cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Confirming token refresh in SwiftyDropbox

Confirming token refresh in SwiftyDropbox

Jon B.1
Collaborator | Level 9

As mentioned in another thread, I've been upgrading an app to use short-lived tokens...  and it's going very smoothly now.  So smoothly that I'm suspicious.

How can I confirm that it's not actually still using the old long-lived tokens?

We've changed the app setting on the Dropbox website to short-lived tokens (...at least, I've been *told* they changed it...), and I'm using SwiftyDropbox 6.0.3's authorizeFromControllerV2 to handle the initial authorisation...  but I have yet to see Dropbox timeout and prompt for reauthorization under circumstances where I'd expect it to happen.

We had a test VM which was paused overnight...  nine hours later when resumed, it picked up smoothly.  Presumably it refreshed the token despite it having expired hours ago?  Quitting and relaunching the program didn't force a re-authorization either.  I'm currently waiting on the results of quitting the program, waiting at least four hours, and then starting up again.

Basically, is there any way to confirm that the tokens are actually short-lived ones and that the refreshes are happening?  Is it just a matter of extracting and inspecting the token and seeing that it's changed, or is the refresh information logged somewhere?

1 Reply 1

Greg-DB
Dropbox Staff

If you're using authorizeFromControllerV2, the SDK will take care of the rest for you automatically. It requests "offline" access, so it gets a refresh token, and uses that refresh token to automatically perform the refresh process to get new short-lived access tokens whenever needed, without requiring you to handle that in your own code. That process is done without user interaction.

 

If you want to check though, I expect you can peek inside the client using the debugger and look at the short-lived access token. You would need to check both before and after a particular call when a refresh is needed to actually see it change. I don't believe we explicitly log that anywhere in the client.

 

(Also, the SDK is open source, so you can follow through the code if you want, e.g., starting with authorizeFromControllerV2 here.)

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?