API v2 access token validity and authorization redirect URL response

Question

Is it correctly understood that the token I get from a user after the authorization flow, is valid until the user revokes it?  Meaning I can just store it securely in the app and use it each time it's needed?

Second question. If I can not close the browser that presented the dropbox authentication dialog (on calling redirect_uri, is there anything I can return that will says success or possible close the browser window?

Thanks in advance

Odin

Greg-DB · Accepted Answer

That's correct, a Dropbox API access token doesn't expire by itself, but it can be revoked at any time, by either the user or app. That being the case, your app should store and re-use the access token for a user.

What you can do with the final state of the browser in the app authorization flow depends on exactly how you have it implemented. Can you elaborate on how your setup currently works? Specifically, are you using an embedded browser or the external system browser, which OAuth 2 flow are you using, and what, if any, redirect URI are you using?

Greg-DB · Accepted Answer

Thanks for following up. In that case, returning an HTML success page like that is the best solution.

Note that we don't recommend using an embedded web view, as the Google Sign In flow won't work with that in the future:

https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html