Re: How to revoke an access token? (Other answers suggest security page, but doesn't appear there)

Chris K.21 · ‎04-29-2017

Hi,

I realise this question has been asked before, but it seems the answers always refer to the account/security page.

I have generated (manually through the web UI) multiple access tokens during testing, and all seem valid. I have probably also generated some and not actually noted them down anywhere.

How do I:

a) list access tokens

b) remove/revoke unneeded access tokens

I have looked here: www.dropbox.com/account/security and I can see my app listed, but there is no mention of access tokens. I do not want to remove the entire app, just some of the access tokens for it.

Cheers,

Chris

Luffy · ‎04-30-2017

Hi Chris,

Have you tried going through this one https://www.dropbox.com/developers/support ?

Here's the part that interests you I think!

App access tokens effectively don't expire, but users can manually revoke tokens by going into My apps. In the case of apps with app folder access, if the user deletes the app folder, your app's access token will no longer be valid.
You should only process the authorization once, and save the access token for all future calls for that user. If an existing access token is invalid, (in which cases calls will return 401), you should prompt the user to re-authorize your app.

I hope this helps Chris !

Enjoy the rest of your weekend!

Chris K.21 · ‎04-30-2017

That does seem like one possible solution, and I do appreciate you taking the time to answer.

As the folder already contains data, I don't want to delete it to revoke tokens. I was hoping there was a simple way to list and delete/revoke generated tokens.

Again, thank you for taking the time to answer

Luffy · ‎04-30-2017

Sorry this does not work for you Chris.

You could probably backup the whole folder and try restoring after the deletion? ( ok, I know this probably wouldn't work, but I cannot seem to find any other workaround for what you are trying to achieve.

If you manage to finally find a way , please be so kind and post it here so all users know for future references.

Thanks Chris!

Chris K.21 · ‎04-30-2017

Thanks Luffy.

I have just posted a similar question to Stackoverflow, so I might be able to get some traction over there. If I do get an answer, I will be sure to report back here.

Cheers

Chris

Luffy · ‎04-30-2017

Thanks in advance Chris!

Cheers!

Luffy

Greg-DB · ‎05-01-2017

[Cross-linking for reference: https://stackoverflow.com/questions/43705630/how-do-i-revoke-generated-access-tokens-for-dropbox-app... ]

a) The Dropbox web site/API don't offer a way to list individual access tokens.

b) There are several ways to revoke access tokens.

The user can revoke all access tokens for an app via the account security page by clicking the 'x' at the right of the app's row. This will revoke all access tokens for that app-user pair though, and doesn't offer a way to revoke specific/individual ones.
If the app uses the "app folder" permission, the user can delete the app folder itself, which will cause any further API calls for that app-user pair to fail.
The app can revoke individual access tokens using the /2/auth/token/revoke API endpoint. That will revoke only the individual access token used to make the call itself. You can use it multiple times to revoke any/all access tokens you have.

Chris K.21 · ‎05-03-2017

Thanks Greg, although not ideal as mentioned, I don't want to delete the folder as it already contains files. For now though I will work with this as the solution.

Cheers