Start 2025 on time and up to date. Seamlessly integrate your calendars into Dropbox with these simple steps.
Forum Discussion
alison9
4 years agoNew member | Level 2
Migrating existing long term tokens to new short term tokens with Java SDK + Android
I have an existing app in production that authorizes with Dropbox using
Auth.startOAuth2Authentication
From my understanding this gives me a long term token, but after September 30th these tokens will no longer work and my requests using this token will 401.
If I change my authentication to use
Auth.startOAuth2PKCE
then I will now have a full DbxCredential which will have the short lived access token and a long lived access token. By using this with the Java SDK my tokens will automatically be refreshed.
But for my existing users where I only have a string of the long lived access token, how can I get a short lived access token and a refresh token? Will I have to call startOAuth2PKCE again and show take my users to the Dropbox app or website to re-approve?
On September 30th, we will stop issuing new long lived tokens. Existing long lived tokens will not be invalidated; this will not break for existing users. You can re-auth existing users to get them on to refresh tokens.
- tahsiniDropbox Staff
PKCE is a different method that has its own unique steps. For you scenario you can continue using the standard OAuth method, and if you are already handling 401s, then no need to make code changes.
If you want to start testing short-lived access tokens, you will want to create a new OAuth URL and pass in token-access type to 'online'. Alternatively if you set it to 'offline' you will be returned a refresh token and a short-lived token. You can read more about how to work with this in our guide here.
- alison9New member | Level 2
I'm not manually handling 401s, I'm using the java sdk to make the network requests.
I know I can support short term tokens for all my future users, I'm asking what will happen to my existing users that have long lasting tokens.
- kyleaDropbox Staff
On September 30th, we will stop issuing new long lived tokens. Existing long lived tokens will not be invalidated; this will not break for existing users. You can re-auth existing users to get them on to refresh tokens.
- fistukExplorer | Level 4
Hello, thanks for the answer. I'm still not sure whether we should just proceed using the long-lived tokens for the legacy users, or is there a way to exchange the long-lived token to a short-lived token with a refresh token?
- Greg-DBDropbox Staff
fistuk While the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, your users can continue using existing long-lived access token(s) without interruption. Dropbox does not offer a way to exchange long-lived access tokens for short-lived access tokens with refresh tokens without having the user re-authorize the app, and you are not required to migrate users with existing long-lived access tokens to short-lived access tokens.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.5,927 PostsLatest Activity: 9 hours ago
If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!