Dropbox app for web application and native mobile apps

pranava s.

Hi,

I have a Dropbox app that is being used to authenticate and authorize my web application to access resources on a user's Dropbox account. The authentication is done via OAuth 2.0 and I obtain a refresh token at the end of successful authentication.

Now I am developing an android and an iOS app and they should also be able to access user's dropbox files. I am planning to use Dropbox's Android and iOS SDK for the mobile apps. I am confused as to how can I make sure that user doesn't have reauthorize my mobile apps to grant permission to their Dropbox account if they have already done it for the web application and vice versa. Can the refresh token obtained by web application be used by mobile apps(using the SDK) to get access to resources on user's Dropbox account? Can the mobile apps get the refresh token using the SDK.

 Thanks,

Pranava

Greg-DB

The Dropbox API doesn't use refresh tokens, so you're probably referring to access tokens. For reference, access tokens for the Dropbox API don't expire by themselves, but they can be revoked manually. 

Dropbox API access tokens can be used across multiple instances of an app. E.g., an access token obtained on web can be used on mobile, and vice versa. The Dropbox API doesn't offer a way to transport those tokens between instances for you though, so you'd have to develop a secure way of doing so on your side.

One thing to note though is that some of the Dropbox SDKs (for API v1) use OAuth 1, so you wouldn't be able to use OAuth 2 access tokens in those.