As mentioned in another thread, I've been upgrading an app to use short-lived tokens... and it's going very smoothly now. So smoothly that I'm suspicious.
How can I confirm that it's not actually still using the old long-lived tokens?
We've changed the app setting on the Dropbox website to short-lived tokens (...at least, I've been *told* they changed it...), and I'm using SwiftyDropbox 6.0.3's authorizeFromControllerV2 to handle the initial authorisation... but I have yet to see Dropbox timeout and prompt for reauthorization under circumstances where I'd expect it to happen.
We had a test VM which was paused overnight... nine hours later when resumed, it picked up smoothly. Presumably it refreshed the token despite it having expired hours ago? Quitting and relaunching the program didn't force a re-authorization either. I'm currently waiting on the results of quitting the program, waiting at least four hours, and then starting up again.
Basically, is there any way to confirm that the tokens are actually short-lived ones and that the refreshes are happening? Is it just a matter of extracting and inspecting the token and seeing that it's changed, or is the refresh information logged somewhere?
If you're using authorizeFromControllerV2, the SDK will take care of the rest for you automatically. It requests "offline" access, so it gets a refresh token, and uses that refresh token to automatically perform the refresh process to get new short-lived access tokens whenever needed, without requiring you to handle that in your own code. That process is done without user interaction.
If you want to check though, I expect you can peek inside the client using the debugger and look at the short-lived access token. You would need to check both before and after a particular call when a refresh is needed to actually see it change. I don't believe we explicitly log that anywhere in the client.