Discuss Dropbox Developer & API
Hello,
I am trying to understand how I should work with an offline token?
Currently, I am using a token with 'no-expiration', but I have read the following in the documentation (https://developers.dropbox.com/oauth-guide) :
"
In the past, the Dropbox API used only long-lived access tokens. These are now deprecated, but will remain available as an option in the Developer console for compatibility until mid 2021.
"
First of all, is there an accurate deadline for the deprecation of this type of tokens?
Also, what should I do to use a token with an offline app?
I have also found this issue https://github.com/rclone/rclone/issues/5242 :
"
Here is the solution / workaround i have found.
If this does not change, it's just about a RClone config and behavior change in the future.
As stated on this page of Dropbox API, the refresh_token can be forced to be generated with the access_token if we register the OAUTH2 access with the token_access_type=offline parameter in the URI.
"
In addition, in the example code dropbox_python_sdk_eample there is an implementation of authorisation with 'token_access_type=offline'. By using this way I get an access token from a generated url. Is this type of token the new 'no-expiration' token? May I use this token for my app permanently?
Thanks in advance.
You can find more information on this migration in this blog post. That change, where Dropbox will no longer return new long-lived access tokens, is planned for September 30th, 2021.
Going forward, any apps that need long-term access should instead use short-lived access tokens with refresh tokens. An app can use a refresh token to get new short-lived access tokens for the user whenever needed, without further manual user interaction. An app gets a refresh token by requesting "offline" access.
That linked example shows an updated example implementation of using the OAuth flow via the Dropbox Python SDK to request offline access and get a refresh token, which is available in the "oauth_result.refresh_token" variable there. That enables the app to get long-term access without having the user manually re-authorize it repeatedly.
Refresh tokens can be stored and re-used for any particular app-user pair, just like long-lived access tokens could. Note though that, also like long-lived access tokens, refresh tokens can be revoked by the user or app at any time.
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!