cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Migrating to short-lived access tokens

Migrating to short-lived access tokens

De L.1
Collaborator | Level 9
Go to solution

Hi there,

 

I want to switch from the depricated long-lived tokens to short-lived access tokens for an application that uses offline access. The old token flow didn't have a refresh token generated. Is it possible to get an refresh token for those old tokens (once) so I can migrate the application to the new short-lived tokens with refresh token without requiring all users to re-authorize?

 

Thanks!

1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
Go to solution

No, we don't have a way to get refresh tokens for existing long-lived access tokens. However, while long-lived access tokens are now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, your existing users can continue using their existing long-lived access token(s) and you don't have to force them to re-authorize the app if you don't want to.

View solution in original post

6 Replies 6

Greg-DB
Dropbox Staff
Go to solution

No, we don't have a way to get refresh tokens for existing long-lived access tokens. However, while long-lived access tokens are now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, your existing users can continue using their existing long-lived access token(s) and you don't have to force them to re-authorize the app if you don't want to.

De L.1
Collaborator | Level 9
Go to solution

Thanks for your quick reply!

 

I understand that there are no plans yet to disable the old tokens, but I assume that this will happen at some point. But it is good to know that I don't need to force the users at this moment.  However, as the short-lived tokens with refresh token add an additional level of security, I will have to migrate anyway (at least for new authorizations).

 

 

pallavipersistent
Explorer | Level 3
Go to solution

Hi , 

Is there any error that will be thrown when long lived access token get deprecated? we are shifting our nodejs application where long lived access token accounts will start giving a deprecation error once announced.
Just wanted to heads up on the error priorly so that we can handle them.

 

 

pallavipersistent
Explorer | Level 3
Go to solution

Is there any expiry to refresh token?Please let us know.

De L.1
Collaborator | Level 9
Go to solution

OAuth 2 refresh tokens will not expire by themselves. See @Greg-DB answer in this topic.
Perhaps a good idea to mention this clearly in the documentation.

Greg-DB
Dropbox Staff
Go to solution

Thanks! That's correct, refresh tokens don't expire by themselves (though the user or app can revoke them on demand of course). I'll ask the team to more clearly document this.

 

Anyway, long-lived access tokens are now considered "deprecated", but they will continue operating as they do currently. We'll make an announcement with details if/when that will change.

Need more support?