Child Item

Server-side application with NO way to use the standard OAuth flow

One of our server-side applications should be able to access all of our Dropbox Business files. This application is exclusively meant for use by our own organization, for background file handling, meaning that we are not planning to ever "Apply for production" (= open up to external users) this app through Dropbox's App console.

Right now we're using a Generated access token (No expiration).

And we pass that long-lived token to the DropboxClient constructor that's in the Dropbox SDK for .NET

using (var client = new DropboxClient(oauth2Token))
{
  // Perform actions here
}

I've read that long-lived tokens are deprecated, although there are no concrete plans yet(?) to actually disable them.

Still I'd like to know: can we switch to a short-lived token today?

Which we also generate through the App console and pass to the DropboxClient in the same way. But now also get a Refresh Token that's needed to replace the short-lived token, as soon as it expires. All without involving a user (i.e. have no interactive OAuth flow at all).

Or should we simply not worry about this until the long-lived tokens are actually announced to be disabled by the Dropbox team?

Thanks,

Richard

Find more posts tagged with

API

Abuse

Comments

kylea

Applying for production is only required if your application intends to link more than 50 users.

Your application may use refresh tokens to retrieve new access tokens without needing to apply for production access. Refresh tokens do not expire; you may pass them to the SDK which will then automatically retrieve new access tokens as required. You can switch to this methodology now.

You will need to complete an OAuth to retrieve a refresh token; they are not returned in the 'generate access token' section of the developer console. This OAuth will only be required once (per account) to retrieve a refresh token.

RosenPetrov

Hello,

Can you elaborate a bit more on how to refactor the code to accomplish what you said? I am looking into the examples https://github.com/dropbox/dropbox-sdk-dotnet/tree/main/dropbox-sdk-dotnet/Examples but seems that they actually include more things that this needs like some redirect URLs, JS handling, etc. Which example could I follow?

Greg-DB

@RosenPetrov The examples you linked to are the current samples for implementing the OAuth app flow with the Dropbox .NET SDK. Are they not working for you, or can you clarify what you're stuck on?

Rosen Petrov

Hi,

I am looking into the 'SimpleTest' and I see these LoopbackHost, RedirectUri and JSRedirectUri but in my case I need this Authentication to happen in a background without user interaction. Could you point me in the right direction how I could accomplish that. Maybe some high level steps but not code would be enough.

Thanks 🙂

Greg-DB

@Rosen Petrov It is not possible to get authorization to access an account purely via a background process. Authorizing an app requires manual user interaction the first time, for the user to indicate to Dropbox that they want to allow the app to access their account. After that though, the app can store and re-use the resulting access token and optional refresh token to make further API calls without further manual user interaction. I recommend reading the OAuth Guide for more information on how this process works at a high level.