I have been struggling to set up a URI for my Logic App. I think I am suffering from information overload trying to wade through all of the applicable information.
I am trying to set up Dropbox offline access with a refresh token. I have asked for help in the Dropbox developers forum but I keep getting told to reference the documentation and that they can't help with 3rd party apps so they won't answer specific questions regarding integration with Azure Logic Apps.
My first issue is how to find the or make the redirect URI so the Logic App can get the response.
For the OAuth do I need to set up a Microsoft Entra application identity for my app? I have an app set up in Dropbox Developer already.
The accepted answer got me the refresh code I needed but I still had to figure out how to then use it in my Logic App. Below is what I came up with but if there is a better way of doing it, I would be happy to know it.
I had to set up blob storage in Azure and set any flows to use a system managed identity with the role of "Storage Blob Data Reader".
I then set up a new Logic App with a Recurrence Trigger set to 5 mins (or whatever you want) with the role of "Storage Blob Data Owner".
I added a file to the storage and use that same name throughout, say DBtoken (no extension).
I retrieve the blob metadata and use a condition to check if utcNow() > (LastModified timestamp + 4 hrs).
False does nothing
True then runs an HTTP action using the refresh token to get a new 4hr token:
Then I save the blob back into the storage using the same filename as before - DBtoken (no extension).
Now any Logic Apps I want to have access to the Dropbox API can do so by reading the blob and getting the current access token. I'll describe that here:
I'm going to make the assumption that you're wanting to access your own data for your own purposes.
I'll be clear, this is a massive stuff around and I have seen this type of thing before with MYOB and Xero.
What you need to do is go to your application in Dropbox, assign the application the relevant permissions (scope) and add a redirect uri of http://localhost
.
Now go to your browser and navigate to ...
https://www.dropbox.com/oauth2/authorize?client_id=<YOUR_CLIENT_ID>&response_type=code&token_access_type=offline&redirect_uri=http://localhost
After you hit enter, check the address bar for the code
, it should look like this ...
Now grab that code, go back to LogicApps and add a HTTP
operation with the following parameters ...
Property | Value |
---|---|
Method | POST |
URI | https://api.dropbox.com/oauth2/token |
Headers | Content-Type = application/x-www-form-urlencoded |
Body (no line breaks) | code=<TOKEN_FROM_PREVIOUS_STEP> &grant_type=authorization_code&redirect_uri=http://localhost&client_id=<YOUR_CLIENT_ID>&client_secret=<YOUR_CLIENT_SECRET> |
Run that and you should get your access and refresh token, it will look something like this ...
{
"access_token": "sl.Bu3Qlav##########fe_x6BkhklUf3tmw-WfI21GtaU6HsV3BLCG_C8g##############8vrb04I9bhAn7zO-gUKO8dto1aPKZgIylAnIpYSU5EhPOGmCS8",
"token_type": "bearer",
"expires_in": 14400,
"refresh_token": "SCBZcyg1pOQAAAAAA##########Q0tQMUR76pH4exlC7jVxAq_zWIDzZjqhwm",
"scope": "account_info.read files.metadata.read",
"uid": "1116137603",
"account_id": "dbid:AAAfsHJ-bFvD7mPQXzpA"
}
The access token is still short lived (hence the sl.
as a prefix) but it will work for you.
Then with that access token, you pass it through as a Bearer
token in the HTTP call and hey presto! ... it should work.
With the refresh token, you need to store it off somewhere (like KeyVault) and use it to refresh your access token as needed.
https://dropbox.tech/developers/using-oauth-2-0-with-offline-access
I hope that makes sense.