cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Discuss Dropbox Developer & API

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Migration to short-lived token

Labels:

Migration to short-lived token

Andika Scofield
Explorer | Level 4
‎07-15-2021 03:13 AM
Go to solution

When migrating server from no expiration to short-lived token, what happen if my user still login with old flow (authorizeFromController)? is it still login? will logout directly? or will logout after 4 hours?

Labels:
  • 0 Likes
  • 3 Replies
  • 712 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
‎07-16-2021 04:52 AM
Go to solution

Yes, that's right.

 

If a user processed the flow with authorizeFromController before they change, they received a long-lived access token. Long-lived access tokens are now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, users can continue using those existing long-lived access token(s) even after the change.

View solution in original post

0 Likes
3 Replies 3

Greg-DB
Dropbox Staff
‎07-15-2021 07:14 AM
Go to solution

Once Dropbox stops issuing new long-lived access tokens, any users processing the old authorization flow, e.g., using authorizeFromController, will still be able to authorize the app but will receive new short-lived access tokens instead of new long-lived access tokens. That means that the app will only be access the account for four hours at a time, before the new short-lived access tokens expire and return a 401 error to the app, at which point it would need to have the user re-authorize the app (like it would if the user had explicitly revoked access to the app).

0 Likes

Andika Scofield
Explorer | Level 4
‎07-15-2021 06:38 PM
Go to solution

OK, I want to make sure again:
- User login use authorizeFromController with short-lived token -> will expire until 4 hours.
I've check in my app, it can't load the folder after 4 hours login.


But what happen if:

- User already login use authorizeFromController with no expiration token (before I change to short-lived), and then I change the token to short-lived. What happen after that?
I've checked in my app, I can access the folder even after 4 hours. Is it true?

0 Likes

Greg-DB
Dropbox Staff
‎07-16-2021 04:52 AM
Go to solution

Yes, that's right.

 

If a user processed the flow with authorizeFromController before they change, they received a long-lived access token. Long-lived access tokens are now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, users can continue using those existing long-lived access token(s) even after the change.

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    Andika Scofield Explorer | Level 4
What do Dropbox user levels mean?