Set up #

First, create an app at https://www.dropbox.com/developers/apps

Note your app's App key (which can be public) and App secret (which, duh, needs to stay secret) and store the as environment variables DROPBOX_KEY and DROPBOX_SECRET on your server.

Create a page that will exchange the Oauth2 code for a refresh_token. Note this page's URL and add it to the Redirect URIs section of https://www.dropbox.com/developers/apps/info/DROPBOX_KEY

Don't mess with any of the getAuthenticationUrl SDK stuff. Here's how Dropbox wants you to generate the authentication URL:

const Dropbox = require("dropbox").Dropbox;
const dropbox = new Dropbox({ clientId: process.env.DROPBOX_KEY });

const authUrl = await dropbox.auth.getAuthenticationUrl(
  callbackUrl,
  "anything-you-want", // state
  "code", // authType/response_type
  "offline" // tokenAccessType
);

That function just returns a string that looks like https://www.dropbox.com/oauth2/authorize?client_id=DROPBOX_KEY&redirect_uri=CALLBACK_URL&response_type=code&token_access_type=offline&state=anything-you-want so it's way easier to just make the string once by hand and use that.

Alright now you've got an authentication URL to send users from your app to Dropbox and a page that the users will land on once they authenticate. You'll need to grab the code URL parameter from the URL and send it to a server-side function that will exchange the code for a refresh_token:

const Dropbox = require("dropbox").Dropbox;
const dropbox = new Dropbox({
  clientId: process.env.DROPBOX_KEY,
  clientSecret: process.env.DROPBOX_SECRET,
});

dropbox.getAccessTokenFromCode(redirectUri, code);