You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
How to switch to short live access token?
Hello,
I am developing an application on android using the dropbox API. For UI construction reasons I don't use your SDK but the regular flow because I go through my own web client to retrieve the code and then the access token.
So far I was using the long live version of access token. How can I now continue to use my implementation and work with short live access tokens and thus get I guess a refresh token?
Thanks.
Okay,
If I may say so, it would be good to update the migration document, because it causes confusion by showing the token type selection.https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens
Last question, the principle of obtaining a short-term access token will remain perennial, and it will not subsequently be compulsory to go through implicit grant or PCKE?
In the meantime, thank you for your very appreciable responsiveness.
Regards.
- Greg-DB
Dropbox Staff
As you found, Dropbox is currently in the process of switching to only issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here.
Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation. For client-side apps, such as on Android, you should use the "PKCE" flow in particular. Thank you Greg-DB,
if I understand correctly, as with the other APIs, I just have to save a refresh token locally and generate a new access token with an api request when the expiration has arrived? (https://api.dropbox.com/oauth2/token)So it's a short live access token operation, because on my developer console I cannot specify short live, Access token experiration does not appear?
NB : my app is in development mode.
- Greg-DB
I just have to save a refresh token locally and generate a new access token with an api request when the expiration has arrived?
Yes, that's correct. To maintain long-term access, you should store and re-use the refresh token whenever needed. You can get a new short-lived access token whenever needed by calling /oauth2/token with the refresh token.
So it's a short live access token operation, because on my developer console I cannot specify short live, Access token experiration does not appear?
Yes, going forward you should use short-lived access tokens and (optionally) refresh tokens for all further authorizations. As we finish rolling out this change, that "Access token expiration" setting will no longer be available, and so getting new long-lived access tokens will not be possible.
Okay,
If I may say so, it would be good to update the migration document, because it causes confusion by showing the token type selection.https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens
Last question, the principle of obtaining a short-term access token will remain perennial, and it will not subsequently be compulsory to go through implicit grant or PCKE?
In the meantime, thank you for your very appreciable responsiveness.
Regards.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
