<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Access token and revoke in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/206598#M10040</link>
    <description>I did a "revoke" using the API explorer and tried to download a file, it came back and reported that&lt;BR /&gt;{&lt;BR /&gt;"error_summary": "invalid_access_token/...",&lt;BR /&gt;"error": {&lt;BR /&gt;".tag": "invalid_access_token"&lt;BR /&gt;}&lt;BR /&gt;}&lt;BR /&gt;&lt;BR /&gt;However, I could still get access to the files inside my App folder by making API calls using the same access token. How is this possible?</description>
    <pubDate>Mon, 13 Feb 2017 18:28:59 GMT</pubDate>
    <dc:creator>kgashok</dc:creator>
    <dc:date>2017-02-13T18:28:59Z</dc:date>
    <item>
      <title>Access token and revoke</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/192862#M8613</link>
      <description>&lt;P&gt;To whom it may concer,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;1. With the API version 2, will the api token get expired ever ?&lt;/P&gt;&lt;P&gt;2. Assuming I want to revoke the token by making a call to /auth/token/revoke. And then try to generate the token again, at this time, will be new token the same as the revoked one, or are they 2 different tokens ?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Thanks,&lt;/P&gt;</description>
      <pubDate>Wed, 29 May 2019 09:28:37 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/192862#M8613</guid>
      <dc:creator>neunygph</dc:creator>
      <dc:date>2019-05-29T09:28:37Z</dc:date>
    </item>
    <item>
      <title>Re: Access token and revoke</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/192900#M8619</link>
      <description>1. Access tokens for the Dropbox API, regardless of which version you're using, don't expire by themselves. Users and apps can explicitly revoke tokens though.&lt;BR /&gt;&lt;BR /&gt;2.  In this case, you'd get a new access token, not the old one.</description>
      <pubDate>Wed, 02 Nov 2016 18:40:08 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/192900#M8619</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2016-11-02T18:40:08Z</dc:date>
    </item>
    <item>
      <title>Re: Access token and revoke</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/192902#M8621</link>
      <description>Hi Greg,&lt;BR /&gt;&lt;BR /&gt;Since the token does not expired itself, is there a way or function from the api to validate the user to make sure the token will not be used by someone else, in case of browser hack or something like that ?&lt;BR /&gt;</description>
      <pubDate>Wed, 02 Nov 2016 18:45:30 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/192902#M8621</guid>
      <dc:creator>neunygph</dc:creator>
      <dc:date>2016-11-02T18:45:30Z</dc:date>
    </item>
    <item>
      <title>Re: Access token and revoke</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/192909#M8623</link>
      <description>&lt;P&gt;I'm not sure I understand your question, can you elaborate?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;In any case though, if you would want the access tokens to effectively expire, you can have your app explicitly&amp;nbsp;&lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#auth-token-revoke" target="_self"&gt;revoke&lt;/A&gt;&amp;nbsp;them on whatever schedule you want.&lt;/P&gt;</description>
      <pubDate>Wed, 02 Nov 2016 20:03:43 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/192909#M8623</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2016-11-02T20:03:43Z</dc:date>
    </item>
    <item>
      <title>Re: Access token and revoke</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/193099#M8648</link>
      <description>Hi Greg,&lt;BR /&gt;&lt;BR /&gt;Thanks for getting back to me and sorry for the late response. I understand the part that we need to have the token effectively expire and it is best to be stored on the app server, but for instance if I set the token to be a cookie and store on a user's browser and have it expires in 3 days, but somehow the token is exploited by accident and is being used by another different user before the token is expired. In another word, a token from user A is being used by user B (worse scenario). And if this happen, is there a way to validate this token when it's passed to the api to make sure the token belong to the correct user ?&lt;BR /&gt;&lt;BR /&gt;Thanks</description>
      <pubDate>Fri, 04 Nov 2016 15:19:07 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/193099#M8648</guid>
      <dc:creator>neunygph</dc:creator>
      <dc:date>2016-11-04T15:19:07Z</dc:date>
    </item>
    <item>
      <title>Re: Access token and revoke</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/193108#M8651</link>
      <description>&lt;P&gt;Thanks for elaborating! No, the API doesn't offer anything quite like that. If the user has any reason to believe their browser and/or access tokens have been compromised though, they can revoke sessions and tokens on their &lt;A href="https://www.dropbox.com/account/security" target="_self"&gt;account security page&lt;/A&gt;.&lt;/P&gt;</description>
      <pubDate>Fri, 04 Nov 2016 16:46:34 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/193108#M8651</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2016-11-04T16:46:34Z</dc:date>
    </item>
    <item>
      <title>Re: Access token and revoke</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/193110#M8652</link>
      <description>Ah ok, thanks Greg.</description>
      <pubDate>Fri, 04 Nov 2016 16:51:50 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/193110#M8652</guid>
      <dc:creator>neunygph</dc:creator>
      <dc:date>2016-11-04T16:51:50Z</dc:date>
    </item>
    <item>
      <title>Re: Access token and revoke</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/206598#M10040</link>
      <description>I did a "revoke" using the API explorer and tried to download a file, it came back and reported that&lt;BR /&gt;{&lt;BR /&gt;"error_summary": "invalid_access_token/...",&lt;BR /&gt;"error": {&lt;BR /&gt;".tag": "invalid_access_token"&lt;BR /&gt;}&lt;BR /&gt;}&lt;BR /&gt;&lt;BR /&gt;However, I could still get access to the files inside my App folder by making API calls using the same access token. How is this possible?</description>
      <pubDate>Mon, 13 Feb 2017 18:28:59 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/206598#M10040</guid>
      <dc:creator>kgashok</dc:creator>
      <dc:date>2017-02-13T18:28:59Z</dc:date>
    </item>
    <item>
      <title>Re: Access token and revoke</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/206604#M10041</link>
      <description>Hi kgashok, thanks for the report. I can't seem to reproduce this issue though. Are you sure you're using the same exact token? Revoking a token applies to that single token only, but any particular user-app pair can have multiple access tokens. &lt;BR /&gt;&lt;BR /&gt;If it's definitely the same token, please open an API ticket with the all of the relevant requests/responses so we can look into it:&lt;BR /&gt;&lt;BR /&gt;&lt;A href="https://www.dropbox.com/developers/contact" target="_blank"&gt;https://www.dropbox.com/developers/contact&lt;/A&gt;</description>
      <pubDate>Mon, 13 Feb 2017 18:57:06 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Access-token-and-revoke/m-p/206604#M10041</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2017-02-13T18:57:06Z</dc:date>
    </item>
  </channel>
</rss>

