You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

donaldp's avatar
donaldp
Collaborator | Level 9
5 years ago

App signout issue

Hi,

Having issues with getting signed out in my app, so as to sign-in again with a different user (or simply prevent someone else from having unauthorised access due to still signed in). As far as I can see, you still don't have a signout method yet, and I've tried some of the things I've found suggested here to effectively achieve that, but still not working.

At the moment, to "sign out",  I am doing the following (this is C#/.NET)...

await DxClient.Auth.TokenRevokeAsync();
DxClient.Dispose();
DxClient=null;

...and yet, when I go to sign-in again - i.e. I want to get the sign-in screen and enter an e-mail address and password - the server goes "oh,I see you've already been logged in on this device, here, have another token". What do I need to do to make it stop giving me another token and give me the sign-in screen instead (THEN give me another token when I have signed in again)?

And before you ask, yes, it is a second token, not the same one as the first time - I checked. I'm being given a second token without signing in a second time.

 

thanks,

   Donald.

 

API
  • Greg-DB's avatar
    Greg-DB
    5 years ago

    Revoking a particular access token prevents that token from being used, but it doesn't completely unlink an app from the account. (E.g., there may be other access tokens for that app-account pair.)

    Also, it doesn't revoke the user's web session in the browser, which is unrelated to access tokens.

    The user can always unlink apps from their account from the Connected apps page, or log out of Dropbox via the logout page.

    Also, the app itself can optionally use the forceReapprove or forceReauthentication option on DropboxOAuth2Helper.GetAuthorizeUri though to have the user explicitly re-approve the app, or entirely re-authenticate (i.e., log in to the Dropbox web site) again, respectively.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff
    5 years ago

    Revoking a particular access token prevents that token from being used, but it doesn't completely unlink an app from the account. (E.g., there may be other access tokens for that app-account pair.)

    Also, it doesn't revoke the user's web session in the browser, which is unrelated to access tokens.

    The user can always unlink apps from their account from the Connected apps page, or log out of Dropbox via the logout page.

    Also, the app itself can optionally use the forceReapprove or forceReauthentication option on DropboxOAuth2Helper.GetAuthorizeUri though to have the user explicitly re-approve the app, or entirely re-authenticate (i.e., log in to the Dropbox web site) again, respectively.

    • donaldp's avatar
      donaldp
      Collaborator | Level 9
      5 years ago

      Aesome! Thanks Greg! Didn't see any reference to that in my search results, but ForceReauthentication does the job. :-)

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,910 PostsLatest Activity: 3 days ago
333 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!