Dropbox
Dropboxsaas2 credentials
OAuth Access / Refresh Token
dropbox / oauth-access-refresh-token
Dropbox uses OAuth 2.0 to authorize access to user data. Dropbox documents that the OAuth flow returns an access token to the app, used in API calls with Authorization: Bearer, and supports refresh tokens for short-lived access tokens.
Location
AuthorizationBearer token used for Dropbox API calls
OAuth token endpoint responses containing access_token and refresh_token
application token stores mapped to Dropbox users or teams
DROPBOX_ACCESS_TOKEN, DROPBOX_REFRESH_TOKENOAuth example config, local token caches, .env files, and integration settings
cloud secret managers, CI/CD variables, and encrypted app secrets
OAuth callback logs and API client traces
Notes
Access token permissions are controlled by scopes selected for the app and authorization grant. Refresh tokens extend access until revoked.
App Secret
dropbox / app-secret
Dropbox apps have an app key and app secret, also called client_id and client_secret. Dropbox documents obtaining the app key and secret from the App Console when registering an app.
Location
DROPBOX_APP_KEY, DROPBOX_APP_SECRET, DROPBOX_CLIENT_ID, DROPBOX_CLIENT_SECRETOAuth backend config, .env files, app config, and deployment manifests
CI/CD variables, cloud secret managers, and hosted app secrets
OAuth examples, app settings, tests, and accidentally committed integration config
OAuth token request dumps and troubleshooting logs
Notes
The app key identifies the app; the app secret is confidential and can be used to authenticate token exchange requests for confidential clients.
Scope
Authorized use
LOLCreds helps map the credential surface of real products: known defaults, generated values, credential locations, and exposure patterns.