cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
What’s new: end-to-end encryption, Replay and Dash updates. Find out more about these updates, new features and more here.

Discuss Dropbox Developer & API

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

help understanding token_access_type offline

Labels:

help understanding token_access_type offline

Linus_s_g
New member | Level 2
‎07-25-2021 07:33 AM

Hello,

I am trying to understand how I should work with an offline token?

Currently, I am using a token with 'no-expiration', but I have read the following in the documentation (https://developers.dropbox.com/oauth-guide) :

"

In the past, the Dropbox API used only long-lived access tokens. These are now deprecated, but will remain available as an option in the Developer console for compatibility until mid 2021.

"

First of all, is there an accurate deadline for the deprecation of this type of tokens?

Also, what should I do to use a token with an offline app?

I have also found this issue https://github.com/rclone/rclone/issues/5242 :

"

Here is the solution / workaround i have found.

If this does not change, it's just about a RClone config and behavior change in the future.

As stated on this page of Dropbox API, the refresh_token can be forced to be generated with the access_token if we register the OAUTH2 access with the token_access_type=offline parameter in the URI.

"

In addition, in the example code dropbox_python_sdk_eample there is an implementation of authorisation with 'token_access_type=offline'. By using this way I get an access token from a generated url. Is this type of token the new 'no-expiration' token? May I use this token for my app permanently?

 

Thanks in advance.

 

Labels:
  • 0 Likes
  • 1 Replies
  • 2,794 Views
0 Likes
1 Reply 1

Greg-DB
Dropbox Staff
‎07-26-2021 10:52 AM

You can find more information on this migration in this blog post. That change, where Dropbox will no longer return new long-lived access tokens, is planned for September 30th, 2021.

 

Going forward, any apps that need long-term access should instead use short-lived access tokens with refresh tokens. An app can use a refresh token to get new short-lived access tokens for the user whenever needed, without further manual user interaction. An app gets a refresh token by requesting "offline" access.

 

That linked example shows an updated example implementation of using the OAuth flow via the Dropbox Python SDK to request offline access and get a refresh token, which is available in the "oauth_result.refresh_token" variable there. That enables the app to get long-term access without having the user manually re-authorize it repeatedly.

 

Refresh tokens can be stored and re-used for any particular app-user pair, just like long-lived access tokens could. Note though that, also like long-lived access tokens, refresh tokens can be revoked by the user or app at any time.

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?