Child Item

Getting 409 error when trying to list folders when using refresh token

I've just started playing around with the sdk, and been using the generated access token in the Settings. I realized this token expires every 4 hours, so I want to implement the refresh token.

https://www.dropbox.com/oauth2/authorize?client_id=<APP_KEY>&token_access_type=offline&response_type=code

I went through the auth steps by obtaining the Code, and then using that code in this curl command:

curl --location --request POST 'https://api.dropboxapi.com/oauth2/token' \
-u '<APP_KEY>:<APP_SECRET>'
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'code=<ACCESS_CODE>' \
--data-urlencode 'grant_type=authorization_code'

Lastly I use the refresh token like so:

 const dbx = new Dropbox({
    clientId: process.env.DBX_APP_KEY,
    clientSecret: process.env.DBX_APP_SECRET,
    refreshToken: process.env.DBX_REFRESH_TOKEN,
    fetch,
  });

  const response = await dbx.filesListFolder({ path: "" });

With the temporary Access token it works fine, but now with this refresh token I get a 409 error. It's clearly a permissions thing but I can't figure it out. Does it have anything to do with me creating the App on my account, adding my folders etc... then running the auth to get the code? Is it essentially "installing" the app again, but this time with nothing?

I'm out of ideas, thanks!

Find more posts tagged with

Comments

DB-Des

Hi @adamatronix,

Are you able to share the error message being returned with the 409 HTTP code?

adamatronix

This is what I get when I try to call the filesListFolder method.

DB-Des

@adamatronix

"Basic" authorization, which appears to be what you are using, can be used to supply an app key and secret to list the contents of a shared link using 'filesListFolder()'. The app key and secret identify the app, and the access to the listing is enabled by the shared link itself. If you use "Basic" authorization without a shared link though, you will get that error.

The "Bearer" authorization can be used to supply an access token to list the contents of a folder in the connected account. The access token identifies an app and account pair, and enables access to that account.

adamatronix

I am passing in the refresh token as well. My understanding is that I don't need to manually need to use the refresh token to get a new access token, as this staff member mentions: https://www.dropboxforum.com/discussions/101000014/dropbox-api---check-and-refresh-access-token/813244/replies/813292

Alternatively I could just use the refresh token to manually get the access token like so??

curl https://api.dropbox.com/oauth2/token \
   -d refresh_token=<REFRESH TOKEN> \
   -d grant_type=refresh_token \
   -d client_id=<APP KEY> \
   -d client_secret=<APP SECRET>

DB-Des

@adamatronix,

Even though it appears as though you are indeed passing a refresh token to the request in your third code snippet example, the request is defaulting to "Basic auth" because it is not recognizing the value of the refresh token — meaning, this is most likely an empty value. A malformed or invalid refresh token would throw a different error.

I recommend double-checking that the refresh token is being correctly pulled in from the env file into the configuration of the new Dropbox client instance.

Manually creating an access token, using the refresh token, as you mentioned in your latest post could be an alternative as well.