cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Check out the Dropbox cheat sheet for getting started in 2021 here!

Discuss Dropbox Developer & API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Access Token Revoke Problem

Access Token Revoke Problem

Explorer | Level 3

Hi. I have made an android app made of dropbox api which is published to google play and has over 5K downloads.

1) App name: IslamicDrpBx.

2) Iam using 'com.dropbox.core:dropbox-core-sdk' dependency to integrate with dropbox.

3) I generated an access token while creating my project on dropbox app console, and used that token to let my user's to fetch data from my dropbox using my android app, everything worked fine for months but after 7,8 months after getting 5K downloads suddenly my app stopped working and i figured out that my access token got revoked, i generated a new token and submit an update to my app and again my app started working. I again faced this issue after a week and every time i have to generate a new token and have to submit an update. Then i placed my token to firebase and iam amazed that again i face this issue a day before. I can assume that some body might be trying to harm my app and is revoking my token if he gets it someway. 

My Question is that what should i do to stop this because my users are getting affected. I realise that placing access token in app is not a good approach as it can be compromised. I studied about app key and secret key but i am sure how to use them. Kindly help me out. Below i am attaching some code where i am getting a client after using access token. What should i alternate in the below code to make my app safe

public class background extends AsyncTask<String, Integer, String> {

Picasso mPicasso;
ImageView mImageView;
public static Context context;
DbxClientV2 client;
public static Activity activity;

public static ArrayList<String> categories = new ArrayList<>();
public static ArrayList<FileMetadata> files = new ArrayList<>();

background(Activity activity) {
this.activity = activity;
}
background(ImageView mImageView) {
this.mImageView = mImageView;
}
ListFolderResult result2;
@RequiresApi(api = Build.VERSION_CODES.KITKAT)
@Override
public String doInBackground(String... strings) {
DbxRequestConfig config = new DbxRequestConfig("dropbox/IslamicDrpBx");
client = new DbxClientV2(config, ACCESS_TOKEN);
// Get current account info
FullAccount account = null;
try {
account = client.users().getCurrentAccount();
} catch (DbxException e) {
e.printStackTrace();
}
MainActivity.client = client;
PicassoClient.init(context, client);
mPicasso = PicassoClient.getPicasso();
ListFolderResult temp = null, subtemp;
try {
} catch (Exception e) {
e.printStackTrace();
}
ListFolderResult result = null, subResult;
try {
result = client.files().listFolder("");
for (int i = 0; i < result.getEntries().size(); i++)
categories.add(result.getEntries().get(i).getName());
} catch (DbxException e) {
e.printStackTrace();
}
try {
result2 = client.files().listFolder("");
while (true) {
for (Metadata metadata : result2.getEntries()) {
System.out.println(metadata.getPathLower()); //Never prints anything
}
if (!result2.getHasMore()) {
break;
}
result2 = client.files().listFolderContinue(result2.getCursor());
}
} catch (DbxException ex) {
System.out.println("EXCEPTION getting DropBox Files list: " + ex.getMessage());
}
return null;
}
@Override
public void onPostExecute(String r) {
super.onPostExecute(r);
Intent i = new Intent(activity, MenuMain.class);
i.setFlags(Intent.FLAG_ACTIVITY_NO_ANIMATION);
activity.startActivity(i);
activity.finish();
// Splash.splash_handler.removeCallbacksAndMessages(null);
} 
3 Replies 3

Re: Access Token Revoke Problem

Dropboxer

Embedding and distributing an access token in your app like this is not recommended or supported. It is not possible for client-side applications like this to keep secrets, as you mentioned.

The Dropbox API was designed with the intention that each user would link their own Dropbox account, to receive their own access token(s), in order to interact with their own files. 

That being the case, I recommend you use a different solution for distributing files to your users, such as a CDN.

Re: Access Token Revoke Problem

Explorer | Level 3

The theme of my app is teach the users about their religion. It is my requirement to provide them teachings about religion so the users must have to access the data from my dropbox in order to understand the religion. Is there any method which uses my dropbox's app/secret key in the application and from that the user is assigned a different access token for himself to access my dropbox? Means different users have different access token assigned. If not, then any other method for me so that i can stick to dropbox because i have huge amount of data already in dropbox 

Re: Access Token Revoke Problem

Dropboxer

When using the Dropbox API as intended, the app would use its app key/secret to send the user through the OAuth app authorization flow in order to get an access token for that particular user.

In that scenario, each user does get and only has access to a unique access token specific to them. The access token would only enable access to the user's own account though, not yours in particular.

Unfortunately I don't have a good solution using Dropbox for what you want to offer.

Polls
Are you starting new work habits this year?

Work Smarter with Dropbox

The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.

Sound good? Let's get started.
Who's talking

Top contributors to this post

What do Dropbox user levels mean?
Need more support?