How to handle OAuth2 keys if they only last four hours

Question

Hey guys,

I developed a Dropbox app using Dropbox developers that is supposed to be used to upgrade a TI MCU over the air. I noticed that there is a note that the "no expiration" option for the OAuth2 key that says that it is going to be deprecated. The only other option looks like the tokens expire every four hours. How are we supposed to run OTA updates on firmware if the token is expiring every four hours? The token is stored in firmware on the MCU side, so would we have to update firmware every four hours to generate new tokens? That doesn't seem very realistic.

Thanks in advance!!
Charles

Greg-DB · Accepted Answer

If the app needs long-term access (i.e., longer than four hours) without manual user interaction, it should request "offline" access during the OAuth app authorization flow. In that case, it will receive a "refresh token" that it can use to programmatically get a new short-lived access token at any point in time, without further manual user interaction.

You can find more information in the following resources:

* https://www.dropbox.com/lp/developers/reference/oauth-guide
* https://www.dropbox.com/developers/documentation/http/documentation#authorization
* https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens