1. It sounds like you're referring to the "app secret". You won't necessarilly need to use this. For example, for client-side apps, such as Android apps, you would use the "token" app authorization flow, which doesn't require the app secret.
2. The `tokenRevoke` method only revokes the access token (whichever is currently loaded in your client object) on the server. It doesn't dispose of the token itself locally, etc. Also, note that the `getOAuth2Token` method only retrieves an access token from the local app authorization flow that jsut occured, and may or may not be the same token as you have currently have loaded in your client object. In general, "logging out" can mean a few different things. There's a discussion here that covers a few different options.
We love to learn from the educators who use Dropbox. Whether you teach kids, teens, adults or a combination of all three, we want to know what apps and integrations you use with Dropbox to help with teaching. Which of the ones below is your favorite, or most used tool?