Forum Discussion

Helpful | Level 7

4 months ago

Invalid access token - across multiple Dropbox Team Spaces

We have suddenly seen an influx of the above error occuring for our customers including our own integrations tests (with no changes in code) I've been looking at the following post, we use PKCE ...

API

awb
4 months ago
Rather embarrassing 🤕. It appears our Access token was being truncated through our caching mechanism. I guess our previous tokens fell within the limits. Thanks again Greg-DB Здравко

Greg-DB

Dropbox Staff

awb First for reference, note that the post you linked to is old and now somewhat out of date. As Здравко noted, new Dropbox API access tokens do now expire, and access tokens and refresh tokens can also still be explicitly revoked. There are different errors for these cases: 'expired_access_token' indicates the token is expired, and 'invalid_access_token' indicates the token is not valid or is revoked.

Here's a slightly more extensive list of ways an access token/refresh token can be revoked:

the user or team admin can revoke all access tokens for an app by unlinking it on any of the following Dropbox web pages:
- the Connected apps page
- the Security checkup page
- the team member’s page on the Members section of the Business Admin console
- the Team apps page on the Settings section of Business Admin console

for user-linked apps, by the user:
for user-linked apps, by a team admin:
for team-linked apps, by a team admin:

any client with the access token can revoke the access token by calling /2/auth/token/revoke
the GitHub-Dropbox token scanning partnership can revoke access tokens found publicly posted on GitHub
if the app uses the "app folder" access type, the access token can effectively be disabled by deleting the app folder itself in the Dropbox account, via the Dropbox website or any client
the app can be disabled
the account that owns the app can be disabled
the connected account/team can be disabled

To answer your specific questions:

App folder access type: Based on your first screenshot, I can tell that your app does not use the app folder access type (because I see it has team scopes, and apps with the app folder access type can't use team scopes).
App owner state: Based on your second screenshot, assuming it is a current screenshot, I can tell that the account that owns the app is not disabled, because only the app owner account can view that configuration page, and the account would need to be active to be able to do so.

In any case, if you are getting unexpected errors, we'll be happy to look into it, but we'd need some more information. In that case, please reply with:

the name and version number of the platform and SDK/library you are using, if any
the steps to reproduce the issue, including relevant code snippet(s)
the full text of any error or unexpected output; please ideally show the full request and response, including headers and bodies for both

Be sure to redact any access tokens, refresh tokens, or app secrets throughout. Thanks!

awb

Helpful | Level 7

4 months ago

Hi Greg-DB

Screen shot is reecent, I've also tried removing the app and adding again

We have had another customer affected by this,

POST https://api.dropboxapi.com/2/team/features/get_values HTTP/1.1
Authorization: Bearer omitted
User-Agent: omitted/OfficialDropboxDotNetSDKv2/6.37.0.0
Content-Type: application/json; charset=utf-8
Host: api.dropboxapi.com
Request-Id: |39875632-4c7f9ff832916d0c.
Content-Length: 49

{"features":[{".tag":"has_team_shared_dropbox"}]}

HTTP/1.1 401 Unauthorized
Content-Type: application/json
Cache-Control: no-cache
Content-Security-Policy: sandbox allow-forms allow-scripts
Www-Authenticate: Bearer realm="Dropbox-API"
X-Content-Type-Options: nosniff
X-Dropbox-Request-Url: /2/team/features/get_values
Date: Mon, 22 Jul 2024 06:26:36 GMT
Server: envoy
Content-Length: 81
X-Dropbox-Response-Origin: far_remote
X-Dropbox-Request-Id: 7690858d30364e4591fab093c620c3d0

{"error":{".tag":"invalid_access_token"},"error_summary":"invalid_access_token/"}

As mentioned before, everything has been working as expected. So I am assuming that its related to our Dropbox application? I can provide you with the app key if this will help?

Thanks

Ash

awb
Helpful | Level 7
4 months ago
Rather embarrassing 🤕. It appears our Access token was being truncated through our caching mechanism. I guess our previous tokens fell within the limits. Thanks again Greg-DB Здравко
- Greg-DB
  Dropbox Staff
  4 months ago
  Thanks for following up. I'm glad to hear you sorted this out. Yes, for reference, the length of Dropbox access tokens is not guaranteed and may change over time.

About Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,877 PostsLatest Activity: 5 minutes ago

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!

Forum Discussion

Invalid access token - across multiple Dropbox Team Spaces

About Dropbox API Support & Feedback

Related Content

Invalid access token

.NET SDK Invalid request while calling ProcessCodeFlowAsync

Dropbox Error: Invalid Access Token, Unable to get Temporary Upload and Download Links

Refresh token generates an invalid access token?

invalid Free space due to backup

Recent Discussions

Download a file

Dropbox internal error occured - Resolution

How to add the entire team to team folder by api

API Upload .HEIC and convert to JPG

Invalid Folder Name with Team API