Re-issuing a new refresh token for an App disallows AppFolder uploads.

JonasFL

We've encountered an issue recently in our production integration with the Dropbox API.

 

If a user authorizes our Dropbox App (thereby issuing us a refresh token), an AppFolder is created, in which we can upload resources.

If that same uses authorize that same Dropbox App again (thereby issuing a new refresh token), we are seemingly no longer permitted to access the AppFolder of the App.

If the user manually deletes the AppFolder and then authorizes the App, we're once again allowed to upload resources to the AppFolder.

 

It seems as if an authorization (i.e. a refresh token) is tied to a specific instance of the AppFolder, disallowing future authorizations of the same application to access the AppFolder until a new AppFolder is created. Is this the case?

 

This has not been a problem before recently. Have we missed some changes done to authorization rules?

Greg-DB

App folders shouldn't be tied to specific refresh tokens/access tokens only, nor should subsequent re-authorizations automatically invalidate previous authorizations.

 

I just tried this out myself and I didn't see the behavior you described.

 

If this isn't working as expected for you, please share the exact steps to reproduce the issue, including relevant code snippets, and the unexpected error/output you're getting so we can investigate. Thanks!