cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Share your feedback on the Document Scanning Experience in the Dropbox App right here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What's the correct way to handle expired access token

What's the correct way to handle expired access token

cjacky475
Explorer | Level 3

Hello, after user authenticates via OAuth2 I request refresh token, which I store on user's mobile device. Now to perform various actions (upload/download) from the user's Dropbox storage, I build:

 

DbxClientV2(config, credentials)

 

As I was reading this post https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Is-it-possible-to-get-a-permanent-token... it was mentioned that "The SDK will automatically catch expired access token errors and call the API to get a new short-lived access token when needed." What's the correct way for me to catch whether API was called to receive new access token or what would be the best practice to get the new access token and store it for further calls until it expires? Or do I need to do this manually in try { } catch { } or by checking the expiration date of the access token and then call: 

 

client.refreshAccessToken()

 

Thanks.

14 Replies 14

cjacky475
Explorer | Level 3

Not sure what's happening, my replies keeps dissapearing or I cannot see them.

 


@Greg-DB wrote:

The SDK doesn't perform a refresh on every single call; it only performs the refresh when it needs to.


Each time user's local data changes I push them to the Dropbox. Each time I create

DbxClientV2(config, credentials)


This way SDK will be refreshing the access token, since I always provide the old one.

 


@Greg-DB wrote:

And as Здравко said, it is not required, but you can retrieve the current access token using DbxCredential.getAccessToken if you want.


The access token stored in the DbxCredential object that I used to create the DbxClientV2 stores the old access token.

 

My question again: after I instantiate user, perform some operations, how to get the updated access token? Can I get it from the client object? The SDK automatically refreshes the access token and where does it store it for me to access it? Thanks.

 

As from my current understanding, SDK updates the token internally for the current client. After I create client again, I provide the old access token and the refresh process starts again. Each time I instantiate the client, refresh will happen, until I manually call the refresh token method, get the access token, and save it, right?

cjacky475
Explorer | Level 3

@Greg-DB wrote:

The SDK doesn't perform a refresh on every single call; it only performs the refresh when it needs to.


Each time user's local data changes I push them to the Dropbox. Each time I create

 

DbxClientV2(config, credentials)

 


This way SDK will be refreshing the access token, since I always provide the old access token.

 


@Greg-DB wrote:

And as Здравко said, it is not required, but you can retrieve the current access token using DbxCredential.getAccessToken if you want.


The access token stored in the DbxCredential object that I used to create the DbxClientV2 stores the old access token.

 

My question again: after I instantiate user, perform some operations, how to get the updated access token? Can I get it from the client object? The SDK automatically refreshes the access token and where does it store it for me to access it? Thanks.

 

As from my current understanding, SDK updates the token internally for the current client. After I create client again, I provide the old access token and the refresh process starts again. Each time I instantiate the client, refresh will happen, until I manually call the refresh token method, get the access token, and save it, right?

Здравко
Legendary | Level 20

Hi again @cjacky475,

As seems the spam filter has caught your post 🤷 It happens from time to time - fake positive detection.

 


@cjacky475 wrote:

...

As from my current understanding, SDK updates the token internally for the current client. After I create client again, I provide the old access token and the refresh process starts again. Each time I instantiate the client, refresh will happen, until I manually call the refresh token method, get the access token, and save it, right?


In general Yes, but not need to perform it manually. Something more: DbxCredential class with nested classes and static objects ('JsonWriter<DbxCredential> Writer' and 'JsonReader<DbxCredential> Reader') make store and read entire credentials information much more easy and less error prone. Updating the access token only is insecure. The client updates everything needed within DbxCredetial object. :winking_face: Saving entire content and read back whenever needed (on next client object construction) is the best practice (in spite not something mandatory).

 


@cjacky475 wrote:

...
This way SDK will be refreshing the access token, since I always provide the old access token.

 


@Greg-DB wrote:

And as Здравко said, it is not required, but you can retrieve the current access token using DbxCredential.getAccessToken if you want.


The access token stored in the DbxCredential object that I used to create the DbxClientV2 stores the old access token.

...


Whenever needed (i.e. when valid access token is needed, but the previous one is expired already) the client will update all needed in the passed DbxCredential object. Yes, if the passed object contains only outdated data (including access token), refresh will be forced on every first operation. Something no best when client objects are going to construct relatively often - it's unlikely refresh to be mandatory/needed every single time. That's why the information in credential object is good to be stored at the object work finish (not only the access token). So when read the next time, the information will be actual.

 


@cjacky475 wrote:

...

My question again: after I instantiate user, perform some operations, how to get the updated access token? Can I get it from the client object? The SDK automatically refreshes the access token and where does it store it for me to access it? Thanks.

...


Let's think a bit...:thinking_face: There are different ways an argument to be passed to a method/constructor. They commonly are divided to passed by value and passed by reference. Do you know how are they distinct? 🧐 ... and what are you using actually in your code? :confused_face:... :hushed_face::beaming_face_with_smiling_eyes:

Hope this gives some directions... of thinking. :winking_face:

cjacky475
Explorer | Level 3

Hi again @Здравко, thanks for explaining, you see, I do not know exactly how it works under the hood or that Dropbox SDK updates my passed object to the client creation. It really does update the

DbxCredential

object which I have passed to the client object creation. After all operations I will get the access token and store it locally. Next time user gets created, I will pass that access token together with expiration time. Thanks again. I hope what I am doing is for the better performance.

Здравко
Legendary | Level 20

@cjacky475 wrote:

..., you see, I do not know exactly how it works under the hood or that Dropbox SDK updates my passed object to the client creation. It really does update the

DbxCredential

object which I have passed to the client object creation. ...


@cjacky475, I see that you are not aware of how Java works! 🙋 It's not about how Dropbox SDK works - it's likely the SDK' developers have this done unintentionally. :winking_face: In Java all object are passed by reference! Only internal values (integers, floats, etc.) if not wrapped, are passed by value. You have to know this. Once knowing all specifics of the programming language, you're using, you can exploit them whenever needed.

Good luck.

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Здравко Legendary | Level 20
  • User avatar
    cjacky475 Explorer | Level 3
What do Dropbox user levels mean?