cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
We love to hear how every person gets the most from Dropbox, and it seems everyone has a slightly different use for it - tell us yours here!

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

No more long-lived access tokens, whats the best strategy for own account usage?

No more long-lived access tokens, whats the best strategy for own account usage?

MarciB
New member | Level 2

Hi all, 

 

out situation looks like the following:

we are simply sending the file to the upload url by dropbox providing an long lived access token to OUR account. But this is not going to work starting end of september, since long lived access tokens are not supported anymore. 

 

To fix that, we wanted to implement the recommended PKCE flow until it dawned us, that via this way users would need to give permission for OUR account, which is not what we want. Also granting this access and then saving the refresh token as long lived token to get an access token from doesn't seem like the way to go, more of a hackjob.

 

Does anybody know what the recommended solution for this scenario is? Working with short-lived tokens but also not having to let the user give the permission for OUR account and not theirs. 

 

Greetings MarciB

1 Accepted Solution

Accepted Solutions

Re: No more long-lived access tokens, whats the best strategy for own account usage?

Greg-DB
Dropboxer

While the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption. You are not required to migrate existing long-lived access tokens to short-lived access tokens. Note though that after the change you won't be able to create new long-lived access tokens.

 

In your case, if you did want or need to migrate (e.g., if you accidentally revoked your long-lived access token after the change), you would need to process the app authorization flow for your own account once, and store the resulting refresh token, so the app can programmatically use it to get short-lived access tokens for your own account as needed.

View solution in original post

2 Replies 2

Re: No more long-lived access tokens, whats the best strategy for own account usage?

Greg-DB
Dropboxer

While the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption. You are not required to migrate existing long-lived access tokens to short-lived access tokens. Note though that after the change you won't be able to create new long-lived access tokens.

 

In your case, if you did want or need to migrate (e.g., if you accidentally revoked your long-lived access token after the change), you would need to process the app authorization flow for your own account once, and store the resulting refresh token, so the app can programmatically use it to get short-lived access tokens for your own account as needed.

View solution in original post

Re: No more long-lived access tokens, whats the best strategy for own account usage?

MarciB
New member | Level 2

Thanks Greg

Who's talking

Top contributors to this post

  • User avatar
    MarciB New member | Level 2
  • User avatar
    Greg-DB Dropboxer
What do Dropbox user levels mean?
Need more support?