<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Invalid access token in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372392#M20973</link>
    <description>&lt;P&gt;I generated an access token while creating my project on dropbox app console, and used that token to let my user's to fetch data from my drobox using my android app, everything worked fine for months but today i was getting an exception that my access token is not valid, then i generated a new access token from app console and it again started working, now that my token is changed and is affecting my users as they have the old one.. i want to know what has happened and how my token becomes invalid, is the token got changed or what.. i have over 5k installs on google play and now my all users are affecting&lt;/P&gt;</description>
    <pubDate>Fri, 18 Oct 2019 15:34:10 GMT</pubDate>
    <dc:creator>Muneebzzzz</dc:creator>
    <dc:date>2019-10-18T15:34:10Z</dc:date>
    <item>
      <title>Invalid access token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372392#M20973</link>
      <description>&lt;P&gt;I generated an access token while creating my project on dropbox app console, and used that token to let my user's to fetch data from my drobox using my android app, everything worked fine for months but today i was getting an exception that my access token is not valid, then i generated a new access token from app console and it again started working, now that my token is changed and is affecting my users as they have the old one.. i want to know what has happened and how my token becomes invalid, is the token got changed or what.. i have over 5k installs on google play and now my all users are affecting&lt;/P&gt;</description>
      <pubDate>Fri, 18 Oct 2019 15:34:10 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372392#M20973</guid>
      <dc:creator>Muneebzzzz</dc:creator>
      <dc:date>2019-10-18T15:34:10Z</dc:date>
    </item>
    <item>
      <title>Re: Invalid access token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372484#M20974</link>
      <description>&lt;P&gt;By default,&amp;nbsp;Dropbox API access tokens for your app(s) don't expire by themselves, but there a number of different ways that a Dropbox API access token can become invalid:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;the user can revoke all access tokens for an app by unlinking it on &lt;A href="https://www.dropbox.com/account/connected_apps" target="_self"&gt;the connected apps page&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;any client with the access token can revoke the access token by calling &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#auth-token-revoke" target="_self"&gt;/2/auth/token/revoke&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;if the app uses the "app folder" permission, the token can be disabled by the user deleting the app folder itself in the Dropbox account, either via the Dropbox website or any client&lt;/LI&gt;
&lt;LI&gt;the app can be disabled&lt;/LI&gt;
&lt;LI&gt;the account that owns the app can be disabled&lt;/LI&gt;
&lt;LI&gt;the connected account can be disabled&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;Also, I should note that the Dropbox API was designed with the intention that each end-user would link their own Dropbox account, in order to interact with their own files, in which case they would only have access to their own access token(s).&lt;/P&gt;
&lt;P&gt;It is technically possible to connect to just one account, by always using a specific access token, for all end-users of your app, and it sounds like that's what you're doing in this case. Please be aware that we don't recommend doing so, for various technical and security reasons. This is especially true for client-side apps, such as Android apps, as they can't keep the access token a secret from the end-users.&lt;/P&gt;</description>
      <pubDate>Fri, 18 Oct 2019 15:45:47 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372484#M20974</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2019-10-18T15:45:47Z</dc:date>
    </item>
    <item>
      <title>Re: Invalid access token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372523#M20977</link>
      <description>Aslo note down that my app console is still in development mode and my app is published on playstore,i have hard coded the access token in my android app so the users can able to fetch data from my dropbox withouth any aunthentication, is that may be the reason that my access token gets invalid because my app console is still in development mode?</description>
      <pubDate>Fri, 18 Oct 2019 19:14:57 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372523#M20977</guid>
      <dc:creator>Muneebzzzz</dc:creator>
      <dc:date>2019-10-18T19:14:57Z</dc:date>
    </item>
    <item>
      <title>Re: Invalid access token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372527#M20978</link>
      <description>&lt;P&gt;No, your app being in development mode would not affect access token validity. The development mode only limits how many different&amp;nbsp;Dropbox accounts can be connected to your app. Since you are only connecting your app to your one account, that isn't relevant.&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 18 Oct 2019 19:22:17 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372527#M20978</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2019-10-18T19:22:17Z</dc:date>
    </item>
    <item>
      <title>Re: Invalid access token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372542#M20979</link>
      <description>I got the information while generating the access token that i should use standard auth process to generate access tokens for my users. What does that mean then</description>
      <pubDate>Fri, 18 Oct 2019 20:06:30 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372542#M20979</guid>
      <dc:creator>Muneebzzzz</dc:creator>
      <dc:date>2019-10-18T20:06:30Z</dc:date>
    </item>
    <item>
      <title>Re: Invalid access token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372549#M20980</link>
      <description>&lt;P&gt;It sounds like you're referring to using the OAuth app authorization flow. That's the process you would implement in your app for the normal case where you have each end-user connect their own&amp;nbsp;Dropbox account to&amp;nbsp;receive their own access token. You can find more information in &lt;A href="https://www.dropbox.com/developers/reference/oauth-guide" target="_self"&gt;the OAuth Guide&lt;/A&gt; and &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#authorization" target="_self"&gt;authorization documentation&lt;/A&gt; (as well as the documentation for the SDK/library you're using, if any).&amp;nbsp;&lt;/P&gt;
&lt;P&gt;In your case, since you're using the non-recommended&amp;nbsp;method of hard-coding your own access token in the app you distribute to users, you don't need to use the OAuth app authorization flow at all.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;For reference, the access token you get for your own account by using the "Generate" button on your app's page on &lt;A href="https://www.dropbox.com/developers/apps" target="_self"&gt;the App Console&lt;/A&gt; is functionally the same as an access token you would retrieve for your account via the OAuth app authorization flow.&lt;/P&gt;</description>
      <pubDate>Fri, 18 Oct 2019 20:14:21 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372549#M20980</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2019-10-18T20:14:21Z</dc:date>
    </item>
    <item>
      <title>Re: Invalid access token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372551#M20981</link>
      <description>This is sample code which iam using to make my user a client through access token.. am i making some mistake which can cause to my access token invalid?&lt;BR /&gt;&lt;BR /&gt;public class Main { private static final String ACCESS_TOKEN = "&amp;lt;ACCESS TOKEN&amp;gt;"; public static void main(String args[]) throws DbxException { // Create Dropbox client DbxRequestConfig config = DbxRequestConfig.newBuilder("dropbox/java-tutorial").build(); DbxClientV2 client = new DbxClientV2(config, ACCESS_TOKEN); }&lt;BR /&gt;&lt;BR /&gt;FullAccount account = client.users().getCurrentAccount();&lt;BR /&gt;&lt;BR /&gt;ListFolderResult result = client.files().listFolder(""); while (true) { for (Metadata metadata : result.getEntries()) { System.out.println(metadata.getPathLower()); } if (!result.getHasMore()) { break; } result = client.files().listFolderContinue(result.getCursor()); }</description>
      <pubDate>Fri, 18 Oct 2019 20:19:40 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372551#M20981</guid>
      <dc:creator>Muneebzzzz</dc:creator>
      <dc:date>2019-10-18T20:19:40Z</dc:date>
    </item>
    <item>
      <title>Re: Invalid access token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372553#M20982</link>
      <description>&lt;P&gt;No, there's nothing in this code that would invalidate the access token.&lt;/P&gt;
&lt;P&gt;Please refer to &lt;A href="https://www.dropboxforum.com/t5/API-Support-Feedback/Invalid-access-token/m-p/372484/highlight/true#M20974" target="_self"&gt;my earlier comment&lt;/A&gt; for a list of things that can disable an access token.&lt;/P&gt;</description>
      <pubDate>Fri, 18 Oct 2019 20:26:40 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372553#M20982</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2019-10-18T20:26:40Z</dc:date>
    </item>
    <item>
      <title>Re: Invalid access token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372554#M20983</link>
      <description>I have read them all and i didnot use any code which could lead my user to invalidate access token, my app was working fine for 10 months without any trouble but this month i have got two times invalid token exceptions and i do not know what could cause it, i have to update my app with new token each time</description>
      <pubDate>Fri, 18 Oct 2019 20:31:18 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372554#M20983</guid>
      <dc:creator>Muneebzzzz</dc:creator>
      <dc:date>2019-10-18T20:31:18Z</dc:date>
    </item>
    <item>
      <title>Re: Invalid access token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372556#M20984</link>
      <description>&lt;P&gt;While you yourself may not have revoked the token, it's possible someone who&amp;nbsp;downloaded your app did. Since you embedded your access token in the app, someone could extract it from the app and then use&amp;nbsp;&lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#auth-token-revoke" target="_self" rel="noopener noreferrer"&gt;/2/auth/token/revoke&lt;/A&gt; (or any other API endpoint) themselves. This is one of the reasons we don't&amp;nbsp;recommend distributing your own access token like this.&lt;/P&gt;</description>
      <pubDate>Fri, 18 Oct 2019 20:34:31 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372556#M20984</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2019-10-18T20:34:31Z</dc:date>
    </item>
    <item>
      <title>Re: Invalid access token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372562#M20985</link>
      <description>Yes you are right Greg, i have to secure my token.. one last question that iam not using app secret code in my app, is that code use for the auth process? And thanks for the quick response</description>
      <pubDate>Fri, 18 Oct 2019 20:58:14 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372562#M20985</guid>
      <dc:creator>Muneebzzzz</dc:creator>
      <dc:date>2019-10-18T20:58:14Z</dc:date>
    </item>
    <item>
      <title>Re: Invalid access token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372564#M20986</link>
      <description>&lt;P&gt;Yes, the app key and secret identify an app, and would be used in the OAuth app authorization flow.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;More specifically, Dropbox actually supports two forms of the OAuth app authorization flow: "code" and "token", &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize" target="_self"&gt;documented here&lt;/A&gt;. The "code" flow is generally intended for server-side apps, and requires both the app key and secret. The "token" flow is generally intended for client-side apps, and only requires the app key, and not the secret.&lt;/P&gt;</description>
      <pubDate>Fri, 18 Oct 2019 21:07:03 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372564#M20986</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2019-10-18T21:07:03Z</dc:date>
    </item>
    <item>
      <title>Re: Invalid access token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372566#M20987</link>
      <description>You explain so well Greg.. thanks alot for bearing me and giving your precious time &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@FBF7D2AB59A0D6E861EBF6A36F93B7E2/emoticons/1f642.png" alt=":slightly_smiling_face:" title=":slightly_smiling_face:" /&gt;</description>
      <pubDate>Fri, 18 Oct 2019 21:09:22 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372566#M20987</guid>
      <dc:creator>Muneebzzzz</dc:creator>
      <dc:date>2019-10-18T21:09:22Z</dc:date>
    </item>
    <item>
      <title>Re: Invalid access token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372567#M20988</link>
      <description>Actually iam not using app key in my code, only using access token</description>
      <pubDate>Fri, 18 Oct 2019 21:12:02 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/372567#M20988</guid>
      <dc:creator>Muneebzzzz</dc:creator>
      <dc:date>2019-10-18T21:12:02Z</dc:date>
    </item>
    <item>
      <title>Re: Invalid access token</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/373033#M20990</link>
      <description>&lt;P&gt;That's correct, as you've described it, your current setup involves you embedding your access token itself in your app, not your app key or secret, since you are not using the OAuth app authorization flow.&lt;/P&gt;
&lt;P&gt;If you were to use the OAuth app authorization flow, you would need to embed your app key, if using the "token" flow, or your app key and secret, if using the "code" flow.&lt;/P&gt;</description>
      <pubDate>Mon, 21 Oct 2019 14:18:57 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Invalid-access-token/m-p/373033#M20990</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2019-10-21T14:18:57Z</dc:date>
    </item>
  </channel>
</rss>

