cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
We love to hear how every person gets the most from Dropbox, and it seems everyone has a slightly different use for it - tell us yours here!

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Short lived Tokens for Swift SDK

Short lived Tokens for Swift SDK

kungfuslippers
New member | Level 2

Hi,

 

I've seen a few posts on short-lived tokens but wanted to be totally clear upon how they work.

 

On my app settings page, I have Access Token Expiration set to 'Short Lived'. When I click on the more info button I see a pop-up with the following:

 

-"Short-lived access tokens will expire after 4 hours. A new short-lived access token will be issued when a user re-authenticates or you can request one by using your refresh token.

If you default to use short-lived tokens, the token generated on this page will also be short-lived.

Long-lived tokens are less secure and will be deprecated in the future."-

 

So after running:

 

let scopeRequest = ScopeRequest(scopeType: .user, scopes: ["files.metadata.read", "files.metadata.write"], includeGrantedScopes: false)

DropboxClientsManager.authorizeFromControllerV2(

UIApplication.shared,

controller: self,

loadingStatusDelegate: nil,

openURL: { (url: URL) -> Void in UIApplication.shared.open( url, options: [:])},

scopeRequest: scopeRequest

)

 

The user will be prompted to login in / authorise via the Dropbox webview and if successful, the code flow returns via:

 

func scene(_ scene: UIScene, openURLContexts URLContexts: Set<UIOpenURLContext>) {

if let url = URLContexts.first?.url {

 

let oauthCompletion: DropboxOAuthCompletion = {

  if let authResult = $0 {

  switch authResult {

  case .success:

  print("Success! User is logged into DropboxClientsManager.")

  case .cancel:

  print("Authorization flow was manually canceled by user!")

  case .error(_, let description):

  print("Error: \(String(describing: description))")

  }

  }

}

DropboxClientsManager.handleRedirectURL(url, completion: oauthCompletion)

 

}

 

My questions are...

 

1. Does the token actually expire after 4 hours?

2. If it does - what APIs should I use to refresh?

3. If the short-lived tokens don't expire then can I assume that no further user interaction will be required to re-authorize / generate a new token - unless a call to DropboxClientsManager.unlinkClients() is made?

 

 

1 Accepted Solution

Accepted Solutions

Re: Short lived Tokens for Swift SDK

Greg-DB
Dropboxer

1. Short-lived access tokens, such as retrieved by authorizeFromControllerV2, do expire after four hours. The authorizeFromControllerV2 method actually requests "offline" access though, so it receives a refresh token in addition to the short-lived access token.

2. If you use authorizeFromControllerV2 as documented, the SDK will automatically perform the refresh process for you. It will get a new short-lived access token when needed; you don't need to implement anything for that yourself.

3. While the short-lived access tokens themselves do expire, you are correct that, when implemented as above, no further user interaction is required (unless the access is explicitly disabled in some way, such as via unlinkClients) since the SDK will automatically perform a refresh when needed.

View solution in original post

2 Replies 2

Re: Short lived Tokens for Swift SDK

Greg-DB
Dropboxer

1. Short-lived access tokens, such as retrieved by authorizeFromControllerV2, do expire after four hours. The authorizeFromControllerV2 method actually requests "offline" access though, so it receives a refresh token in addition to the short-lived access token.

2. If you use authorizeFromControllerV2 as documented, the SDK will automatically perform the refresh process for you. It will get a new short-lived access token when needed; you don't need to implement anything for that yourself.

3. While the short-lived access tokens themselves do expire, you are correct that, when implemented as above, no further user interaction is required (unless the access is explicitly disabled in some way, such as via unlinkClients) since the SDK will automatically perform a refresh when needed.

View solution in original post

Re: Short lived Tokens for Swift SDK

kungfuslippers
New member | Level 2

Many thanks for the clarification!

 

 

Who's talking

Top contributors to this post

  • User avatar
    kungfuslippers New member | Level 2
  • User avatar
    Greg-DB Dropboxer
What do Dropbox user levels mean?
Need more support?