Child Item

Access Token for App which accesses a single dropbox account but doesn't require users to login

I have an app developed many years ago, a data collection/questionnaires app. The users of the app are able to upload files and these are sent to a single dropbox account owned by the client as opposed to users logging in and acting on their own dropbox accounts. I used to be to ask the client to generate an access token from their App console and we could use this for long term access to the account. In this scenario the users of the app have no way to authorize access to the clients account via the oAuth flow so we need a long term access token. The access tokens generated from the app console now seem to expire after a day and it would be impractical to ask the client to generate new ones every day. What is the recommended approach in this situation without having to implement the oAuth flow?

Thanks

Find more posts tagged with

Developers

Comments

Greg-DB

You should implement the OAuth app authorization flow to let your end-user(s) (in this case, your client) connect their Dropbox account, rather than have them register their own app. It is not possible to get a refresh token (i.e., for long-term access) without doing so.

For reference, we do not recommend having end-users create/register apps themselves on Dropbox and then use the Generate button like this. The developer of the app/plugin/integration should register it once, and then implement the OAuth app authorization flow in the app/plugin/integration so that the end-users can authorize it to access their accounts without having to register and configure it themselves. That would apply to both the previous long-lived access token functionality, as well as the new short-lived access token and refresh token functionality. Previously, the user would need to process the OAuth app authorization flow once to get the long-lived access token. Now, they would do the same, and the app gets a short-lived access token and refresh token the same way, instead of a long-lived access token. The process would look the same to the end-user in both cases. The app would store and re-use the long-lived access token, or the refresh token, respectively.

ben91082

Thanks very much for the explanation. I expected that this would be the case but hadn't given up hope that there would be a quick solution to keep the app going without the extra development time incurred by implementing OAuth flow!