Child Item

Andriod App to Only use short tokens

Hello,

All this is quite new to me but I've read many post regarding new workflow. Thus, sorry if what I am saying makes no sense.

I've read that using startOAuth2PKCE uses the new flow. However, this uses refresh tokens as well. What happens if I just want to use short lived tokens and ask the user to re-authenticate when the short lived tokens expires. Is there another function to use for that purpose?

Find more posts tagged with

API

Abuse

Accepted answers

Greg-DB

No, the authorization functionality for Android in the Java SDK automatically requests "offline" access (i.e., to retrieve a refresh token), and doesn't offer the ability to configure that. I'll pass this along as a feature request, but I can't promise if or when that might be implemented.

(For reference, the DbxWebAuth functionality does offer the ability to specify the token type, but that's not meant or built for use on Android.)

All comments

Greg-DB

(For reference, the DbxWebAuth functionality does offer the ability to specify the token type, but that's not meant or built for use on Android.)

raymondc

Thank you for the quick reply.

One more question.

If I use this version of startOAuth2PKCE with scope set to null

public static void startOAuth2PKCE(Context context, String appKey,
                                                 DbxRequestConfig requestConfig) {

Would this gives all permissions to do anything in dropbox(upload, download,...)?

Greg-DB

If you don't specify "scope", it will default to requesting the set of scopes enabled for your app (on the App Console) at the time of authorization.

raymondc

Thanks for the clarifications.