cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Are you interested in hearing how one of our Community members uses Dropbox for sailing trips? Read all about it here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Refresh token, where I can find an implementation example or tutorial?

Refresh token, where I can find an implementation example or tutorial?

Samnis
Explorer | Level 4
Go to solution

Hi,

I need to update my app to support new OAuth code flow with PKCE/scopes and new short-lived tokens. For code flow with PKCE and scopes I see there is the new method "DBClientsManager.authorizeFromControllerV2:...". But, where I can find a tutorial or an example about using and refreshing short-lived tokens? I don't know which method to call, when call it and how to manage the response.

I have read:

https://dropbox.tech/developers/now-available--scoped-apps-and-enhanced-permissions

https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens#implement-refresh-tokens

- example app DBRoulette

- this forum

but I found nothing.

 

Please help, thank you.

 

1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
Go to solution

If you use the SDK and implement the authorization flow as documented, i.e., using authorizeFromControllerV2, the SDK will actually automatically handle the short-lived access token and refresh token logic for you.

View solution in original post

13 Replies 13

Samnis
Explorer | Level 4
Go to solution

Sorry, 

I missed some info: I am using the official Objective-C SDK from Dropbox available here:

https://github.com/dropbox/dropbox-sdk-obj-c

 

Thank you

 

Greg-DB
Dropbox Staff
Go to solution

If you use the SDK and implement the authorization flow as documented, i.e., using authorizeFromControllerV2, the SDK will actually automatically handle the short-lived access token and refresh token logic for you.

Samnis
Explorer | Level 4
Go to solution

Wow, good news 🙂 I'll try it as soon as possible.

Greg, thank you very much for your prompt answer.

PS: maybe you should add a clarification to the documentation 🙂

 

eweb
Explorer | Level 4
Go to solution

I have made the described changes to the DBRoulette example app. And it doesn't automatically handle the refresh token. Perhaps I am doing something wrong. But once the short lived token has expired it gives a 401 with an expired_access_token error.

Perhaps you could update the example.

Greg-DB
Dropbox Staff
Go to solution

@eweb I'll ask the team to update the DBRoulette example. I can't promise exactly when that would be done though, so in the meantime perhaps you can share what you have so far and I can take a look at see what the issue might be.

eweb
Explorer | Level 4
Go to solution

Possibly the simplest way to do that would be to fork the repo and push up my changes. Is that gonna help you.

eweb
Explorer | Level 4
Go to solution

Greg-DB
Dropbox Staff
Go to solution

@eweb Thanks! Looking at the comparison, I see the relevant difference is the replacement of authorizeFromController with authorizeFromControllerV2 in linkDropboxButtonPressed. That looks correct, and I don't believe you're missing anything. I'll give that a try myself and look into it. 

Greg-DB
Dropbox Staff
Go to solution

@eweb I tried this out, and it's working successfully for me. Even after the initial short-lived access token expires, the SDK automatically uses the stored refresh token to get a new short-lived access token and then uses that to successfully make further API calls, without having to report 'expired_access_token' back to the app's code. 

 

Did you perhaps process the app authorization flow before switching from authorizeFromController to authorizeFromControllerV2 and so only had a short-lived access token stored, but not a refresh token? You can unlink the client and then re-authorize with authorizeFromControllerV2 in that case. 

Need more support?