Forum Discussion

Helpful | Level 7

4 years ago

Short lived token - Android user experience

What should the user experience be like for someone using my Android app after migration to short-lived access tokens? Currently we save a long-lived token in persistent storage for the app, so the ...

API

Greg-DB
4 years ago
Your description of the current (long-lived) implementation looks correct. The exceptions are if the user or app unlinks the app or revokes the token, in which case the user would need to re-authorize the app, and in that case, if they've since signed out of the app/web site, they'd need to sign in again to do so.

For the new (short-lived) implementation though, as long as you use the official Dropbox Java SDK as provided, you can get effectively the same behavior (from the user's perspective) as the long-lived implementation. To do so, you would start the authorization flow using startOAuth2PKCE (instead of startOAuth2Authentication) as shown here, and handle the result as shown here. When you do so, the credential will include both a short-lived access token as well as a refresh token, and the SDK will automatically handle expired short-lived access tokens for you by performing the refresh in the background.

Greg-DB

Dropbox Staff

4 years ago

Your description of the current (long-lived) implementation looks correct. The exceptions are if the user or app unlinks the app or revokes the token, in which case the user would need to re-authorize the app, and in that case, if they've since signed out of the app/web site, they'd need to sign in again to do so.

For the new (short-lived) implementation though, as long as you use the official Dropbox Java SDK as provided, you can get effectively the same behavior (from the user's perspective) as the long-lived implementation. To do so, you would start the authorization flow using startOAuth2PKCE (instead of startOAuth2Authentication) as shown here, and handle the result as shown here. When you do so, the credential will include both a short-lived access token as well as a refresh token, and the SDK will automatically handle expired short-lived access tokens for you by performing the refresh in the background.

About Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,877 PostsLatest Activity: 4 hours ago

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!

Forum Discussion

Short lived token - Android user experience

About Dropbox API Support & Feedback

Related Content

Short lived access tokens only?

Browser session for logged-in users seems really short

Python API Short-lived access token for Dropbox

My migration plan for Android app (short-lived access tokens)

iPhone からAndroid

Recent Discussions

Trying to download a file, but no file is being downloaded.

Dropbox internal error occured - Resolution

How to add the entire team to team folder by api

API Upload .HEIC and convert to JPG

Invalid Folder Name with Team API