cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Are you interested in hearing how one of our Community members uses Dropbox for sailing trips? Read all about it here.

Discuss Dropbox Developer & API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Migration to short-lived token

Migration to short-lived token

Andika Scofield
Explorer | Level 4
Go to solution

When migrating server from no expiration to short-lived token, what happen if my user still login with old flow (authorizeFromController)? is it still login? will logout directly? or will logout after 4 hours?

1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
Go to solution

Yes, that's right.

 

If a user processed the flow with authorizeFromController before they change, they received a long-lived access token. Long-lived access tokens are now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, users can continue using those existing long-lived access token(s) even after the change.

View solution in original post

3 Replies 3

Greg-DB
Dropbox Staff
Go to solution

Once Dropbox stops issuing new long-lived access tokens, any users processing the old authorization flow, e.g., using authorizeFromController, will still be able to authorize the app but will receive new short-lived access tokens instead of new long-lived access tokens. That means that the app will only be access the account for four hours at a time, before the new short-lived access tokens expire and return a 401 error to the app, at which point it would need to have the user re-authorize the app (like it would if the user had explicitly revoked access to the app).

Andika Scofield
Explorer | Level 4
Go to solution

OK, I want to make sure again:
- User login use authorizeFromController with short-lived token -> will expire until 4 hours.
I've check in my app, it can't load the folder after 4 hours login.


But what happen if:

- User already login use authorizeFromController with no expiration token (before I change to short-lived), and then I change the token to short-lived. What happen after that?
I've checked in my app, I can access the folder even after 4 hours. Is it true?

Greg-DB
Dropbox Staff
Go to solution

Yes, that's right.

 

If a user processed the flow with authorizeFromController before they change, they received a long-lived access token. Long-lived access tokens are now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, users can continue using those existing long-lived access token(s) even after the change.

Need more support?