I recently updated my Android app to use OAuth code flow with PKCE, with refresh tokens. I am now working to update my Java Desktop application to also use PKCE with refresh tokens, and while looking at the examples I noticed a difference, in the way the DbxCredential is handled.
For android (https://github.com/dropbox/dropbox-sdk-java/blob/master/examples/android/src/main/java/com/dropbox/core/examples/android/DropboxClientFactory.java) it seem that a new DbxCredential object is created, using information from another DbxCredential object that was de-serialized (from stored preferences), which is then used to create the Client:
public static void init(DbxCredential credential) {
credential = new DbxCredential(credential.getAccessToken(), -1L, credential.getRefreshToken(), credential.getAppKey());
if (sDbxClient == null) {
sDbxClient = new DbxClientV2(DbxRequestConfigFactory.getRequestConfig(), credential);
}
}
which is what I do in my Android App.
In the Java example (https://github.com/dropbox/dropbox-sdk-java/blob/master/examples/account-info/src/main/java/com/dropbox/core/examples/account_info/Main.java) it seems like it just uses one DbxCredential object created by de-serializing, without using the info to create a new DbxCredential object:
// Use DbxCredential instead of DbxAuthInfo.
DbxCredential credential;
try {
credential = DbxCredential.Reader.readFromFile(argAuthFile);
}
catch (JsonReader.FileLoadException ex) {
System.err.println("Error loading <auth-file>: " + ex.getMessage());
System.exit(1); return;
}
I'm just wondering why there is a difference? In the second example, is the Refresh token actually being refreshed?
Thanks for your help.
