cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Share your feedback on the Document Scanning Experience in the Dropbox App right here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Refreshing short live tokens without Consumer Key and Consumer Secrect

Refreshing short live tokens without Consumer Key and Consumer Secrect

epris
Explorer | Level 4
Go to solution

Dear all,

 

we are updating our code in order to support refresh token. We need backgroud renewal of the token.

We are using the JAVA version of the API.

It seems that in order to update the token (to refresh the short lived token) it is mandatory to store in the code the following secret information (Consumer Key and Consumer Secrect):

ApiKey and ApiSecret

 

DbxRequestConfig requests ApiKey and ApiSecret in order to refresh the token.

https://dropbox.github.io/dropbox-sdk-java/api-docs/v3.1.x/com/dropbox/core/oauth/DbxCredential.html

 

Is there another solution that avoids to write the Consumer Key and Consumer Secrect within the code?

 

Thanks to all

1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
Go to solution

Yes, you can use the "PKCE" flow to process "offline" access without having the app secret. You can find an example of running this with the Java SDK here:

 

https://github.com/dropbox/dropbox-sdk-java/blob/master/examples/authorize/src/main/java/com/dropbox...

View solution in original post

2 Replies 2

Greg-DB
Dropbox Staff
Go to solution

Yes, you can use the "PKCE" flow to process "offline" access without having the app secret. You can find an example of running this with the Java SDK here:

 

https://github.com/dropbox/dropbox-sdk-java/blob/master/examples/authorize/src/main/java/com/dropbox...

epris
Explorer | Level 4
Go to solution

We solved following your suggestion, thanks!

Need more support?