<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: short-lived token expired in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/short-lived-token-expired/m-p/495514#M24712</link>
    <description>&lt;P&gt;Short-lived tokens are valid for four hours (note that this value is subject to change).&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;After a short lived token has expired, simply sending the user to re-auth and using the new token would be recommended for most web applications. The OAuth/redirect for an authorized app is typically automatic for an authorized app,&amp;nbsp; which is easy and low friction for end users.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;If your application requires background&amp;nbsp;access, then you should use refresh tokens. Refresh tokens do not expire, and will let your retrieve a new access token at any time - with SDKs automating this for you. Most web applications would not need refresh tokens; this is more commonly associated with mobile or server side apps.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;In the Java SDK, you'll want to use &lt;A href="https://dropbox.github.io/dropbox-sdk-java/api-docs/v3.1.x/com/dropbox/core/v2/DbxClientV2.html#DbxClientV2-com.dropbox.core.DbxRequestConfig-com.dropbox.core.oauth.DbxCredential-" target="_self"&gt;this constructor&lt;/A&gt; to pass the refresh token in the DbxCredential argument.&lt;/P&gt;</description>
    <pubDate>Wed, 10 Feb 2021 21:08:56 GMT</pubDate>
    <dc:creator>kylea</dc:creator>
    <dc:date>2021-02-10T21:08:56Z</dc:date>
    <item>
      <title>short-lived token expired</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/short-lived-token-expired/m-p/495291#M24707</link>
      <description>&lt;P&gt;I'm updating my code to use dropbox-core-sdk-3.1.5 instead of dropbox-core-sdk-3.1.1.&lt;BR /&gt;I've updated my app permission to use the short-lived access token in the Dropbox Console.&lt;/P&gt;
&lt;P&gt;When a user login into my app, she can connect her dropbox account, and the dropbox content is downloaded and shown.&lt;BR /&gt;But after 4h, she must reconnect the dropbox account since token is expired.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;How can I avoid this?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;My calls are&lt;/P&gt;
&lt;P&gt;// V2 api /oauth2/authorize&lt;BR /&gt;DbxWebAuth.Request authRequest = DbxWebAuth.newRequestBuilder()&lt;BR /&gt;.withRedirectUri(redirectUri, sessionStore)&lt;BR /&gt;.withTokenAccessType(TokenAccessType.OFFLINE)&lt;BR /&gt;.build();&lt;/P&gt;
&lt;P&gt;DbxWebAuth webAuth = new DbxWebAuth(reqConfig, appInfo);&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;then&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;// V2 api /oauth2/token&lt;BR /&gt;DbxWebAuth webAuth = new DbxWebAuth(reqConfig, appInfo);&lt;/P&gt;
&lt;P&gt;authFinish = webAuth.finishFromRedirect(&lt;BR /&gt;redirectUri, sessionStore, params);&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;And I use this authFinish to call the get the current account&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;// V2 api /2/users/get_current_account&lt;BR /&gt;DbxClientV2 dbxClient = new DbxClientV2(reqConfig, accessToken);&lt;BR /&gt;FullAccount fullAccount = dbxClient.users().getCurrentAccount();&lt;BR /&gt;return fullAccount;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Then I store the access token&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;AuthorizationToken token = new AuthorizationToken();&lt;BR /&gt;token.setExternalUserId(authFinish.getUserId());&lt;BR /&gt;token.setToken(authFinish.getAccessToken());&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Should I use the refresh_token instead of the access token?&lt;/P&gt;
&lt;P&gt;Should I check the expires time, and recall the /oauth2/token specifying grant_type=refresh_token ?&lt;/P&gt;</description>
      <pubDate>Wed, 10 Feb 2021 17:55:16 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/short-lived-token-expired/m-p/495291#M24707</guid>
      <dc:creator>luigia</dc:creator>
      <dc:date>2021-02-10T17:55:16Z</dc:date>
    </item>
    <item>
      <title>Re: short-lived token expired</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/short-lived-token-expired/m-p/495514#M24712</link>
      <description>&lt;P&gt;Short-lived tokens are valid for four hours (note that this value is subject to change).&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;After a short lived token has expired, simply sending the user to re-auth and using the new token would be recommended for most web applications. The OAuth/redirect for an authorized app is typically automatic for an authorized app,&amp;nbsp; which is easy and low friction for end users.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;If your application requires background&amp;nbsp;access, then you should use refresh tokens. Refresh tokens do not expire, and will let your retrieve a new access token at any time - with SDKs automating this for you. Most web applications would not need refresh tokens; this is more commonly associated with mobile or server side apps.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;In the Java SDK, you'll want to use &lt;A href="https://dropbox.github.io/dropbox-sdk-java/api-docs/v3.1.x/com/dropbox/core/v2/DbxClientV2.html#DbxClientV2-com.dropbox.core.DbxRequestConfig-com.dropbox.core.oauth.DbxCredential-" target="_self"&gt;this constructor&lt;/A&gt; to pass the refresh token in the DbxCredential argument.&lt;/P&gt;</description>
      <pubDate>Wed, 10 Feb 2021 21:08:56 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/short-lived-token-expired/m-p/495514#M24712</guid>
      <dc:creator>kylea</dc:creator>
      <dc:date>2021-02-10T21:08:56Z</dc:date>
    </item>
    <item>
      <title>Re: short-lived token expired</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/short-lived-token-expired/m-p/496460#M24738</link>
      <description>&lt;P&gt;yes, my app needs to interact with the Dropbox API without user input.&lt;/P&gt;&lt;P&gt;What do you mean with "SDKs automating this for you" ?&lt;/P&gt;&lt;P&gt;I'm using the sdk 3.1.5 calling /oauth2/authorize with TokenAccessType.OFFLINE.&lt;/P&gt;&lt;P&gt;Should I check DbxWebAuth .getExpiresAt() and if needed, I should require a new token using the refresh_token as explained here ?&lt;/P&gt;&lt;P&gt;&lt;A href="https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens#updating-access-token-type" target="_blank"&gt;https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens#updating-access-token-type&lt;/A&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;thanks for you help&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Mon, 15 Feb 2021 07:28:31 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/short-lived-token-expired/m-p/496460#M24738</guid>
      <dc:creator>luigia</dc:creator>
      <dc:date>2021-02-15T07:28:31Z</dc:date>
    </item>
    <item>
      <title>Re: short-lived token expired</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/short-lived-token-expired/m-p/496587#M24742</link>
      <description>&lt;P&gt;If you request "offline" access like that, you'll get a refresh token that can be used to programmatically get a new short-lived access token whenever needed. If you use &lt;A href="https://dropbox.github.io/dropbox-sdk-java/api-docs/v3.1.x/com/dropbox/core/v2/DbxClientV2.html#DbxClientV2-com.dropbox.core.DbxRequestConfig-com.dropbox.core.oauth.DbxCredential-" target="_self"&gt;the constructor&lt;/A&gt; my colleague linked to, supplying your refresh token, app key, and app secret (if not using PKCE) in the &lt;A href="https://dropbox.github.io/dropbox-sdk-java/api-docs/v3.1.x/com/dropbox/core/oauth/DbxCredential.html" target="_self"&gt;DbxCredential&lt;/A&gt;, the Java SDK will automatically check the expiration and retrieve a new short-lived access token for you, so you that don't need to implement that yourself.&lt;/P&gt;</description>
      <pubDate>Mon, 15 Feb 2021 16:11:24 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/short-lived-token-expired/m-p/496587#M24742</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2021-02-15T16:11:24Z</dc:date>
    </item>
  </channel>
</rss>

