Child Item

Migrating existing long term tokens to new short term tokens with Java SDK + Android

I have an existing app in production that authorizes with Dropbox using

Auth.startOAuth2Authentication

From my understanding this gives me a long term token, but after September 30th these tokens will no longer work and my requests using this token will 401.

If I change my authentication to use

Auth.startOAuth2PKCE

then I will now have a full DbxCredential which will have the short lived access token and a long lived access token. By using this with the Java SDK my tokens will automatically be refreshed.

But for my existing users where I only have a string of the long lived access token, how can I get a short lived access token and a refresh token? Will I have to call startOAuth2PKCE again and show take my users to the Dropbox app or website to re-approve?

Find more posts tagged with

API

Abuse

Accepted answers

kylea

On September 30th, we will stop issuing new long lived tokens. Existing long lived tokens will not be invalidated; this will not break for existing users. You can re-auth existing users to get them on to refresh tokens.

All comments

tahsini

PKCE is a different method that has its own unique steps. For you scenario you can continue using the standard OAuth method, and if you are already handling 401s, then no need to make code changes.

If you want to start testing short-lived access tokens, you will want to create a new OAuth URL and pass in token-access type to 'online'. Alternatively if you set it to 'offline' you will be returned a refresh token and a short-lived token. You can read more about how to work with this in our guide here.

alison9

I'm not manually handling 401s, I'm using the java sdk to make the network requests.

I know I can support short term tokens for all my future users, I'm asking what will happen to my existing users that have long lasting tokens.

kylea

fistuk

Hello, thanks for the answer. I'm still not sure whether we should just proceed using the long-lived tokens for the legacy users, or is there a way to exchange the long-lived token to a short-lived token with a refresh token?

Greg-DB

@fistuk While the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, your users can continue using existing long-lived access token(s) without interruption. Dropbox does not offer a way to exchange long-lived access tokens for short-lived access tokens with refresh tokens without having the user re-authorize the app, and you are not required to migrate users with existing long-lived access tokens to short-lived access tokens.