Is this project still active?

[vhatzist]

Hello,

Dropbox has announced changes in their token access system:

https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens

On September 30th, 2021 Dropbox will retire the old token system.

There were no code updates in this project since 2017 so I wonder whether there is a plan to implement the required changes before that.

[vhatzist]

Is there an update please?

[s-aska]

@vhatzist Hello,

Began scrutinizing the contents.

If it is determined that the code needs to be modified, I will take care of it.

[softwrx]

The 2.09 release has a new auth routine that will use the refresh token to get a new access token. You still have to get the refresh token which will mean an auth iteration with some updated code.

I'm using this to work with short lived access tokens for a command line tool that I use to create shared links to files in Dropbox that expire similar to how the Dropbox Transfer service does, since Transfer doesn't seem to have any API for it yet (if it ever will).

[PhilMakower]

@softwrx you say there's a new auth routine to use the refresh token. How do we call this? Presumably, the refresh token must be stored locally, as well as the auth token while valid. How do you know when the auth token has expired?

I found an old 'deprecated' perl script using this library, and want to get it working. It assumes the auth tokens are long lived, as they were at the time the script was written. Now that auth tokens are all short lived, we need a way to detect the expiration, and to store the refresh token from the original authorization.

[softwrx]

@PhilMakower ,

Yes, you'll need to do some work to get the refresh token, that's the key. Once you have the refresh token you can use that to request a short lived access token.

Below is some very basic code showing how to do this:

my $dropbox = WebService::Dropbox->new({
    key    => $DROPBOX_APP_KEY,
    secret => $DROPBOX_APP_SECRET,
});
$auth_result = $dropbox->refresh_access_token($DROPBOX_REFRESH_TOKEN) or die $dropbox->error;
if ((not exists  $auth_result->{'access_token'}) or
    (not defined $auth_result->{'access_token'})) {
    die "ERROR: Did not get a valid access token, unable to proceed\n";
}

As for getting the refresh token, I think it was available either in the API page at dropbox, or after the app initialization. I don't recall. I will see if I can find the details, and will follow up again if I do.

The app key, secret, and refresh tokens need to be saved outside the library. As for the best method to save them, that really depends on the security the application needs. Low security environments can just stuff them in a text file somewhere and read/write/update with some wrapper functions as needed. Higher security will need something different.

The access token can be saved and re-used as well, though the short-lived nature of it means you'll still need to test it, and potentially refresh it, often.

It's been a while, I'm not sure the expiration of the short lived access token is available. Instead, when it fails to auth, use the refresh token to request a new access token. Or, in the case of the script I'm using this in, it's run so infrequently I just refresh the access token when it starts, and don't even try to use it first.

Hope this helps.