re-usable refresh tokens for dropbox api?

Question

I'm using the .net api for v2 using the code flow scenario. I was under the impression that this is what you use to get a refresh token you can save and re-use to get new access tokens after the user authorizes your app once.

after a doing a call like below, I navigate the uri the call provides.

var redirect = DropboxOAuth2Helper.GetAuthorizeUri(OauthResponseType.Code, AppKey, RedirectUri, user.ConnectState);

I parse the result for the code parameter which I then feed to ProcessCodeFlowAsync(). That only works to get the access token once. If I save and try to use it again, I get "code has already been used : invalid grant" errors.

I thought what I was getting was a refresh token but repeatedly feeding it ProcessCodeFlowAsync is not working. How do I get a refresh token that I can use repeatedly to get access tokens without having to have the user authorize every time. I am cacheing and re-using the auth token not the access token by the way.

Answer 1

The Dropbox API doesn't use refresh tokens. Instead, you should just store and re-use the access token you get at the end of the app authorization flow.

The user or app can revoke an access token at any time though, so if/when API calls start failing due to a revoked access token, you can prompt the user to re-link the app if they want to continue using the integration, so the app can get a new token.

(The "code" you pass to ProcessCodeFlowAsync is an "authorization code", which is not re-usable.)

Answer 2

The accepted answer was probably correct at the time but Dropbox API now does support refresh tokens.

Check the Refresh token section here: https://www.dropbox.com/lp/developers/reference/oauth-guide