One month down in 2025: How are your resolutions coming along? Check out how to get back on track here.
Forum Discussion
kungfuslippers
4 years agoNew member | Level 2
Short lived Tokens for Swift SDK
Hi,
I've seen a few posts on short-lived tokens but wanted to be totally clear upon how they work.
On my app settings page, I have Access Token Expiration set to 'Short Lived'. When I click on the more info button I see a pop-up with the following:
-"Short-lived access tokens will expire after 4 hours. A new short-lived access token will be issued when a user re-authenticates or you can request one by using your refresh token.
If you default to use short-lived tokens, the token generated on this page will also be short-lived.
Long-lived tokens are less secure and will be deprecated in the future."-
So after running:
let scopeRequest = ScopeRequest(scopeType: .user, scopes: ["files.metadata.read", "files.metadata.write"], includeGrantedScopes: false)
DropboxClientsManager.authorizeFromControllerV2(
UIApplication.shared,
controller: self,
loadingStatusDelegate: nil,
openURL: { (url: URL) -> Void in UIApplication.shared.open( url, options: [:])},
scopeRequest: scopeRequest
)
The user will be prompted to login in / authorise via the Dropbox webview and if successful, the code flow returns via:
func scene(_ scene: UIScene, openURLContexts URLContexts: Set<UIOpenURLContext>) {
if let url = URLContexts.first?.url {
let oauthCompletion: DropboxOAuthCompletion = {
if let authResult = $0 {
switch authResult {
case .success:
print("Success! User is logged into DropboxClientsManager.")
case .cancel:
print("Authorization flow was manually canceled by user!")
case .error(_, let description):
print("Error: \(String(describing: description))")
}
}
}
DropboxClientsManager.handleRedirectURL(url, completion: oauthCompletion)
}
My questions are...
1. Does the token actually expire after 4 hours?
2. If it does - what APIs should I use to refresh?
3. If the short-lived tokens don't expire then can I assume that no further user interaction will be required to re-authorize / generate a new token - unless a call to DropboxClientsManager.unlinkClients() is made?
1. Short-lived access tokens, such as retrieved by authorizeFromControllerV2, do expire after four hours. The authorizeFromControllerV2 method actually requests "offline" access though, so it receives a refresh token in addition to the short-lived access token.
2. If you use authorizeFromControllerV2 as documented, the SDK will automatically perform the refresh process for you. It will get a new short-lived access token when needed; you don't need to implement anything for that yourself.
3. While the short-lived access tokens themselves do expire, you are correct that, when implemented as above, no further user interaction is required (unless the access is explicitly disabled in some way, such as via unlinkClients) since the SDK will automatically perform a refresh when needed.
- Greg-DB
Dropbox Staff
1. Short-lived access tokens, such as retrieved by authorizeFromControllerV2, do expire after four hours. The authorizeFromControllerV2 method actually requests "offline" access though, so it receives a refresh token in addition to the short-lived access token.
2. If you use authorizeFromControllerV2 as documented, the SDK will automatically perform the refresh process for you. It will get a new short-lived access token when needed; you don't need to implement anything for that yourself.
3. While the short-lived access tokens themselves do expire, you are correct that, when implemented as above, no further user interaction is required (unless the access is explicitly disabled in some way, such as via unlinkClients) since the SDK will automatically perform a refresh when needed.
- kungfuslippersNew member | Level 2
Many thanks for the clarification!
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.5,950 PostsLatest Activity: 14 hours ago
If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!