cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Migrating existing long term tokens to new short term tokens with Java SDK + Android

Migrating existing long term tokens to new short term tokens with Java SDK + Android

alison9
New member | Level 2
Go to solution

I have an existing app in production that authorizes with Dropbox using 

 

 

Auth.startOAuth2Authentication

 

 

From my understanding this gives me a long term token, but after September 30th these tokens will no longer work and my requests using this token will 401.

 

If I change my authentication to use

 

 

Auth.startOAuth2PKCE

 

 

 then I will now have a full DbxCredential which will have the short lived access token and a long lived access token. By using this with the Java SDK my tokens will automatically be refreshed. 

 

But for my existing users where I only have a string of the long lived access token, how can I get a short lived access token and a refresh token? Will I have to call startOAuth2PKCE again and show take my users to the Dropbox app or website to re-approve? 

1 Accepted Solution

Accepted Solutions

kylea
Dropbox Staff
Go to solution

On September 30th, we will stop issuing new long lived tokens.  Existing long lived tokens will not be invalidated; this will not break for existing users.  You can re-auth existing users to get them on to refresh tokens.

View solution in original post

5 Replies 5

tahsini
Dropbox Staff
Go to solution

PKCE is a different method that has its own unique steps. For you scenario you can continue using the standard OAuth method, and if you are already handling 401s, then no need to make code changes.

 

If you want to start testing short-lived access tokens, you will want to create a new OAuth URL and pass in token-access type to 'online'. Alternatively if you set it to 'offline' you will be returned a refresh token and a short-lived token. You can read more about how to work with this in our guide here.

alison9
New member | Level 2
Go to solution

I'm not manually handling 401s, I'm using the java sdk to make the network requests. 

 

I know I can support short term tokens for all my future users, I'm asking what will happen to my existing users that have long lasting tokens.

kylea
Dropbox Staff
Go to solution

On September 30th, we will stop issuing new long lived tokens.  Existing long lived tokens will not be invalidated; this will not break for existing users.  You can re-auth existing users to get them on to refresh tokens.

fistuk
Explorer | Level 4
Go to solution

Hello, thanks for the answer. I'm still not sure whether we should just proceed using the long-lived tokens for the legacy users, or is there a way to exchange the long-lived token to a short-lived token with a refresh token?

Greg-DB
Dropbox Staff
Go to solution

@fistuk While the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, your users can continue using existing long-lived access token(s) without interruption. Dropbox does not offer a way to exchange long-lived access tokens for short-lived access tokens with refresh tokens without having the user re-authorize the app, and you are not required to migrate users with existing long-lived access tokens to short-lived access tokens.

Need more support?