cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Looking for some photography tips this holiday period? You can find some in our Photographers Group here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to handle OAuth2 keys if they only last four hours

Labels:

How to handle OAuth2 keys if they only last four hours

charlesfish
Explorer | Level 3
‎01-15-2021 11:53 AM
Go to solution

Hey guys,

 

I developed a Dropbox app using Dropbox developers that is supposed to be used to upgrade a TI MCU over the air. I noticed that there is a note that the "no expiration" option for the OAuth2 key that says that it is going to be deprecated. The only other option looks like the tokens expire every four hours. How are we supposed to run OTA updates on firmware if the token is expiring every four hours? The token is stored in firmware on the MCU side, so would we have to update firmware every four hours to generate new tokens? That doesn't seem very realistic.

 

Thanks in advance!!
Charles

Labels:
  • 0 Likes
  • 1 Replies
  • 1,123 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
‎01-15-2021 12:29 PM
Go to solution

If the app needs long-term access (i.e., longer than four hours) without manual user interaction, it should request "offline" access during the OAuth app authorization flow. In that case, it will receive a "refresh token" that it can use to programmatically get a new short-lived access token at any point in time, without further manual user interaction. 

 

You can find more information in the following resources:

View solution in original post

0 Likes
1 Reply 1

Greg-DB
Dropbox Staff
‎01-15-2021 12:29 PM
Go to solution

If the app needs long-term access (i.e., longer than four hours) without manual user interaction, it should request "offline" access during the OAuth app authorization flow. In that case, it will receive a "refresh token" that it can use to programmatically get a new short-lived access token at any point in time, without further manual user interaction. 

 

You can find more information in the following resources:

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?