Forum Discussion

martinkleinaustria's avatar
martinkleinaustria
Explorer | Level 4
5 years ago

OAuth Updates for an App for just One Single User (Developer is only user) required ?

I received a mail from Dropbox announcing the Oauth updates by Sept 2021. I have a very simple Single Page Java Script application - which runs in the browser not in node - and I use the Dropbox-sd...
Developers
Greg-DB's avatar
Greg-DB
Icon for Dropbox Community Moderator rankDropbox Community Moderator
5 years ago

In your case, you're not actually processing the OAuth app authorization flow, since you're just using a single pre-generated long-lived access token, so you technically don't need to change anything in your code.

 

While long-lived access tokens are now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) like this. Note that after the change you won't be able to create new long-lived access tokens though. So, after that point if you revoke your existing long-lived access token you wouldn't be able to generate a new one, and would need to instead update your code to use the new short-lived access tokens/refresh token functionality.

  • martinkleinaustria's avatar
    martinkleinaustria
    Explorer | Level 4
    5 years ago

    Thanks for your reply.

    If I understand you correctly in the future it would not be possible to generate access tokens in the App console ?

    So I would be on the save side to switch to OAuth flow and in my case the PKCE method.

    Could you please provide a PKCE example for my simple case.

    The "download" example that is provided in the Javascript SDK would then also not work in the future because it also uses the pre-generated access-token so it must be reworked anyhow and I could then use this reworked "download" example for my app.

    Unfortunatly the provided PKCE example in the SDK is based on node.js but my app runs just in the Browser. No server. No re-direct URL.

    Many thanks for your support. Martin Klein

    • Greg-DB's avatar
      Greg-DB
      Icon for Dropbox Community Moderator rankDropbox Community Moderator
      5 years ago

      The App Console will continue to offer the ability to generate access tokens. (Currently, that includes both long-lived and short-lived access tokens. After the change, it will no longer offer long-lived access tokens.) It does not currently offer the ability to additionally generate refresh tokens though. We may add that in the future, but I can't guarantee that.

       

      I don't believe we currently have an example of processing the PKCE flow in browser JavaScript, but I'll pass this along as a request for one. I can't promise if/when that might be implemented though. There is unfortunately currently an open bug with that though anyway.

About Discuss Dropbox Developer & API

Node avatar for Discuss Dropbox Developer & API
Make connections with other developers

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!