Need to see if your shared folder is taking up space on your dropbox 👨💻? Find out how to check here.
Forum Discussion
Solved
How can i get lifetime Access Token
i have android app connected to my Dropbox folder using access token but every 4 hour should i edit my code and input the new access token is there any method to make the app working 24h without any ...
Ghost Mjrm, Be more careful when inspecting the code.
Ghost Mjrm wrote:
... there is no offline ...Hm..🤔 Let's see where the OAuth starts here and what actually gets executed here. 🧐 Are you still thinking "there is no offline"? 🙂
Ghost Mjrm wrote:
... or refresh token exampleLet's see where OAuth finish here and what actually it executes here. Ahhh... where was this refresh token... 😉
Keep more attention on code reading.
😁 In this case (following your words) when someone uses your application should sign in in the same account when pass on the OAuth 2 operation where will look for the file uploaded (no in other account, like you did). 😉
I thought that the user can use any email to upload the file to my dropbox server app because simply using my app key and app secret that I configured in my code
Yes, user can do it and the file will get to the account matching this email (whoever is the owner). The same like when you use the official Dropbox application. Where a file put in Dropbox folder goes? 🧐 To your Dropbox account or to account own by some of the application' developers (i.e. Dropbox staff)? 🤔😄
i understand you but where is the point of my app key and app secret in my code if the photo uploaded goes to the user dropbox account not my dropbox account
did you understand me the photo goes to the dropbox account that the user signed with it
during the oauth 2 process
you know in the authorized request it request from the user to sign in in dropbox 'in the browser'
look what chat gpt answere me and i find this very logical:
in step number 3 During the user authentication process is the user should sign in using my dropbox accountChatGPTNo, the user should not sign in with your Dropbox account during the authentication process. Instead, the authentication process involves the user signing in with their own Dropbox account. Here's how it typically works:
User Initiates Authentication:
- The user interacts with your app, and your app initiates the Dropbox authentication process.
Redirect to Dropbox for Authorization:
- Your app constructs an authorization URL using your app's key and secret and redirects the user to the Dropbox website.
- The user signs in with their own Dropbox account on the Dropbox website.
Hm..🤔 Ok, how the user would know whether the access to their own data is correctly providing to selected code (your application) and not some fake or malicious code? 🧐 On other side, how Dropbox API would ensure the token is provided to correct user and not to some "men in middle"?
PS: OMG...🤦 Is your brain dysfunctional? By the way, your AI (ChatGPT) answer is NOT entirely correct (again), something that should not surprise you, but...
ok then for security reason should the user sign with my own account to i get the photo
how to i know this stuff about man in the middle and that things without any background on it no my brain work fine but chatgpt give me answer and you give me different one
and of my small knowledge im here to ask and learn not to proof myself
- + this app i don't want to publish it to the public
And I don’t want unknown user to use it so no one said about the security and this stuff
You can simplify the discussion by saying it’s protocol from the dropbox sdk to protect the user and not using „mindless“ word
Ghost Mjrm wrote:... im here to ask and learn not to proof myself
Ok, then it's easy 😉, just learn and not try to put non-trusted knowledge (something against TOS of this forum by the way). In this context let see:
Ghost Mjrm wrote:Redirect to Dropbox for Authorization:
- Your app constructs an authorization URL using your app's key and secret and redirects the user to the Dropbox website.
Do you use any secret in your authorization URL? 🧐 How many you should know to figure out it's incorrect? 🤷 - just an example. Where app secret is used in? Just take a look in your code - you don't need to proof yourself or something similar. Again, what you'll believe in? 🙂🤫
i have noticed to this before that there is no app secret in the authorization URL but in the next step in exchange authorization code for token my app secret IT HAS ALREADY BEEN USED
private void exchangeAuthorizationCodeForTokens(String code) {
new AsyncTask<String, Void, Void>() {
@Override
protected Void doInBackground(String... params) {
try {
String url = "https://api.dropbox.com/oauth2/token";
String requestBody = "code=" + params[0] +
"&grant_type=authorization_code" +
"&client_id=" + DROPBOX_APP_KEY +
"&client_secret=" + DROPBOX_APP_SECRET +
"&redirect_uri=" + DROPBOX_REDIRECT_URI;Would you like to learn or to proof... not very clear what? 🤔 Might be current ChatGPT stupidity...
Ghost Mjrm wrote:i have noticed to this before that there is no app secret in the authorization URL but in the next step in exchange authorization code for token my app secret IT HAS ALREADY BEEN USED ...
And.. what? Is app secret used in URL or not? 🧐 Yes it's used, of course. What would it exist for otherwise? 🙂 By the way, as already mentioned in current discussion, secret is optional in some cases (when correct token receiving can be guaranteed in other way).
i don't want to prove something i admit that i got incorrect information from chatgpt but my brain is not dysfunctional i just got confused because the different answers
you were able to help without using hurtful words to the other partyOk, sorry, the words just lipped out. I just don't know how to say that such sources are unreliable and how many time to repeat that so it would reach to you. Even more you should be more critical and shouldn't accept such things so... naively believing in them, even when clearly visible they are incorrect. As I said, you're violating TOS too!
AI of any kind will never replace humans intelligence. Don't try replace your own intelligence with something that cannot be better (even in theory). AI could be a good tool, but never replacement.
Good luck.
- Thank you for your advice it came at the right time
Good luck to you too
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
