We're upgrading from v1 to v2 and the new oauth2 is still not clear to me.
On the API documentation pages it says that the code authorization flow gives you the access token (after you used the given code) and there is also told about a refresh token? That implies that the access code now has a expiration date? I hope not.
I thought that the access tokens (for use as authorization bearer) were valid until revoked by user? So where are the refresh tokens for or are they optional? Can we just use the access tokens and use that until our customer revokes access? If not, how does the refresh tokens work? Please give some PHP / cURL examples if the refresh tokens are required.
The Dropbox API OAuth 2 implementation does not use refresh tokens. (Can you link to the part of the documentation that was confusing? We can look into clarifying it.)
Dropbox API OAuth 2 access tokens don't expire, but can be revoked at any time by the user or app.
Note that "authorization codes" are different, and do expire after a few minutes. They should only be used immediately once to get an access token.
The Dropbox API OAuth 2 implementation does not use refresh tokens. (Can you link to the part of the documentation that was confusing? We can look into clarifying it.)
Dropbox API OAuth 2 access tokens don't expire, but can be revoked at any time by the user or app.
Note that "authorization codes" are different, and do expire after a few minutes. They should only be used immediately once to get an access token.
Those two are effectively the same. The first one was built with API v1, but we added another route without that part of the URL since it can be used for both API v1 and API v2. You should use the second one, without the /1/.
