cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Getting refreshed access token from Generated access tokem

Getting refreshed access token from Generated access tokem

SneYellow46
Explorer | Level 4

Hi,

I have an iOS objective c application connected with dropbox SDK.

 

We are using generated access token to access apps folder from my BD account.

 

 

 

client = [[DBUserClient alloc] initWithAccessToken:@"sl.BThRWss....."];

 

 

 

But this Generated access token expires after sometime. What is the possible solution so that it doesnt expire or get a refreshed access token.

Note that we need to use the generated access token approach other than oAuth flow. 

Can you provide any code sample in Objective c to get this refreshed token or how we can achieve this?

 

Thanks,

14 Replies 14

Здравко
Legendary | Level 20

@SneYellow46 wrote:

...

Note that we need to use the generated access token approach other than oAuth flow. 

...


Hi @SneYellow46,

You can't use generated access token for long term access. All access tokens are short lived (including generated). You may retrieve refresh token in separate application (so one OAuth flow has to be performed once, at least) and after that embed this token and reuse it. Such an approach is suitable for server side use only! Be careful. Usage of any long term embedded token is NOT good idea for client side application.

Hope this helps.

SneYellow46
Explorer | Level 4

Hi,

Thanks for the reply @Здравко .

Do you mean we have to make oAuth flow from my application once and get access token and use it later do distribute to other users to grant access?

Or how could this work in my mobile application?

 

Здравко
Legendary | Level 20

@SneYellow46 wrote:

...

Do you mean we have to make oAuth flow from my application once and get access token and use it later do distribute to other users to grant access?

...


No, no, no... You said that you need generated access token. That was related to this - nothing more!!! I said, such a solution is suitable for server side application only (in the same context).

 


@SneYellow46 wrote:

...

Or how could this work in my mobile application?


On mobile application on every install you should perform OAuth flow and keep the refresh token (at least). Once authentication info is available you can just create a client object and use it... That's it.

SneYellow46
Explorer | Level 4

Oh okay @Здравко .

Yes that is the issue, the data resides on our dropbox and we dont want to give users access to our dropbox credentials that is why don't want to use oAuth flow.

We had done this few years back, that time DB project had option to make Generated access token Long-lived/No Expiration time. That options isn't available anymore.

Здравко
Legendary | Level 20

@SneYellow46 wrote:

...

Yes that is the issue, the data resides on our dropbox and we dont want to give users access to our dropbox credentials that is why don't want to use oAuth flow.

...


🤔🤨🤷 Just opposite!!!

That's why I told you that embedding any long lived token is not good idea for something different than server side application. 😉 Only on server only you will have access there. On client side everybody has access. Exactly that's why OAuth is used! In such a way you don't have to pass any tokens. They will be generated on the user installing you application side (your application gonna generated them there actually). 🙂 Seems you are falling in some confusion.

Hope this helps.

SneYellow46
Explorer | Level 4

No I understand the flow of the DB SDK or any Auth provider in that case.

 

But yeah, we wanted our application to be distributed to few users directly with embedded access token so that that they just install the app and start accessing data/files from our DB account within the application.

 

 

 

Thanks for the information. 

Здравко
Legendary | Level 20

@SneYellow46 wrote:

..., we wanted our application to be distributed to few users directly with embedded access token so that that they just install the app and start accessing data/files from our DB account within the application.

...


In such a case you can count it as something like server side application (server side application - not literal - on phone). It's your responsibility to restrict the access to your account! Take in mind that, in such case, everybody accessing/installing your application will have access to your account. Is it acceptable? 🤔...

Good luck.

SneYellow46
Explorer | Level 4

Yes this is for few of our client. We will provide them tokens manually and they have to enter it to get access. So in such case is it possible to refresh the token from the mobile side without oAuth flow?.

Здравко
Legendary | Level 20

@SneYellow46 wrote:

... So in such case is it possible to refresh the token from the mobile side without oAuth flow?.


Yes, it is. Once refresh token is available the refresh can be done on any platform; not only on mobile (as a process it's the same; just a call to Dropbox server whenever needed without any user interaction). 😉

Need more support?