Re: Dropbox APP Authorization Token Expires

ABDUL Salam · ‎11-19-2023

Hello Forum Members,

I have a project where I receive public URLs of files, and I save these files to a specific folder structure in Dropbox In my Dropbox account only. I'm using https://www.dropbox.com/developers/documentation/http/documentation#files-save_url to achieve this using the Dropbox API. Currently, I am able to pass a URL to the API, and it saves/downloads the file and places it in the correct folder structure within Dropbox. But the issue is that my authorization token
"Authorization: Bearer <My Token HERE>"
that we need to pass in the request header expires after some time. I have generated it from the below section in app settings after creating my app

Note: I am developing in PHP - LARAVEL Framework. I need this to be achieved for my Dropbox account only.

Any help or insights would be greatly appreciated.

Thank you in advance for your assistance!

Здравко · ‎11-20-2023

OAuth flow is a way to authenticate user (one or more) grant for particular application to access corresponding account(s). There is no any limitation in users count (if we ignore some possible provider specific limitations, but it's not protocol related). As I said for long term access, you need refresh token and the only way to get to such token is OAuth usage - Dropbox doesn't provide alternative by now - doesn't matter who is the user or how many are they.

When you will use only your own account, you don't need to implement the complete OAuth flow inside your application, but you need refresh part at least - it's mandatory. The actual authentication (the initial steps) can be performed once, by hands, outside the application and once you have the refresh token continue using it inside the application. For an example how you can perform the initial steps outside application and how you can perform refresh inside the application (you should implement the last step in PHP), take a look here.

Hope this sheds some more light.

View solution in original post

Здравко · ‎11-19-2023

Hi @ABDUL Salam,

Long lived access token are deprecated long time ago already. Currently, generation of new such token is completely dropped - all new access token are short lived (If you have still some old you can kepp using it, not new).

For long term access and new token, you need refresh token received using OAuth flow with set offline access. May be you will want to implement refreshing in your PHP to use it continuously.

Hope this gives direction.

ABDUL Salam · ‎11-19-2023

Hi @Здравко Thanks for responding to the query but I have a question should I be implementing OAuth flow for an app that needs to access my account only? As far as I am concerned or maybe I am wrong OAuth flow is implemented when my app needs to access multiple user accounts.
Thanks.

PREVIEW

Здравко · ‎11-20-2023

OAuth flow is a way to authenticate user (one or more) grant for particular application to access corresponding account(s). There is no any limitation in users count (if we ignore some possible provider specific limitations, but it's not protocol related). As I said for long term access, you need refresh token and the only way to get to such token is OAuth usage - Dropbox doesn't provide alternative by now - doesn't matter who is the user or how many are they.

When you will use only your own account, you don't need to implement the complete OAuth flow inside your application, but you need refresh part at least - it's mandatory. The actual authentication (the initial steps) can be performed once, by hands, outside the application and once you have the refresh token continue using it inside the application. For an example how you can perform the initial steps outside application and how you can perform refresh inside the application (you should implement the last step in PHP), take a look here.

Hope this sheds some more light.

ABDUL Salam · ‎11-22-2023

Thanks @Здравко That makes sense. Appreciate your detailed explaination.