cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
We've been busy working on some major updates to the Community, so check out what's changing, what’s staying the same and what you can expect from the Dropbox Community right here.

Discuss Dropbox Developer & API

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Seamless migration from non-expiring access token to refresh token?

Labels:

Seamless migration from non-expiring access token to refresh token?

Mark R.43
New member | Level 2
‎04-27-2022 08:13 AM
Go to solution

Hello,

 

We have an existing application that integrates with Dropbox via the .NET SDK. The application currently acquires user consent once and then stores a non-expiring access token for future use. We'd like to migrate to using short-lived access tokens, and wish to do so with minimal user interaction.

 

Switching to short-lived access tokens seems clear cut - we need to convert to storing a refresh token that can be used to request short-lived access tokens. However, we'd like to do this without asking the user to re-authorize. Is there a way to exchange a non-expiring access token for a refresh token without user interaction?

 

- Mark

Labels:
  • 0 Likes
  • 2 Replies
  • 618 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
‎04-27-2022 09:03 AM
Go to solution

It's not possible to exchange a long-lived access token for a refresh token, however it is not necessary to make existing connected users switch anyway. Existing long-lived access tokens can continue to be used, as we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.)

View solution in original post

2 Replies 2

Greg-DB
Dropbox Staff
‎04-27-2022 09:03 AM
Go to solution

It's not possible to exchange a long-lived access token for a refresh token, however it is not necessary to make existing connected users switch anyway. Existing long-lived access tokens can continue to be used, as we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.)

Mark R.43
New member | Level 2
‎04-27-2022 10:03 AM
Go to solution

Hi Greg,

 

Thanks for your reply.

 

>  Existing long-lived access tokens can continue to be used, as we don't currently have a plan to disable...

 

If I hover over the access token expiration icon in the dev console, it states that "long-lived tokens are less secure and will be deprecated in the future". I interpreted this to mean that long-lived tokens would be deprecated for *existing* applications (at some point) and we wanted to get ahead of that change.

 

Good to hear that we can leave it alone for the time being, and thanks again!

 

- Mark

0 Likes
Need more support?