cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Update: Find information on Dropbox support during COVID-19 here
Close
cancel
Showing results for 
Search instead for 
Did you mean: 

OAuth 2.0 Access Token Validity

Amit1 New member | Level 1
New member | Level 1

I have been trying to use the dropbox apis through OAuth 2.0 authentication support. I found that the access token generated through the authorize and token end points seems to be valid for over 2 days. I had expected it to expire after a while (say couple of hours) assuming that to be a standard.

I would like to know the validity period of the access token. Can someone share provide some inputs?
Thanks!

4 Replies 4

Re: OAuth 2.0 Access Token Validity

Dropboxer
Dropboxer

See https://www.dropbox.com/developers/support#token-expiration.

Access tokens effectively don't expire.

Re: OAuth 2.0 Access Token Validity

Amit1 New member | Level 1
New member | Level 1

Isn't it a security issue if the token don't expire? http://stackoverflow.com/a/7035926/537503

Re: OAuth 2.0 Access Token Validity

Dropboxer
Dropboxer

Because Dropbox does a database lookup for each request, our bearer tokens are immediately revocable by code or by the user (via https://www.dropbox.com/account/security). We reviewed our OAuth 2 implementation with respect to the issues raised in that Stack Overflow answer as well as many other sources, and we're comfortable with what we have from a security perspective.

Re: OAuth 2.0 Access Token Validity

Amit1 New member | Level 1
New member | Level 1

Work Smarter with Dropbox

The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.

Sound good? Let's get started.
Who's talking

Top contributors to this post

What do Dropbox user levels mean?
Need more support?