Forum Discussion

yurpub's avatar
yurpub
New member | Level 2
4 years ago

Dropbox Sdk refresh access token encapsulated

Hi guys,   your Sdk is great, however I don't understand something.   Inside I found a method CheckAndRefreshAccessToken(), that in turn calls RefreshAccessToken() that retrieves new access a...
Developers
yurpub's avatar
yurpub
New member | Level 2
4 years ago

 

Thanks for your examples.

 

The problem is that there is no way to access a new access token in your SDK.

Why is this the problem? - because once an access token has expired (that was received only once), SDK is going to refresh an access token every time we want to access a client's account.

 

In other words, the access token received in the first place (after consent screen) can be used only once.

 

We implemented custom code to check the expiration of the token, refresh it with a separate HTTP call to POST: /token and store a new access token in the database to be able to reuse it while it's alive.

 

It should not be like this. Apologies for such feedback 😀

 

Thanks.

Greg-DB's avatar
Greg-DB
Icon for Dropbox Community Moderator rankDropbox Community Moderator
4 years ago

Thanks for following up. I'm not sure I understand your use case though. Can you elaborate? Why do you need to be able to retrieve the current short-lived access token?

 

The recommendation is to just create the client with the credentials you have and let the client perform the refresh automatically, whenever needed (even if that includes doing so on every subsequent client creation). Performing the refresh is relatively light-weight.

 

And for reference, each short-lived access token can be used more than once, during its lifetime (several hours). Likewise, you don't need to create a new DropboxClient for each API call. You can keep any given DropboxClient in memory and use it as long as you need.

  • yurpub's avatar
    yurpub
    New member | Level 2
    4 years ago
    each short-lived access token can be used more than once, during its lifetime (several hours)

    That's correct. In most cases where the oAuth protocol is implemented, you intend to use the access token until it expires and refresh it when needed. That's a standard.

     

    We may access the client's account within an hour multiple times.
     
    If the DB SDK returns an access token to a developer following the authorization, I presume it's here to consume the API with a way to refresh it. But it's only available for 2 hours ever.
     
    Anyway, our solution works.
     
    Thanks for checking our my feedback.



About Discuss Dropbox Developer & API

Node avatar for Discuss Dropbox Developer & API
Make connections with other developers

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!