We're making changes to the Community, so you may have received some notifications - thanks for your patience and welcome back. Learn more here.
Forum Discussion
expired token when set to not expire
Have read a few posts on related topics here, and something definitely not working correctly...
My app was doing weird things today, and I saw a expired token exception getting thrown. This has never happened before. From reading this post https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/API-access-token-expired/td-p/363473 I can see that I do indeed have a temporary token, as it starts with "sl", but from this post https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Tokens-only-valid-for-4-hours-from-app-console/m-p/425358/highlight/true#M22718 I have gone to my app console, and it is still set to never expire, so I'm not sure how I've got an sl token when it should never expire? Sounds like a bug in the system somewhere. This has only happened the once. I'm going to add some code into my app to actually try the token out first (an API to check the validity of the token would be good, but apparently there isn't one), then I'll get a fresh one and let you know if it happens again. To date I have always assumed the token was good, and it always has been... until today.
I'm having issues with trying to catch this exception. As suggested in another post, I'm using GetCurrentAccountAsync to test if the token is valid - I've put that into a try/catch, and the catch doesn't run! THEN in later calls I start getting the expired token exceptions. i.e. GetCurrentAccountAsync doesn't seem to care that the token is expired (or at least it's not throwing an exception for it). I'm not sure which call is actually triggering the exception (I'm trying to catch it at authorisation so that it doesn't go any further).
CODE
DxClient??=new DropboxClient(DxToken);
try {
System.Diagnostics.Debug.WriteLine("********************************** Checking that token works");
DxClient.Users.GetCurrentAccountAsync();
}
catch (Exception ex) {
System.Diagnostics.Debug.WriteLine($"********************************** Exception in changing Authorised: {ex.Message}");
return;
}
System.Diagnostics.Debug.WriteLine("********************************** Token works!");
OUTPUT
********************************** DxToken is sl......
********************************** Checking that token works
********************************** Token works!.....
Exception thrown: 'Dropbox.Api.AuthException' in Dropbox.Api.dll
********************************** UNHANDLED EXCEPTION! Details: Dropbox.Api.AuthException: expired_access_token/I also tried
var result=DxClient.Users.GetCurrentAccountAsync()
in the try/catch - still no exception.
- Greg-DB
Dropbox Staff
Dropbox is switching to issuing only short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here.
Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find an example of processing the app authorization flow for "offline" access using the Dropbox API v2 .NET SDK here.
For reference, while the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption. Note though that after the change you won't be able to create new long-lived access tokens.
While the change began on September 30th, we're releasing it gradually, so you may not have seen your app(s) affected until now. Once it applies to your app, it would apply regardless of the "Access token expiration" setting for your app.
In any case, to proactively check the validity of a given token, UsersUserRoutes.GetCurrentAccountAsync is a good option. You can also use CheckUserRoutes.UserAsync. Note that short-lived access tokens are only valid for a few hours though, so they can expire between checking them like that and then making additional calls later, so you'll need to make sure you have error handling, e.g., for the AuthException you showed, on every API call you make.
Hi Greg,
Thanks for the extra info, but as per earlier post I'm still unable to get an exception using any of those methods. In the earlier case, I had been testing it within a C#/.NET property change. I thought perhaps it might be a limitation with properties, so I wrote the code as a separate method which I then call at the appropriate place. Still not getting an exception. So I thought, well if I'm not getting an exception, then let's assign it to something and see what's in it - I got nothing. Not a result, not a null, nothing. No further code from the method executes after the first call to the Dropbox server (i.e. none of the writelines), so it seems I'm simply not getting any response at all from the server (until I try other calls later in my app and start getting the exception). This is consistent with my first observations of incorrect behaviour in that my app displays the username or "not logged in" as the case may be, but neither was appearing on screen (so again, looks like the call was hung). Not sure what the time-out period is on such a call? At this point I'm not sure what else I can do to check the token is valid, as nothing I've tried so far works. See below (in the meantime I shall read-up about what I need to do to implement refresh tokens)...
CODE
async Task<bool> TokenIsValid()
{
System.Diagnostics.Debug.WriteLine($"********************************** {nameof(TokenIsValid)} is checking token {DxToken}");
DxClient??=new DropboxClient(DxToken);
try {
Account result=await DxClient.Users.GetCurrentAccountAsync();
if (result!=null) {
System.Diagnostics.Debug.WriteLine($"********************************** Name in result is {result.Name}");
} else {
System.Diagnostics.Debug.WriteLine($"********************************** Result is null!!");
}
}
catch (Exception ex) {
System.Diagnostics.Debug.WriteLine($"********************************** Exception in {nameof(TokenIsValid)}: {ex.Message}");
return false;
}
System.Diagnostics.Debug.WriteLine($"********************************** Token is valid!");
return true;
}OUTPUT (note that I have no further output from TokenIsValid after that first writeline)
********************************** DropboxService is being initialised
********************************** TokenIsValid is checking token sl.....
********************************** OnAuthorisedChanged is running with value Authorised:True
********************************** DropboxService has been initialised
Exception thrown: 'Dropbox.Api.AuthException' in Dropbox.Api.dll
********************************** UNHANDLED EXCEPTION! Details: Dropbox.Api.AuthException: expired_access_token/..
at Dropbox.Api.DropboxRequestHandler.RequestJsonString(String host, String routeName, String auth, RouteStyle routeStyle, String requestArg, Stream body); Request Id: b156453a19334fd0bfd773534492fe9c
Exception thrown: 'Dropbox.Api.AuthException' in System.Private.CoreLib.dll
********************************** UNHANDLED EXCEPTION! Details: Dropbox.Api.AuthException: expired_access_token/..
at Dropbox.Api.DropboxRequestHandler.RequestJsonString(String host, String routeName, String auth, RouteStyle routeStyle, String requestArg, Stream body)
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw(); Request Id: b156453a19334fd0bfd773534492fe9cthanks,
Donald.
So tonight my screens went black all of a sudden, but computer didn't crash, so I did a hot-restart - Visual Studio was open at the time. When I re-opened everything and tried my app again to see if I'd lost anything (don't remember where I last saved) I was getting a response to my token-check! This brings up a few points...
1. maybe something glitchy on my machine?
2. maybe something glitchy on the server which is now resolved?
3. it did indeed take a while - heaps of other messages before the response - but I hadn't put any time-stamps in, so I'm not sure exactly how long it took, but it was a while.
4. the qualifier here is that it was no longer the same token, as I'd given up on that issue for today and signed out and back in so I could do some other work. Perhaps related to the token itself? I'll have to look into it some more when this token expires.
