You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
cjacky475
2 years agoExplorer | Level 3
What's the correct way to handle expired access token
Hello, after user authenticates via OAuth2 I request refresh token, which I store on user's mobile device. Now to perform various actions (upload/download) from the user's Dropbox storage, I build: ...
- 2 years ago
Hi again cjacky475,
As seems the spam filter has caught your post 🤷 It happens from time to time - fake positive detection.
cjacky475 wrote:...
As from my current understanding, SDK updates the token internally for the current client. After I create client again, I provide the old access token and the refresh process starts again. Each time I instantiate the client, refresh will happen, until I manually call the refresh token method, get the access token, and save it, right?
In general Yes, but not need to perform it manually. Something more: DbxCredential class with nested classes and static objects ('JsonWriter<DbxCredential> Writer' and 'JsonReader<DbxCredential> Reader') make store and read entire credentials information much more easy and less error prone. Updating the access token only is insecure. The client updates everything needed within DbxCredetial object. 😉 Saving entire content and read back whenever needed (on next client object construction) is the best practice (in spite not something mandatory).
cjacky475 wrote:...
This way SDK will be refreshing the access token, since I always provide the old access token.
Greg-DB wrote:And as Здравко said, it is not required, but you can retrieve the current access token using DbxCredential.getAccessToken if you want.
The access token stored in the DbxCredential object that I used to create the DbxClientV2 stores the old access token.
...
Whenever needed (i.e. when valid access token is needed, but the previous one is expired already) the client will update all needed in the passed DbxCredential object. Yes, if the passed object contains only outdated data (including access token), refresh will be forced on every first operation. Something no best when client objects are going to construct relatively often - it's unlikely refresh to be mandatory/needed every single time. That's why the information in credential object is good to be stored at the object work finish (not only the access token). So when read the next time, the information will be actual.
cjacky475 wrote:...
My question again: after I instantiate user, perform some operations, how to get the updated access token? Can I get it from the client object? The SDK automatically refreshes the access token and where does it store it for me to access it? Thanks.
...
Let's think a bit...🤔 There are different ways an argument to be passed to a method/constructor. They commonly are divided to passed by value and passed by reference. Do you know how are they distinct? 🧐 ... and what are you using actually in your code? 😕... 😯😁
Hope this gives some directions... of thinking. 😉
Здравко
Legendary | Level 20
cjacky475 wrote:... "The SDK will automatically catch expired access token errors and call the API to get a new short-lived access token when needed." ... Or do I need to do this manually in try { } catch { } or by checking the expiration date of the access token and then ...
Hi cjacky475,
😁You give correct answer to you own question actually. You don't need to handle anything to refresh access token, since SDKs do it internally. Even more: there's nothing to catch! So using try-catch is not applicable. All SDKs check expiration status and do refresh without need error to happen, so in any try-catch you gonna catch nothing such. 😉 While particular client object has been initialized correctly and works, you don't need to care about refreshing in any way.
cjacky475 wrote:... or what would be the best practice to get the new access token and store it for further calls until it expires? ...
As mentioned already, the simplest way is to do nothing (including once initially store your credentials don't change them). This is a good way to handle long running client object. If you construct client object for few operations in relatively short time, some optimizations may be done. To avoid refreshing the same access token meaningless, you may update stored access token (or credentials at all) at current object end of use. So on next client object' construction will not need refreshing all the time (or not mandatory, at least, but only when absolutely needed - again, handled internally). This is a good optimization step that usually don't need much more than a single line of code.
Hope this helps.
cjacky475
2 years agoExplorer | Level 3
To avoid refreshing the same access token meaningless, you may update stored access token (or credentials at all) at current object end of use.
Hi, Здравко, thanks for the answer. That's exactly what I would need to do. Could you please elabore more on when and how exactly I would need to do that for the best practice? Let's say I perform:
client.files().download("/database.sql").download(outputStream)
Now if the access token was expired, the SDK would automatically update the access token, right? How to get it to store for further client object creations?
Thanks.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,877 PostsLatest Activity: 12 months agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!