How to check if oauth2_refresh_token belongs to supplied app_key and app_secret?

[BastianZim]

Before you start
Have you checked StackOverflow, previous issues, and Dropbox Developer Forums for help?

• Checked

What is your question?
A clear and concise description of the question.

Is there a way to check that a supplied oauth2_refresh_token belongs to a supplied app_key and app_secret?

Screenshots
If applicable, add screenshots to help explain your question.

Versions

• What version of the SDK are you using?
  • 10.4.1
• What version of the language are you using?
  • Python3.8
• What platform are you using? (if applicable)
  • macOS

Additional context
Add any other context about the question here.

[greg-db]

The Dropbox API doesn't offer a way to just check if a particular refresh token corresponds to a particular app, but I'll pass this along as a feature request. I can't promise if or when that might be implemented though. Can you elaborate on your use case though? That context may be helpful.

You could just attempt the refresh (e.g., via refresh_access_token in the Dropbox Python SDK): if it works, then you know the refresh token is for the app for the app key/secret you used.

[BastianZim]

Thanks for the info, I'll see what I can use then to mimic this.

The use case was just extra validation of parameters.
On initialisation of my software, I'm pulling in the app key and secret and the oauth2_refresh_token from a credentials storage and wanted to check that they belong together and no Man-in-the-Middle attack or corruption of data has happened.

[greg-db]

Got it, thanks for the context!