We’re Still Here to Help (Even Over the Holidays!) - find out more here.
Forum Discussion
Access token generated with refresh token got permissions revoked
As per the dropbox offline flow, I've set up a flow where I've generated a refresh token after the owner of the dropbox (me) - Generated an access code using this URL https://www.dropbox.com/oauth...
Здравко
I need to do this on every file upload.
I do not control when the file is going to be uploaded and I'm not in a position where I can get an access token that lasts only 4 hours.
Hence the decision to go with a refresh token (that lasts forever) and use it to give me a new access token before each upload.
There were some online solutions following this path and claimed it worked.
The same happened on my end up until one request failed due to the access token generated by the refresh token had insufficient permissions.
The whole flow is a bit complicated so if you could point me into the right direction I would be really grateful.
My confusion lies in the part where I was getting valid access tokens with my refresh token for a month and then all of the sudden my access tokens have no permission.
andrejpet, unfortunately I cannot say much more than what's already said in the thread I linked to above. I think it's detailed enough. Even more it's the first time, I know about for such thing, you described:
andrejpet wrote:...
My confusion lies in the part where I was getting valid access tokens with my refresh token for a month and then all of the sudden my access tokens have no permission.
If you have valid refresh token and you're able to get valid access token at least once, you can always get other access token with the same validity again, so such a situation is impossible. The only way refresh token lost validity is revoking. Even more, in such a case you cannot receive access token with limited validity, you'll not be able receive any access token - you'll receive error on a try then (no receiving access token with no permission).
andrejpet wrote:...
I need to do this on every file upload.
...
It's not something mandatory. You can calculate when the token will expire on every refresh (the refresh moment + validity period) and on every regular API call (before the call actually) check if the current moment goes close to the expiration moment. If the moment is too close (let say less than a 2 or 5 minutes) perform new refresh and perform the ongoing regular API call after that and so on. This is the way; in such a way you will perform exactly so much refreshes as needed, neither more or less. 😉
andrejpet wrote:...
I do not control when the file is going to be uploaded and I'm not in a position where I can get an access token that lasts only 4 hours.
...
Ha...🙂 Really? And who is in such a position if not you? 😁
Add: You didn't mention what development environment (programing language) you're using. If you use such that can be in use together with some of the supported Dropbox SDK's, you don't need to do anything of that we discussed here. Everything is implemented there; you'll need only to initialize properly client object.
About Discuss Dropbox Developer & API
Make connections with other developers
