cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Share your feedback on the Document Scanning Experience in the Dropbox App right here.

Discuss Dropbox Developer & API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Authorization code flow <AUTHORIZATION_CODE> expiration of offline token access type

Authorization code flow <AUTHORIZATION_CODE> expiration of offline token access type

mitkola
Explorer | Level 3
Go to solution

Hi!

I want to get long live connection from an application to Dropbox App folder.

The recommended OAuth authorization in that case is authorization code flow with offline token access type.

After initial authorization application get <AUTHORIZATION_CODE>, <ACCESS_TOKEN> and <REFRESH_TOKEN>.
Is the <AUTHORIZATION_CODE>/<REFRESH_TOKEN> expires and how long for *offline* token access type?

1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
Go to solution

Whether using "offline" access or not, "authorization codes" can each only be used once, and are only valid for a short period of time. Apps should use authorization codes once immediately upon receiving them.

 

"Refresh tokens" do not expire by default, and can be stored and re-used repeatedly for further API calls without the user present. Refresh tokens can be revoked on demand though.

View solution in original post

1 Reply 1

Greg-DB
Dropbox Staff
Go to solution

Whether using "offline" access or not, "authorization codes" can each only be used once, and are only valid for a short period of time. Apps should use authorization codes once immediately upon receiving them.

 

"Refresh tokens" do not expire by default, and can be stored and re-used repeatedly for further API calls without the user present. Refresh tokens can be revoked on demand though.

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?