You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
pwnell
4 years agoExplorer | Level 4
Oauth2 code short lived- how to implement correctly from B2B?
I am rewriting the old authorization code of my Windows service that communicates with Dropbox on behalf of a single, fixed user account. I have hit a snag. Usually I use the client credentials grant...
- 4 years ago
The updated Dropbox app authorization flow does now use short-lived access tokens and refresh tokens. In either implementation, the initial authorization does require some manual user interaction.
With the new functionality, if you need long-term access (that is, longer than four hours) without further manual interaction after the initial authorization, you should request "offline" access. That way, during the initial authorization your app will receive both a short-lived access token as well as a refresh token.
Then, when the current short-lived access token has expired, the app should use the refresh token to request a new short-lived access token, by calling /oauth2/token with 'grant_type=refresh_token'. This step can be done entirely programmatically, without additional manual user interaction.
You can find more information in the following resources:
Greg-DB
4 years agoDropbox Staff
The updated Dropbox app authorization flow does now use short-lived access tokens and refresh tokens. In either implementation, the initial authorization does require some manual user interaction.
With the new functionality, if you need long-term access (that is, longer than four hours) without further manual interaction after the initial authorization, you should request "offline" access. That way, during the initial authorization your app will receive both a short-lived access token as well as a refresh token.
Then, when the current short-lived access token has expired, the app should use the refresh token to request a new short-lived access token, by calling /oauth2/token with 'grant_type=refresh_token'. This step can be done entirely programmatically, without additional manual user interaction.
You can find more information in the following resources:
- pwnell4 years agoExplorer | Level 4That is what I did. However usually the refresh token is also short lived. You are saying I should persist the refresh token and use it even if my service restarts, to fetch a new auth token?
- Greg-DB4 years agoDropbox Staff
Yes, you should store and re-use the refresh token repeatedly. (Dropbox refresh tokens are not short-lived; they do not expire by themselves, though they can be revoked on demand by the user or app.)
- pwnell4 years agoExplorer | Level 4
Seems like I spoke too soon. It worked for a week or two but now the refresh token expired and I had to do the manual get token, then get refresh token, add to my code, restart the service routing which is just not cool.
I got HTTP Status code Unauthorized back after the refresh token worked fine for a while.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,915 PostsLatest Activity: 4 hours agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!