cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
What’s new: end-to-end encryption, Replay and Dash updates. Find out more about these updates, new features and more here.

Discuss Dropbox Developer & API

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Migration to short-lived token

Labels:

Migration to short-lived token

Andika Scofield
Explorer | Level 4
‎07-15-2021 03:13 AM
Go to solution

When migrating server from no expiration to short-lived token, what happen if my user still login with old flow (authorizeFromController)? is it still login? will logout directly? or will logout after 4 hours?

Labels:
  • 0 Likes
  • 3 Replies
  • 727 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
‎07-16-2021 04:52 AM
Go to solution

Yes, that's right.

 

If a user processed the flow with authorizeFromController before they change, they received a long-lived access token. Long-lived access tokens are now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, users can continue using those existing long-lived access token(s) even after the change.

View solution in original post

0 Likes
3 Replies 3

Greg-DB
Dropbox Staff
‎07-15-2021 07:14 AM
Go to solution

Once Dropbox stops issuing new long-lived access tokens, any users processing the old authorization flow, e.g., using authorizeFromController, will still be able to authorize the app but will receive new short-lived access tokens instead of new long-lived access tokens. That means that the app will only be access the account for four hours at a time, before the new short-lived access tokens expire and return a 401 error to the app, at which point it would need to have the user re-authorize the app (like it would if the user had explicitly revoked access to the app).

0 Likes

Andika Scofield
Explorer | Level 4
‎07-15-2021 06:38 PM
Go to solution

OK, I want to make sure again:
- User login use authorizeFromController with short-lived token -> will expire until 4 hours.
I've check in my app, it can't load the folder after 4 hours login.


But what happen if:

- User already login use authorizeFromController with no expiration token (before I change to short-lived), and then I change the token to short-lived. What happen after that?
I've checked in my app, I can access the folder even after 4 hours. Is it true?

0 Likes

Greg-DB
Dropbox Staff
‎07-16-2021 04:52 AM
Go to solution

Yes, that's right.

 

If a user processed the flow with authorizeFromController before they change, they received a long-lived access token. Long-lived access tokens are now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, users can continue using those existing long-lived access token(s) even after the change.

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    Andika Scofield Explorer | Level 4
What do Dropbox user levels mean?