You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
jjsk
3 years agoHelpful | Level 5
App authorization drops out after inactive period?
Hi
I noticed that some subset of my users' authorizations become invalid after some time and I do not believe that the users explicitly revoke my Application access. Is it possible that the...
Greg-DB
Dropbox Staff
By default, Dropbox API authorizations for your app don't become invalid and yield 'invalid_access_token' by themselves, but there a number of different ways that a Dropbox API access token can become invalid, including:
- the user (or team admin) can revoke all access tokens for an app by unlinking it on any of the following Dropbox web pages:
- the Connected apps page
- the Security checkup page
- the Team apps page on the Settings section of Business Admin console (for team-linked apps)
- the team member’s page on the Members section of the Business Admin console
- any client with the access token can revoke the access token by calling /2/auth/token/revoke
- the GitHub-Dropbox token scanning partnership can revoke access tokens found publicly posted on GitHub
- if the app uses the "app folder" access type, the access token can effectively be disabled by deleting the app folder itself in the Dropbox account, via the Dropbox website or any client
- the app can be disabled
- the account that owns the app can be disabled
- the connected account/team can be disabled
jjsk
3 years agoHelpful | Level 5
Thank you for the info. Does the user account itself become inactive after a while? Lets say a user signed up for the app, authorized the folder with some content (in my case they are sound samples) and then logged off and never logged back in... Would user's inactivity at the dropbox site eventually put them in some sort of a dormant or archived state? I can't think of a likely reason for losing access from the ones you listed above.. thanks.
- Greg-DB3 years agoDropbox Staff
Yes, inactive accounts may be automatically disabled after a long period of time. You can find information on that here.
It sounds like your app uses "app folder" access though, so it may be likely that some users are accidentally deleting the app folder, since that can be done from any connected client or the web site.
In any case, if the Dropbox API doesn't appear to be working as expected, feel free to contact support by opening an API ticket with some samples and we can look into it.
- jjsk3 years agoHelpful | Level 5
I see this makes more sense now. I appreciate the explanation. One last question : if my app makes some io to the app folder (eg. saves a new file) would that be sufficient to maintain access and prevent an account from idle deactivation?
I suspect that some of my users, even though interested in sharing, simply forget about their account once they published the files. They continue to access the files via a separate search web site which uses the token to retrieve the files on demand and after a year or two suddenly no longer able to access them.
- Greg-DB3 years agoDropbox Staff
Yes, according to the article, activity is based on "sign-ins, file shares, and file activity (adding, editing, or deleting)", so that should work.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,910 PostsLatest Activity: 3 days agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!