Authorization code flow expiration of offline token access type

Question

Hi! I want to get long live connection from an application to Dropbox App folder. The recommended OAuth authorization in that case is authorization code flow with offline token access type. After initial authorization application get , and . Is the / expires and how long for *offline* token access type?

Greg-DB · Accepted Answer

Whether using "offline" access or not, "authorization codes" can each only be used once, and are only valid for a short period of time. Apps should use authorization codes once immediately upon receiving them.

"Refresh tokens" do not expire by default, and can be stored and re-used repeatedly for further API calls without the user present. Refresh tokens can be revoked on demand though.