We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
JavaScript GitHub Action to Upload Build Artifact to Dropbox
Hi... first confessions - while I understand OAuth flow at a high-level, I'm not super familiar with the details. I've poked around quite a bit here and on Stack Overflow and cannot find the answer ...
Hi MikeKell,
I think you are mixing 2 different things. Your referrals to post that describes security considerations about client side application can be applied to server side application (as your is) as much as for long lived access token - i.e. no so much applicable. When you provide to a client application, embedding your private security data (doesn't matter what exactly), is some attacker client able to extract embedded data? I think this is a serious security consideration. Is you case the same; i.e. are your clients able to access somehow your tokens? 🤷 That's it. 😉
You can keep refresh token in the same way you do for access token. You can construct your "dropbox" object in the same way with only addition the refresh token for initialization. Everything else, while works (as you said), can stay the same and works... as long as you want (non restricted to 4 hours). The SDK (you are using) take care for the access token refresh on background (whenever needed).
Hope this clarifies matter.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
