Cut the Clutter: Test Ignore Files Feature - sign up to become a beta tester here.

Forum Discussion

ben91082's avatar
ben91082
New member | Level 2
4 years ago

Access Token for App which accesses a single dropbox account but doesn't require users to login

I have an app developed many years ago, a data collection/questionnaires app. The users of the app are able to upload files and these are sent to a single dropbox account owned by the client as opposed to users logging in and acting on their own dropbox accounts. I used to be to ask the client to generate an access token from their App console and we could use this for long term access to the account. In this scenario the users of the app have no way to authorize access to the clients account via the oAuth flow so we need a long term access token. The access tokens generated from the app console now seem to expire after a day and it would be impractical to ask the client to generate new ones every day. What is the recommended approach in this situation without having to implement the oAuth flow?

 

Thanks

Developers

2 Replies

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    4 years ago

    You should implement the OAuth app authorization flow to let your end-user(s) (in this case, your client) connect their Dropbox account, rather than have them register their own app. It is not possible to get a refresh token (i.e., for long-term access) without doing so.

     

    For reference, we do not recommend having end-users create/register apps themselves on Dropbox and then use the Generate button like this. The developer of the app/plugin/integration should register it once, and then implement the OAuth app authorization flow in the app/plugin/integration so that the end-users can authorize it to access their accounts without having to register and configure it themselves. That would apply to both the previous long-lived access token functionality, as well as the new short-lived access token and refresh token functionality. Previously, the user would need to process the OAuth app authorization flow once to get the long-lived access token. Now, they would do the same, and the app gets a short-lived access token and refresh token the same way, instead of a long-lived access token. The process would look the same to the end-user in both cases. The app would store and re-use the long-lived access token, or the refresh token, respectively.

  • ben91082's avatar
    ben91082
    New member | Level 2
    4 years ago

    Thanks very much for the explanation. I expected that this would be the case but hadn't given up hope that there would be a quick solution to keep the app going without the extra development time incurred by implementing OAuth flow!

About Discuss Dropbox Developer & API

Node avatar for Discuss Dropbox Developer & API
Make connections with other developers815 PostsLatest Activity: 2 days ago
278 Following

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!