<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Short lived token - Android user experience in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Short-lived-token-Android-user-experience/m-p/479724#M24211</link>
    <description>&lt;P&gt;Your description of the current (long-lived) implementation looks correct. The exceptions are if the user or app unlinks the app or revokes the token, in which case the user would need to re-authorize the app, and in that case, if they've since signed out of the app/web site, they'd need to sign in again to do so.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;For the new (short-lived) implementation though, as long as you use the official&amp;nbsp;Dropbox Java SDK as provided, you can get effectively the same behavior (from the user's perspective) as the long-lived implementation. To do so, you would start the authorization flow using&amp;nbsp;startOAuth2PKCE (instead of&amp;nbsp;startOAuth2Authentication) &lt;A href="https://github.com/dropbox/dropbox-sdk-java/blob/master/examples/android/src/main/java/com/dropbox/core/examples/android/DropboxActivity.java#L93" target="_self"&gt;as shown here&lt;/A&gt;, and handle the result &lt;A href="https://github.com/dropbox/dropbox-sdk-java/blob/master/examples/android/src/main/java/com/dropbox/core/examples/android/DropboxActivity.java#L29" target="_self"&gt;as shown here&lt;/A&gt;. When you do so, the credential will include both a short-lived access token as well as a refresh token, and the SDK will automatically handle expired short-lived access tokens for you by performing the refresh in the background.&lt;/P&gt;</description>
    <pubDate>Tue, 15 Dec 2020 22:00:20 GMT</pubDate>
    <dc:creator>Greg-DB</dc:creator>
    <dc:date>2020-12-15T22:00:20Z</dc:date>
    <item>
      <title>Short lived token - Android user experience</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Short-lived-token-Android-user-experience/m-p/479662#M24209</link>
      <description>&lt;P&gt;What should the user experience be like for someone using my Android app after migration to short-lived access tokens?&amp;nbsp; Currently we save a long-lived token in persistent storage for the app, so the user normally only authenticates once for the life of the app.&amp;nbsp; It seems that the user authentication happens either in Dropbox app (if the user has installed it on their mobile device) or in a browser (if the user has not installed the Dropbox app.)&amp;nbsp; In either case, the user has to enter an ID and a password the first time.&amp;nbsp; Thereafter, the user is only shown a prompt to accept or reject the authentication request, but no more need to enter the Dropbox ID and password.&amp;nbsp; This happens with either the Dropbox app authentication or the browser authentication.&amp;nbsp; Do I have that right?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;So after migration, new users will do the same thing, but my app will get a short lived token.&amp;nbsp; I gather there is no reason for me to store this token beyond that one session anymore since it will have expired by the next day at least.&amp;nbsp; Therefore my app should behave the same the next session, by initiating an authentication request that requires user interaction (but no passwords) at every session.&amp;nbsp; Do I have that right too?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Finally, suppose I made the mistake of trying to use a short term token after it had expired.&amp;nbsp; &amp;nbsp;For example, when I want to upload files from the mobile device to my App Folder in Dropbox, the first API call I make is:&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;PRE&gt;DBXfer.&lt;SPAN&gt;sDbxClient&lt;/SPAN&gt;.files().listFolder(dir);&lt;/PRE&gt;
&lt;P&gt;inside a try block, and one of the exceptions I check in the "catch" block is&amp;nbsp;&lt;/P&gt;
&lt;PRE&gt;InvalidAccessTokenException&lt;/PRE&gt;
&lt;P&gt;Is that what will happen if I use the short lived token after it expires?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 15 Dec 2020 20:12:04 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Short-lived-token-Android-user-experience/m-p/479662#M24209</guid>
      <dc:creator>Robert S.138</dc:creator>
      <dc:date>2020-12-15T20:12:04Z</dc:date>
    </item>
    <item>
      <title>Re: Short lived token - Android user experience</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Short-lived-token-Android-user-experience/m-p/479724#M24211</link>
      <description>&lt;P&gt;Your description of the current (long-lived) implementation looks correct. The exceptions are if the user or app unlinks the app or revokes the token, in which case the user would need to re-authorize the app, and in that case, if they've since signed out of the app/web site, they'd need to sign in again to do so.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;For the new (short-lived) implementation though, as long as you use the official&amp;nbsp;Dropbox Java SDK as provided, you can get effectively the same behavior (from the user's perspective) as the long-lived implementation. To do so, you would start the authorization flow using&amp;nbsp;startOAuth2PKCE (instead of&amp;nbsp;startOAuth2Authentication) &lt;A href="https://github.com/dropbox/dropbox-sdk-java/blob/master/examples/android/src/main/java/com/dropbox/core/examples/android/DropboxActivity.java#L93" target="_self"&gt;as shown here&lt;/A&gt;, and handle the result &lt;A href="https://github.com/dropbox/dropbox-sdk-java/blob/master/examples/android/src/main/java/com/dropbox/core/examples/android/DropboxActivity.java#L29" target="_self"&gt;as shown here&lt;/A&gt;. When you do so, the credential will include both a short-lived access token as well as a refresh token, and the SDK will automatically handle expired short-lived access tokens for you by performing the refresh in the background.&lt;/P&gt;</description>
      <pubDate>Tue, 15 Dec 2020 22:00:20 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Short-lived-token-Android-user-experience/m-p/479724#M24211</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2020-12-15T22:00:20Z</dc:date>
    </item>
  </channel>
</rss>

