Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
Hi,
I have an iOS objective c application connected with dropbox SDK.
We are using generated access token to access apps folder from my BD account.
client = [[DBUserClient alloc] initWithAccessToken:@"sl.BThRWss....."];
But this Generated access token expires after sometime. What is the possible solution so that it doesnt expire or get a refreshed access token.
Note that we need to use the generated access token approach other than oAuth flow.
Can you provide any code sample in Objective c to get this refreshed token or how we can achieve this?
Thanks,
@SneYellow46 wrote:...
Note that we need to use the generated access token approach other than oAuth flow.
...
Hi @SneYellow46,
You can't use generated access token for long term access. All access tokens are short lived (including generated). You may retrieve refresh token in separate application (so one OAuth flow has to be performed once, at least) and after that embed this token and reuse it. Such an approach is suitable for server side use only! Be careful. Usage of any long term embedded token is NOT good idea for client side application.
Hope this helps.
Hi,
Thanks for the reply @Здравко .
Do you mean we have to make oAuth flow from my application once and get access token and use it later do distribute to other users to grant access?
Or how could this work in my mobile application?
@SneYellow46 wrote:...
Do you mean we have to make oAuth flow from my application once and get access token and use it later do distribute to other users to grant access?
...
No, no, no... You said that you need generated access token. That was related to this - nothing more!!! I said, such a solution is suitable for server side application only (in the same context).
@SneYellow46 wrote:...
Or how could this work in my mobile application?
On mobile application on every install you should perform OAuth flow and keep the refresh token (at least). Once authentication info is available you can just create a client object and use it... That's it.
Oh okay @Здравко .
Yes that is the issue, the data resides on our dropbox and we dont want to give users access to our dropbox credentials that is why don't want to use oAuth flow.
We had done this few years back, that time DB project had option to make Generated access token Long-lived/No Expiration time. That options isn't available anymore.
@SneYellow46 wrote:...
Yes that is the issue, the data resides on our dropbox and we dont want to give users access to our dropbox credentials that is why don't want to use oAuth flow.
...
🤔🤨🤷 Just opposite!!!
That's why I told you that embedding any long lived token is not good idea for something different than server side application. 😉 Only on server only you will have access there. On client side everybody has access. Exactly that's why OAuth is used! In such a way you don't have to pass any tokens. They will be generated on the user installing you application side (your application gonna generated them there actually). 🙂 Seems you are falling in some confusion.
Hope this helps.
No I understand the flow of the DB SDK or any Auth provider in that case.
But yeah, we wanted our application to be distributed to few users directly with embedded access token so that that they just install the app and start accessing data/files from our DB account within the application.
Thanks for the information.
@SneYellow46 wrote:..., we wanted our application to be distributed to few users directly with embedded access token so that that they just install the app and start accessing data/files from our DB account within the application.
...
In such a case you can count it as something like server side application (server side application - not literal - on phone). It's your responsibility to restrict the access to your account! Take in mind that, in such case, everybody accessing/installing your application will have access to your account. Is it acceptable? 🤔...
Good luck.
Yes this is for few of our client. We will provide them tokens manually and they have to enter it to get access. So in such case is it possible to refresh the token from the mobile side without oAuth flow?.
@SneYellow46 wrote:... So in such case is it possible to refresh the token from the mobile side without oAuth flow?.
Yes, it is. Once refresh token is available the refresh can be done on any platform; not only on mobile (as a process it's the same; just a call to Dropbox server whenever needed without any user interaction). 😉
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!