owncloud / files_external_dropbox

📦 App for Integration of Dropbox
GNU General Public License v2.0
13 stars 5 forks source link

Dropbox API needs an update to continue being operational #113

Open mmattel opened 3 years ago

mmattel commented 3 years ago

Got the following reminder per eMail

Dropbox API possibly needs an update

We’ll be making a few updates around ID formats & tokens this September and to TLS support early next year—you’ll want to review to ensure your app handles these correctly. Notice: TLS 1.0 & 1.1 Deprecation

Beginning February 1st 2022, the Dropbox API will require that calls use TLS 1.2. Traffic using TLS 1.0 or 1.1 will be rejected.

The latest Dropbox SDKs will select the best TLS version for the environment, but SDKs over two years old may require updates. In particular:

Typically no action is required for applications built with up-to-date libraries in modern environments, as TLS 1.2 has been available on major mobile & desktop operating systems since 2014.

Developers whose application may be run in older or unusual environments should investigate to ensure compatibility.

Reminder: ID formats As a reminder, on September 30th, 2021, the Dropbox API will begin returning new namespace IDs as strings with the format String(pattern="[-0-9a-zA-Z:]+"). That means that namespace IDs may contain letters, numbers, and the symbols “-”, “", and “:”.

Namespace IDs refer to folder permission spaces. They are used in the API to refer to shared folders, team folders, and root folders. They may also be used in path arguments. Field names such as ns_id, target_ns_id, previous_parent_ns_id, new_parent_ns_id, root, namespace_id, shared_folder_id, parent_shared_folder_id, team_folder_id, team_folder_ids, root_namespace_id, home_namespace_id, member_folder_id and nspath would be impacted by this change.

While the Dropbox API specification has indicated the string data type for these fields, the actual values returned by the API have been string representations of integers. We’re notifying you in case your application’s code and data storage can’t handle this string pattern. If your app already handles and stores these values as string types rather than integers, no action is required.

Action required: tokens and permissions As a reminder, on September 30th, 2021, the Dropbox OAuth flow will no longer return new long-lived access tokens. It will instead return short-lived access tokens, and optionally return refresh tokens. Existing tokens are not impacted.

Apps that require background access will need to update their code to use refresh tokens, which is made easier by using our updated SDKs. All other apps should ensure that users are directed to re-authorize upon token expiration.

The Dropbox API now supports more granular permission scopes. While you review your application’s OAuth flow, be sure to check for scopes that may not be required.

For detailed instructions, please see:

Apps created after September 17th, 2020 are already using short lived tokens & scopes.

Reminder: Team Reports APIs End of Life The Team Reports APIs (such as reports/get_activity, get_devices, get_membership, and get_storage) were deprecated in 2020, and as of July 1st 2021 are retired.

The reports APIs provided aggregate statistics. Membership, storage, device usage, and storage information can be found from other Business API endpoints.

Platform updates As you review these changes, be sure to check out the latest additions to the Dropbox platform. The Dropbox developer blog is the best place to find developer feature announcements, tutorials, and resources.

For example, we’ve recently updated the API to enable creating and updating Dropbox Paper docs. These paper documents are accessible through the file APIs. If you have any questions, visit our developer forum or submit a ticket.

Thanks, -The Dropbox Platform Team

domako commented 2 years ago

As dropbox now only work with short lived tokens, new created connections do not work any more. The setting that was available in dropbox to avoid the expiry does not exist anymore.