We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.

Forum Discussion

Andika Scofield's avatar
Andika Scofield
Explorer | Level 4
4 years ago

Migration to short-lived token

When migrating server from no expiration to short-lived token, what happen if my user still login with old flow (authorizeFromController)? is it still login? will logout directly? or will logout after 4 hours?

  • Greg-DB's avatar
    Greg-DB
    4 years ago

    Yes, that's right.

     

    If a user processed the flow with authorizeFromController before they change, they received a long-lived access token. Long-lived access tokens are now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, users can continue using those existing long-lived access token(s) even after the change.

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    Once Dropbox stops issuing new long-lived access tokens, any users processing the old authorization flow, e.g., using authorizeFromController, will still be able to authorize the app but will receive new short-lived access tokens instead of new long-lived access tokens. That means that the app will only be access the account for four hours at a time, before the new short-lived access tokens expire and return a 401 error to the app, at which point it would need to have the user re-authorize the app (like it would if the user had explicitly revoked access to the app).

    • Andika Scofield's avatar
      Andika Scofield
      Explorer | Level 4

      OK, I want to make sure again:
      - User login use authorizeFromController with short-lived token -> will expire until 4 hours.
      I've check in my app, it can't load the folder after 4 hours login.


      But what happen if:

      - User already login use authorizeFromController with no expiration token (before I change to short-lived), and then I change the token to short-lived. What happen after that?
      I've checked in my app, I can access the folder even after 4 hours. Is it true?

      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Staff rankDropbox Staff

        Yes, that's right.

         

        If a user processed the flow with authorizeFromController before they change, they received a long-lived access token. Long-lived access tokens are now considered deprecated, but we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, users can continue using those existing long-lived access token(s) even after the change.

About Discuss Dropbox Developer & API

Node avatar for Discuss Dropbox Developer & API

Make connections with other developers

795 PostsLatest Activity: 7 days ago
192 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!