OAuth 2.0 Access Token Validity

Question

I have been trying to use the dropbox apis through OAuth 2.0 authentication support. I found that the access token generated through the authorize and token end points seems to be valid for over 2 days. I had expected it to expire after a while (say couple of hours) assuming that to be a standard.

I would like to know the validity period of the access token. Can someone share provide some inputs?
Thanks!

I would like to know the validity period of the access token. Can someone share provide some inputs? 
Thanks!

Steve M. · Answer

See https://www.dropbox.com/developers/support#token-expiration.

Access tokens effectively don't expire.

Amit1 · Answer

Isn't it a security issue if the token don't expire? http://stackoverflow.com/a/7035926/537503

Steve M. · Answer

Because Dropbox does a database lookup for each request, our bearer tokens are immediately revocable by code or by the user (via https://www.dropbox.com/account/security). We reviewed our OAuth 2 implementation with respect to the issues raised in that Stack Overflow answer as well as many other sources, and we're comfortable with what we have from a security perspective.

Amit1 · Answer

:)

Forum Discussion

OAuth 2.0 Access Token Validity

4 Replies

About Dropbox API Support & Feedback

Related Content

Access

Dropbox OAuth authentication confirmation pages

The given OAuth 2 access token is malformed.

OAuth broken (Missing client_id) if force_reauthentication=true

OAuth access token type

Recent Discussions

SSL Certificate error or SSH md5 fingerprint not Ok error.

Dropbox API and access tokens for enterprise level

Upgraded Team Account - breaking shared links using JS SDK

How to Allow Other Users to Test My Dropbox Extension?

Permission files.metadata.read seems ineffective