cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

No more long-lived access tokens, whats the best strategy for own account usage?

Labels:

No more long-lived access tokens, whats the best strategy for own account usage?

MarciB
New member | Level 2
‎09-09-2021 03:38 AM
Go to solution

Hi all, 

 

out situation looks like the following:

we are simply sending the file to the upload url by dropbox providing an long lived access token to OUR account. But this is not going to work starting end of september, since long lived access tokens are not supported anymore. 

 

To fix that, we wanted to implement the recommended PKCE flow until it dawned us, that via this way users would need to give permission for OUR account, which is not what we want. Also granting this access and then saving the refresh token as long lived token to get an access token from doesn't seem like the way to go, more of a hackjob.

 

Does anybody know what the recommended solution for this scenario is? Working with short-lived tokens but also not having to let the user give the permission for OUR account and not theirs. 

 

Greetings MarciB

Labels:
  • 0 Likes
  • 2 Replies
  • 1,307 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
‎09-09-2021 07:06 AM
Go to solution

While the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption. You are not required to migrate existing long-lived access tokens to short-lived access tokens. Note though that after the change you won't be able to create new long-lived access tokens.

 

In your case, if you did want or need to migrate (e.g., if you accidentally revoked your long-lived access token after the change), you would need to process the app authorization flow for your own account once, and store the resulting refresh token, so the app can programmatically use it to get short-lived access tokens for your own account as needed.

View solution in original post

2 Replies 2

Greg-DB
Dropbox Staff
‎09-09-2021 07:06 AM
Go to solution

While the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption. You are not required to migrate existing long-lived access tokens to short-lived access tokens. Note though that after the change you won't be able to create new long-lived access tokens.

 

In your case, if you did want or need to migrate (e.g., if you accidentally revoked your long-lived access token after the change), you would need to process the app authorization flow for your own account once, and store the resulting refresh token, so the app can programmatically use it to get short-lived access tokens for your own account as needed.

MarciB
New member | Level 2
‎09-09-2021 07:25 AM
Go to solution

Thanks Greg

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    MarciB New member | Level 2
  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?