You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
Long-lived access token deprecation
Hi 👋 ,
I know Dropbox announced to gradually drop support for long-lived access tokens without using refresh_token in 2021.
I still have some applications that use the legacy long-lived tokens with no issues at all. I'm able to use existing tokens and even create long-lived tokens without using refresh_tokens, so my question is, has the full rollout of App Permission Migration been (the 2021 announcement) been pushed backed or cancelled? If not when is the full rollout expected?
Thanks
First, for reference, note that there are two changes covered in that post, so I'll clarify each. While we started these at the same time, they are not technically tied together and can be applied separately:
- Permissions/Scopes change: New apps can only be registered as scoped apps, and existing apps can be migrated to be scoped apps. We have not automatically migrated existing non-scoped apps to be scoped apps, but may do so in the future. We do recommend migrating any existing apps at your earliest convenience.
- Token change: Dropbox is phasing out the ability to create new long-lived access tokens. I don't have more specific timing information, but as you mentioned, Dropbox is rolling out this change very gradually to minimize disruption. While this rollout is mostly complete, some small number of apps may still be receiving new long-lived access tokens. (We don't currently have a plan to disable existing long-lived access tokens; if that changes, we will of course announce that ahead of time.) If you have any questions about or need help with the state of any particular API app, please open an API ticket from the account that owns the app in question. In any case, we do recommend migrating to using short-lived access tokens and optionally refresh tokens at your earliest convenience. Regardless of the state of the rollout for an app, you can opt in to the short-lived access token and optional refresh token behavior by explicitly setting the token_access_type parameter on /oauth2/authorize to "online" or "offline" accordingly.
- Greg-DB
Dropbox Staff
First, for reference, note that there are two changes covered in that post, so I'll clarify each. While we started these at the same time, they are not technically tied together and can be applied separately:
- Permissions/Scopes change: New apps can only be registered as scoped apps, and existing apps can be migrated to be scoped apps. We have not automatically migrated existing non-scoped apps to be scoped apps, but may do so in the future. We do recommend migrating any existing apps at your earliest convenience.
- Token change: Dropbox is phasing out the ability to create new long-lived access tokens. I don't have more specific timing information, but as you mentioned, Dropbox is rolling out this change very gradually to minimize disruption. While this rollout is mostly complete, some small number of apps may still be receiving new long-lived access tokens. (We don't currently have a plan to disable existing long-lived access tokens; if that changes, we will of course announce that ahead of time.) If you have any questions about or need help with the state of any particular API app, please open an API ticket from the account that owns the app in question. In any case, we do recommend migrating to using short-lived access tokens and optionally refresh tokens at your earliest convenience. Regardless of the state of the rollout for an app, you can opt in to the short-lived access token and optional refresh token behavior by explicitly setting the token_access_type parameter on /oauth2/authorize to "online" or "offline" accordingly.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
