We’re Still Here to Help (Even Over the Holidays!) - find out more here.
Forum Discussion
Getting refreshed access token from Generated access tokem
Hi,
I have an iOS objective c application connected with dropbox SDK.
We are using generated access token to access apps folder from my BD account.
client = [[DBUserClient alloc] initWithAccessToken:@"sl.BThRWss....."];
But this Generated access token expires after sometime. What is the possible solution so that it doesnt expire or get a refreshed access token.
Note that we need to use the generated access token approach other than oAuth flow.
Can you provide any code sample in Objective c to get this refreshed token or how we can achieve this?
Thanks,
14 Replies
Replies have been turned off for this discussion
SneYellow46 wrote:...
Note that we need to use the generated access token approach other than oAuth flow.
...
Hi SneYellow46,
You can't use generated access token for long term access. All access tokens are short lived (including generated). You may retrieve refresh token in separate application (so one OAuth flow has to be performed once, at least) and after that embed this token and reuse it. Such an approach is suitable for server side use only! Be careful. Usage of any long term embedded token is NOT good idea for client side application.
Hope this helps.
Hi,
Thanks for the reply Здравко .
Do you mean we have to make oAuth flow from my application once and get access token and use it later do distribute to other users to grant access?
Or how could this work in my mobile application?
SneYellow46 wrote:...
Do you mean we have to make oAuth flow from my application once and get access token and use it later do distribute to other users to grant access?
...
No, no, no... You said that you need generated access token. That was related to this - nothing more!!! I said, such a solution is suitable for server side application only (in the same context).
SneYellow46 wrote:...
Or how could this work in my mobile application?
On mobile application on every install you should perform OAuth flow and keep the refresh token (at least). Once authentication info is available you can just create a client object and use it... That's it.
Oh okay Здравко .
Yes that is the issue, the data resides on our dropbox and we dont want to give users access to our dropbox credentials that is why don't want to use oAuth flow.
We had done this few years back, that time DB project had option to make Generated access token Long-lived/No Expiration time. That options isn't available anymore.
SneYellow46 wrote:...
Yes that is the issue, the data resides on our dropbox and we dont want to give users access to our dropbox credentials that is why don't want to use oAuth flow.
...
🤔🤨🤷 Just opposite!!!
That's why I told you that embedding any long lived token is not good idea for something different than server side application. 😉 Only on server only you will have access there. On client side everybody has access. Exactly that's why OAuth is used! In such a way you don't have to pass any tokens. They will be generated on the user installing you application side (your application gonna generated them there actually). 🙂 Seems you are falling in some confusion.
Hope this helps.
No I understand the flow of the DB SDK or any Auth provider in that case.
But yeah, we wanted our application to be distributed to few users directly with embedded access token so that that they just install the app and start accessing data/files from our DB account within the application.
Thanks for the information.
SneYellow46 wrote:..., we wanted our application to be distributed to few users directly with embedded access token so that that they just install the app and start accessing data/files from our DB account within the application.
...
In such a case you can count it as something like server side application (server side application - not literal - on phone). It's your responsibility to restrict the access to your account! Take in mind that, in such case, everybody accessing/installing your application will have access to your account. Is it acceptable? 🤔...
Good luck.
Yes this is for few of our client. We will provide them tokens manually and they have to enter it to get access. So in such case is it possible to refresh the token from the mobile side without oAuth flow?.
SneYellow46 wrote:... So in such case is it possible to refresh the token from the mobile side without oAuth flow?.
Yes, it is. Once refresh token is available the refresh can be done on any platform; not only on mobile (as a process it's the same; just a call to Dropbox server whenever needed without any user interaction). 😉
How I will get the refresh token from generated token? Or you are suggesting some other approach?
is there any sample available for objective-c dropbox SDK?
I know that using oAuth flow tokens are refreshed automatically by DB SDK. But in my case what is the solution?
Thanks,
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
