cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Find out how Tiffany, a Customer Experience superstar uses Dropbox to keep her family in the loop when it comes to her new baby here!

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Migrating existing long term tokens to new short term tokens with Java SDK + Android

Migrating existing long term tokens to new short term tokens with Java SDK + Android

alison9
New member | Level 2

I have an existing app in production that authorizes with Dropbox using 

 

 

Auth.startOAuth2Authentication

 

 

From my understanding this gives me a long term token, but after September 30th these tokens will no longer work and my requests using this token will 401.

 

If I change my authentication to use

 

 

Auth.startOAuth2PKCE

 

 

 then I will now have a full DbxCredential which will have the short lived access token and a long lived access token. By using this with the Java SDK my tokens will automatically be refreshed. 

 

But for my existing users where I only have a string of the long lived access token, how can I get a short lived access token and a refresh token? Will I have to call startOAuth2PKCE again and show take my users to the Dropbox app or website to re-approve? 

1 Accepted Solution

Accepted Solutions

Re: Migrating existing long term tokens to new short term tokens with Java SDK + Android

kylea
Dropboxer

On September 30th, we will stop issuing new long lived tokens.  Existing long lived tokens will not be invalidated; this will not break for existing users.  You can re-auth existing users to get them on to refresh tokens.

View solution in original post

5 Replies 5

Re: Migrating existing long term tokens to new short term tokens with Java SDK + Android

tahsini
Dropboxer

PKCE is a different method that has its own unique steps. For you scenario you can continue using the standard OAuth method, and if you are already handling 401s, then no need to make code changes.

 

If you want to start testing short-lived access tokens, you will want to create a new OAuth URL and pass in token-access type to 'online'. Alternatively if you set it to 'offline' you will be returned a refresh token and a short-lived token. You can read more about how to work with this in our guide here.

Re: Migrating existing long term tokens to new short term tokens with Java SDK + Android

alison9
New member | Level 2

I'm not manually handling 401s, I'm using the java sdk to make the network requests. 

 

I know I can support short term tokens for all my future users, I'm asking what will happen to my existing users that have long lasting tokens.

Re: Migrating existing long term tokens to new short term tokens with Java SDK + Android

kylea
Dropboxer

On September 30th, we will stop issuing new long lived tokens.  Existing long lived tokens will not be invalidated; this will not break for existing users.  You can re-auth existing users to get them on to refresh tokens.

View solution in original post

Re: Migrating existing long term tokens to new short term tokens with Java SDK + Android

fistuk
Explorer | Level 4

Hello, thanks for the answer. I'm still not sure whether we should just proceed using the long-lived tokens for the legacy users, or is there a way to exchange the long-lived token to a short-lived token with a refresh token?

Re: Migrating existing long term tokens to new short term tokens with Java SDK + Android

Greg-DB
Dropboxer

@fistuk While the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, your users can continue using existing long-lived access token(s) without interruption. Dropbox does not offer a way to exchange long-lived access tokens for short-lived access tokens with refresh tokens without having the user re-authorize the app, and you are not required to migrate users with existing long-lived access tokens to short-lived access tokens.

Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropboxer
  • User avatar
    fistuk Explorer | Level 4
  • User avatar
    kylea Dropboxer
  • User avatar
    alison9 New member | Level 2
  • User avatar
    tahsini Dropboxer
What do Dropbox user levels mean?
Need more support?