Showing results for 
Show  only  | Search instead for 
Did you mean: 
We're looking to hear about your experience when using Dropbox in a web browser. What parts of Dropbox feels very slow to you and takes a lot of time to get done? What are you trying to do in the Dropbox web browser when you experience slowness? Tell us right here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Reply and help

Confirming token refresh in SwiftyDropbox

Confirming token refresh in SwiftyDropbox

Jon B.1
Collaborator | Level 8

As mentioned in another thread, I've been upgrading an app to use short-lived tokens...  and it's going very smoothly now.  So smoothly that I'm suspicious.

How can I confirm that it's not actually still using the old long-lived tokens?

We've changed the app setting on the Dropbox website to short-lived tokens ( least, I've been *told* they changed it...), and I'm using SwiftyDropbox 6.0.3's authorizeFromControllerV2 to handle the initial authorisation...  but I have yet to see Dropbox timeout and prompt for reauthorization under circumstances where I'd expect it to happen.

We had a test VM which was paused overnight...  nine hours later when resumed, it picked up smoothly.  Presumably it refreshed the token despite it having expired hours ago?  Quitting and relaunching the program didn't force a re-authorization either.  I'm currently waiting on the results of quitting the program, waiting at least four hours, and then starting up again.

Basically, is there any way to confirm that the tokens are actually short-lived ones and that the refreshes are happening?  Is it just a matter of extracting and inspecting the token and seeing that it's changed, or is the refresh information logged somewhere?

1 Reply 1

Re: Confirming token refresh in SwiftyDropbox


If you're using authorizeFromControllerV2, the SDK will take care of the rest for you automatically. It requests "offline" access, so it gets a refresh token, and uses that refresh token to automatically perform the refresh process to get new short-lived access tokens whenever needed, without requiring you to handle that in your own code. That process is done without user interaction.


If you want to check though, I expect you can peek inside the client using the debugger and look at the short-lived access token. You would need to check both before and after a particular call when a refresh is needed to actually see it change. I don't believe we explicitly log that anywhere in the client.


(Also, the SDK is open source, so you can follow through the code if you want, e.g., starting with authorizeFromControllerV2 here.)

Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropboxer
What do Dropbox user levels mean?
Need more support?