Implementing refresh tokens for objective-c applications

Hello there.

So, according to Your reminder: "on September 30th, 2021, the Dropbox OAuth flow will no longer return new long-lived access tokens. It will instead return short-lived access tokens, and optionally return refresh tokens." I have been started to update my existing iOS objective-c application.

The first step is to change [DBClientsManager authorizeFromController...] to [DBClientsManager authorizeFromControllerV2].

Here is an example of this:

DBScopeRequest *scopeRequest =

        [[DBScopeRequest alloc] initWithScopeType:DBScopeTypeUser

                                           scopes:@[]

                             includeGrantedScopes:NO];

    [DBClientsManager authorizeFromControllerV2:[UIApplication sharedApplication]

                                     controller:self

                          loadingStatusDelegate:nil

                                        openURL:^(NSURL *url) {

        NSLog(@"[openURL: %@]", url);

        [[UIApplication sharedApplication] openExternalURL:url];

    }

                                   scopeRequest:scopeRequest];

Then I catch the auth-response:

[DBClientsManager handleRedirectURL:url

                             completion:^(DBOAuthResult * __nullable authResult) {

        NSLog(@"[authResult: %@]", authResult);

    }];

The authResult contains not nil 'refreshToken' and 'tokenExpirationTimestamp' what is a good sign. However, the 'tokenExpirationTimestamp' has a giant value (as I understand expressed via seconds). It's not clear how I should calculate the expiration date. It might be this huge value was started from some date in the past (1970)? Ok, let's suppose I should not calculate the expiration date of new short-lived access tokens. I have a single place for all my requests to/from Dropbox. I decided that in this place I will check the requestError (networkError) and perform refreshing if the Dropbox returns Auth-error. Is it correct? And the second question: how can I check this code? When refresh tokens should expire on average? I was waiting for ~1-2 hours BUT the Dropbox did not return Auth errors.

- (BOOL)doInternalWorkSynchronously {

    BOOL done = NO;

    do

    {

        done = [self doInternalTaskSynchronously];

        NSLog(@"[requestError: %@]", _requestError);

        if ([_requestError isRateLimitError]) {

            [self waitBeforeMakingAnyAdditionalRequests];

        }

        else if ([_requestError isAuthError]) {

            DBRequestAuthError *authError = [_requestError asAuthError];

            NSLog(@"[authError: %@]", authError);

            [self refreshAccessToken];

        }

        else {

            // Skip processing of other types the request error.

            break;

        }

    } while (!_isCancelled);

    return done;

}

- (void)refreshAccessToken {

    dispatch_semaphore_t refreshTokenSemaphore = dispatch_semaphore_create(0);

    DBOAuthManager *dbOAuthManager = [DBOAuthManager sharedOAuthManager];

    DBAccessToken *accessToken = [dbOAuthManager retrieveFirstAccessToken];

    [dbOAuthManager refreshAccessToken:accessToken

                                scopes:@[]

                                queue:nil

                            completion:^(DBOAuthResult * __nullable authResult) {

        dispatch_semaphore_signal(refreshTokenSemaphore);

        KPLog(@"[authResult: %@]", authResult);

    }];

    dispatch_semaphore_wait(refreshTokenSemaphore, DISPATCH_TIME_FOREVER);

}