Forum Discussion

SneYellow46's avatar
SneYellow46
Explorer | Level 4
4 years ago

Getting refreshed access token from Generated access tokem

Hi, I have an iOS objective c application connected with dropbox SDK.   We are using generated access token to access apps folder from my BD account.       client = [[DBUserClient allo...
API
Здравко's avatar
Здравко
Legendary | Level 20
4 years ago
SneYellow46 wrote:

...

Yes that is the issue, the data resides on our dropbox and we dont want to give users access to our dropbox credentials that is why don't want to use oAuth flow.

...

🤔🤨🤷 Just opposite!!!

That's why I told you that embedding any long lived token is not good idea for something different than server side application. 😉 Only on server only you will have access there. On client side everybody has access. Exactly that's why OAuth is used! In such a way you don't have to pass any tokens. They will be generated on the user installing you application side (your application gonna generated them there actually). 🙂 Seems you are falling in some confusion.

Hope this helps.

SneYellow46's avatar
SneYellow46
Explorer | Level 4
4 years ago

No I understand the flow of the DB SDK or any Auth provider in that case.

 

But yeah, we wanted our application to be distributed to few users directly with embedded access token so that that they just install the app and start accessing data/files from our DB account within the application.

 

 

 

Thanks for the information. 

  • Здравко's avatar
    Здравко
    Legendary | Level 20
    4 years ago
    SneYellow46 wrote:

    ..., we wanted our application to be distributed to few users directly with embedded access token so that that they just install the app and start accessing data/files from our DB account within the application.

    ...

    In such a case you can count it as something like server side application (server side application - not literal - on phone). It's your responsibility to restrict the access to your account! Take in mind that, in such case, everybody accessing/installing your application will have access to your account. Is it acceptable? 🤔...

    Good luck.

    • SneYellow46's avatar
      SneYellow46
      Explorer | Level 4
      4 years ago

      Yes this is for few of our client. We will provide them tokens manually and they have to enter it to get access. So in such case is it possible to refresh the token from the mobile side without oAuth flow?.

      • Здравко's avatar
        Здравко
        Legendary | Level 20
        4 years ago
        SneYellow46 wrote:

        ... So in such case is it possible to refresh the token from the mobile side without oAuth flow?.

        Yes, it is. Once refresh token is available the refresh can be done on any platform; not only on mobile (as a process it's the same; just a call to Dropbox server whenever needed without any user interaction). 😉

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!