You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

alison9's avatar
alison9
New member | Level 2
4 years ago

Migrating existing long term tokens to new short term tokens with Java SDK + Android

I have an existing app in production that authorizes with Dropbox using 

 

 

Auth.startOAuth2Authentication

 

 

From my understanding this gives me a long term token, but after September 30th these tokens will no longer work and my requests using this token will 401.

 

If I change my authentication to use

 

 

Auth.startOAuth2PKCE

 

 

 then I will now have a full DbxCredential which will have the short lived access token and a long lived access token. By using this with the Java SDK my tokens will automatically be refreshed. 

 

But for my existing users where I only have a string of the long lived access token, how can I get a short lived access token and a refresh token? Will I have to call startOAuth2PKCE again and show take my users to the Dropbox app or website to re-approve? 

  • On September 30th, we will stop issuing new long lived tokens.  Existing long lived tokens will not be invalidated; this will not break for existing users.  You can re-auth existing users to get them on to refresh tokens.

  • tahsini's avatar
    tahsini
    Icon for Dropbox Staff rankDropbox Staff

    PKCE is a different method that has its own unique steps. For you scenario you can continue using the standard OAuth method, and if you are already handling 401s, then no need to make code changes.

     

    If you want to start testing short-lived access tokens, you will want to create a new OAuth URL and pass in token-access type to 'online'. Alternatively if you set it to 'offline' you will be returned a refresh token and a short-lived token. You can read more about how to work with this in our guide here.

    • alison9's avatar
      alison9
      New member | Level 2

      I'm not manually handling 401s, I'm using the java sdk to make the network requests. 

       

      I know I can support short term tokens for all my future users, I'm asking what will happen to my existing users that have long lasting tokens.

  • kylea's avatar
    kylea
    Icon for Dropbox Staff rankDropbox Staff

    On September 30th, we will stop issuing new long lived tokens.  Existing long lived tokens will not be invalidated; this will not break for existing users.  You can re-auth existing users to get them on to refresh tokens.

    • fistuk's avatar
      fistuk
      Explorer | Level 4

      Hello, thanks for the answer. I'm still not sure whether we should just proceed using the long-lived tokens for the legacy users, or is there a way to exchange the long-lived token to a short-lived token with a refresh token?

      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Staff rankDropbox Staff

        fistuk While the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, your users can continue using existing long-lived access token(s) without interruption. Dropbox does not offer a way to exchange long-lived access tokens for short-lived access tokens with refresh tokens without having the user re-authorize the app, and you are not required to migrate users with existing long-lived access tokens to short-lived access tokens.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,883 PostsLatest Activity: 18 hours ago
326 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!