Forum Discussion

Explorer | Level 4

4 years ago

Migration to short-lived token

When migrating server from no expiration to short-lived token, what happen if my user still login with old flow (authorizeFromController)? is it still login? will logout directly? or will logout after 4 hours?

Developers

Greg-DB
4 years ago
Yes, that's right.

If a user processed the flow with authorizeFromController before they change, they received a long-lived access token. Long-lived access tokens are now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, users can continue using those existing long-lived access token(s) even after the change.

Greg-DB
Dropbox Staff
4 years ago
Once Dropbox stops issuing new long-lived access tokens, any users processing the old authorization flow, e.g., using authorizeFromController, will still be able to authorize the app but will receive new short-lived access tokens instead of new long-lived access tokens. That means that the app will only be access the account for four hours at a time, before the new short-lived access tokens expire and return a 401 error to the app, at which point it would need to have the user re-authorize the app (like it would if the user had explicitly revoked access to the app).
- Andika Scofield
  Explorer | Level 4
  4 years ago
  OK, I want to make sure again:
  - User login use authorizeFromController with short-lived token -> will expire until 4 hours.
  I've check in my app, it can't load the folder after 4 hours login.
  
  But what happen if:
  - User already login use authorizeFromController with no expiration token (before I change to short-lived), and then I change the token to short-lived. What happen after that?
  I've checked in my app, I can access the folder even after 4 hours. Is it true?
  - Greg-DB
    Dropbox Staff
    4 years ago
    Yes, that's right.
    
    If a user processed the flow with authorizeFromController before they change, they received a long-lived access token. Long-lived access tokens are now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, users can continue using those existing long-lived access token(s) even after the change.

About Discuss Dropbox Developer & API

Make connections with other developers

795 PostsLatest Activity: 5 days ago

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!

Forum Discussion

Migration to short-lived token

About Discuss Dropbox Developer & API

Related Content

Short lived access tokens only?

Migrating to short-lived access tokens

Python API Short-lived access token for Dropbox

Problems with the short-lived token for my App

Short-lived token migration in Swift producing nil Client

Recent Discussions

Sharing folders to users with viewer still permits downloads

Cannot set expire settings for sharing_create_shared_link_with_settings

GET Usage (in MB, updates every 8 hours) FROM python sdk

Regarding Access Token Expiration Policy

My token expire - I want to not expire