cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Share your feedback on the Document Scanning Experience in the Dropbox App right here.

Discuss Dropbox Developer & API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Seamless migration from non-expiring access token to refresh token?

Seamless migration from non-expiring access token to refresh token?

Mark R.43
New member | Level 2
Go to solution

Hello,

 

We have an existing application that integrates with Dropbox via the .NET SDK. The application currently acquires user consent once and then stores a non-expiring access token for future use. We'd like to migrate to using short-lived access tokens, and wish to do so with minimal user interaction.

 

Switching to short-lived access tokens seems clear cut - we need to convert to storing a refresh token that can be used to request short-lived access tokens. However, we'd like to do this without asking the user to re-authorize. Is there a way to exchange a non-expiring access token for a refresh token without user interaction?

 

- Mark

1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
Go to solution

It's not possible to exchange a long-lived access token for a refresh token, however it is not necessary to make existing connected users switch anyway. Existing long-lived access tokens can continue to be used, as we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.)

View solution in original post

2 Replies 2

Greg-DB
Dropbox Staff
Go to solution

It's not possible to exchange a long-lived access token for a refresh token, however it is not necessary to make existing connected users switch anyway. Existing long-lived access tokens can continue to be used, as we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.)

Mark R.43
New member | Level 2
Go to solution

Hi Greg,

 

Thanks for your reply.

 

>  Existing long-lived access tokens can continue to be used, as we don't currently have a plan to disable...

 

If I hover over the access token expiration icon in the dev console, it states that "long-lived tokens are less secure and will be deprecated in the future". I interpreted this to mean that long-lived tokens would be deprecated for *existing* applications (at some point) and we wanted to get ahead of that change.

 

Good to hear that we can leave it alone for the time being, and thanks again!

 

- Mark

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Mark R.43 New member | Level 2
  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?