Child Item

Dropbox Api oauth2/authorize grant_type client_credential

In my app we have chosen the personal mailbox as the main service in the cloud to synchronize data with the central system.
We currently have our customers who sign up for the service with our app generate an account and generate an access token directly from the console which will then be used by the app to connect to dropbox. I have read that from September 2021 tokens without exipered will no longer be able to be generated. So I was wondering if dropbox implements the client_credential grant_type to generate a token without the user logging in to allow my app to connect with dropbox. If it's not there, will it ever be implemented by dropbox?

Find more posts tagged with

API

Abuse

Comments

Greg-DB

The Dropbox API does not support the "client_credential" grant type, but I'll pass this along as a feature request. I can't promise if or when that might be implemented though.

Laura Ruggeri

I imagined and from what I understand you do not give a certain solution.
For those who have developed processes that do not require user intervention, what should we do?
Migrate to another platform?

Greg-DB

While the initial authorization needs manual user intervention to authorize the app, the user does not need to be present after that. If your app requires long-term access without the user present, you should request "offline" or "background" access via the OAuth app authorization flow. That way, you can get a refresh token that you can use to retrieve short-lived access tokens whenever needed without further manual user intervention.

Please refer to the OAuth Guide and documentation, as well as this post, for more information.

Laura Ruggeri

Ok. Is this approach implemented in the C # SDK by Dropbox.Api?
Since from the console platform you give the possibility to generate an access token, wouldn't it be possible to generate a refresh token to be used later by applications to request the access token?

Greg-DB

The official Dropbox API v2 .NET SDK does support short-lived access tokens and refresh tokens. You can find example code here.

The "Generate" button on the app info page on the App Console does not currently offer the ability to generate a refresh token, but I'll pass this along as a feature request. I can't promise if or when that might be implemented though.