Forum Discussion

Explorer | Level 4

9 years ago

Solved

API v2 access token validity and authorization redirect URL response

Is it correctly understood that the token I get from a user after the authorization flow, is valid until the user revokes it? Meaning I can just store it securely in the app and use it each time it'...

API

Greg-DB
9 years ago
That's correct, a Dropbox API access token doesn't expire by itself, but it can be revoked at any time, by either the user or app. That being the case, your app should store and re-use the access token for a user.

What you can do with the final state of the browser in the app authorization flow depends on exactly how you have it implemented. Can you elaborate on how your setup currently works? Specifically, are you using an embedded browser or the external system browser, which OAuth 2 flow are you using, and what, if any, redirect URI are you using?
Greg-DB
9 years ago
Thanks for following up. In that case, returning an HTML success page like that is the best solution.

Note that we don't recommend using an embedded web view, as the Google Sign In flow won't work with that in the future:

https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html

jenseno

Explorer | Level 4

9 years ago

Hi. Thank for you answer. I use the system browser and redirect back to localhost inside my app.

Now I just return a HTML page with a message saying the user was authorized and they can return to the app.

Plus a link to close the browser window.

Later i'll probably switch to an embedded browser and the webpage will close itself ;)

Actually everything is working just fine, but I get a 400 error when trying to get a token from the code I get from the auth flow so I'm kinda stuck there.

Greg-DB

Dropbox Community Moderator

9 years ago

Thanks for following up. In that case, returning an HTML success page like that is the best solution.

Note that we don't recommend using an embedded web view, as the Google Sign In flow won't work with that in the future:

https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html

About Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!

Forum Discussion

API v2 access token validity and authorization redirect URL response

About Dropbox API Support & Feedback

Related Content

API Redirect URI allow multiple ports on localhost

Mismatched redirect URI

Dropbox SDK windows, redirect to localhost after successful authorization issue

OAuth2 redirects to Dropbox.com instead of my redirect URI

Dropbox not authorizing access properly for third party app.

Recent Discussions

Shared Link - Download in .NET

Dropbox API server root certificate changes for .Net

GetCurrentAccountAsync API Failing for some Team Members while using Impersonation

Find DBID on Local PC

How to replace a non-existent permanent token? Any auto-refresh alternative for automation?