsecret",
        },
        headers: {
          'Content-Type': 'application/x-www-form-urlencoded',
        },
      });

      this.accessToken = response.data.access_token;
      this.dbx = new Dropbox({ accessToken: this.accessToken }); // Actualiza el cliente de Dropbox con el nuevo token
    } catch (error) {
      console.log(error);
      console.error('Error refreshing access token:', error.response?.data || error.message);
      throw error;
    }

Question, am I doing something wrong?.
I have read in older topics that the authorization code is taken from another endpoint, but I couldn't find it, or I didn't realize it.

I await comments. Thanks!

Find more posts tagged with

API

Abuse

Comments

Greg-DB

The "refresh token is malformed" error would indicate that the value you're passing in to the "refresh_token" parameter does not have the right format. You would need to make sure you're passing in the full/exact value that you received in the "refresh_token" response field from /oauth2/token when you called with 'grant_type=authorization_code'. Make sure you're not accidentally using a different value, or modifying the string, etc.

However, note that you don't need to call /oauth2/token with grant_type: 'refresh_token' yourself like you are trying to with axios. If you have a refresh token, you can and should just pass it directly to the Dropbox SDK using the "refreshToken" parameter on the Dropbox object (instead of the "accessToken" parameter you currently do). The SDK will handle the refresh process for you using that refresh token, as long as it is a valid refresh token.

Check out this blog post for an example to understand how this process works.

Jerao91

Good day! How are you? thanks for your response

Yeah, was taking the value from access_token and not refresh_token 😅.

So nothing, it was just that, everything now works correctly!

This can be considered solved.

Thank you!