I noticed that some subset of my users' authorizations become invalid after some time and I do not believe that the users explicitly revoke my Application access. Is it possible that the authorization is revoked after the application folder has been idle/without modifications for some time (e.g. after a year or two)? If that is the case, is there any way to prevent this from happening? Note that I'm not talking about short lived access tokens here (which are marked as "token expired" error - these are addressed with refresh tokens and work fine). What I'm seeing is a more permanent failure ("invalid token"). These users have static files in the app folder for read access by the application.
As a workaround I'm sending an email to users once a year or so and ask them to re-authorize the app.. But there is probably a better way to handle that.
By default, Dropbox API authorizations for your app don't become invalid and yield'invalid_access_token' by themselves, but there a number of different ways that a Dropbox API access token can become invalid, including:
the user (or team admin) can revoke all access tokens for an app by unlinking it on any of the following Dropbox web pages:
if the app uses the"app folder" access type, the access token can effectively be disabled by deleting the app folder itself in the Dropbox account, via the Dropbox website or any client
Thank you for the info. Does the user account itself become inactive after a while? Lets say a user signed up for the app, authorized the folder with some content (in my case they are sound samples) and then logged off and never logged back in... Would user's inactivity at the dropbox site eventually put them in some sort of a dormant or archived state? I can't think of a likely reason for losing access from the ones you listed above.. thanks.
Yes, inactive accounts may be automatically disabled after a long period of time. You can find information on that here.
It sounds like your app uses "app folder" access though, so it may be likely that some users are accidentally deleting the app folder, since that can be done from any connected client or the web site.
In any case, if the Dropbox API doesn't appear to be working as expected, feel free to contact support by opening an API ticket with some samples and we can look into it.
I see this makes more sense now. I appreciate the explanation. One last question : if my app makes some io to the app folder (eg. saves a new file) would that be sufficient to maintain access and prevent an account from idle deactivation?
I suspect that some of my users, even though interested in sharing, simply forget about their account once they published the files. They continue to access the files via a separate search web site which uses the token to retrieve the files on demand and after a year or two suddenly no longer able to access them.
