Forum Discussion

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff
    Unlike OAuth 2 access tokens, OAuth 1 access tokens are comprised of two different pieces, a key and a secret. (So, to sign an API call with an OAuth 1 access token, you needed four different pieces: the app key, the app secret, the OAuth 1 access token key, and the OAuth 1 access token secret.) There's an example of the process here:

    https://blogs.dropbox.com/developers/2012/07/using-oauth-1-0-with-the-plaintext-signature-method/

    Note that all four pieces are distinct. The app key and secret, which only identifies the app, is different than the OAuth 1 access token key and secret, which identify both the app and specific user.

    You only need to use /2/auth/token/from_oauth1 is you do have stored OAuth 1 access tokens that you want to migrate to OAuth 2. Note that if your stored access tokens are only one long piece, you likely already have OAuth 2 access tokens. (API v1 supported both OAuth 1 and OAuth 2.)