Android Question API access token expired in DROPBOX

[netsistemas]

Reinstalo mi aplicación con:

Dropbox-core-sdk JAR 5.1.1 (y prueba también con 5.2)​

(para solucionar este otro error:​

DropboxV2 library cannot run dbxFiles_DownloadFinished

Dear All, I am using DropboxV2, Vesion 0.44 Library with dropbox-sdk-java-5.0.jar But from April 13, 2022, Sub dbxFiles_DownloadFinished(success As Boolean, meta As FileMetadata, error As String) and Wait For dbxFiles_DownloadFinished(success1 As Boolean, meta As FileMetadata, error As String)...

www.b4x.com

)




y EL NUEVO PROBLEMA ES que el token expira en 5 horas aprox.

Leí este enlace:

API access token expired | The Dropbox Community

Hi, i am using some of the http api endpoints to upload or download files. As i saw in the documentation the API access tokens never expire but can only be...

www.dropboxforum.com

pero no se como resolver en b4x

el nuevo token tiene un texto similar a este:
sl.BGZp2KQIbO-EQauhExxxxxEYkyuQI_NwYEzsG0G5XeG_6hS8CS5jvzyZ7_PXC6YbAOgSxxxxxWP1x1vdGiYITcXg6An6BQhp15XjWuwWrk_7_uxxxxx6-n-nKWJb4YCOrK-xXsJ9wkcd

el token comienza con sl. y leí que el token con este inicio y duración solo funciona 5 horas.

en

Login or Sign Up - Dropbox

Login to Dropbox. Bring your photos, docs, and videos anywhere and keep your files safe.

www.dropbox.com

el botón 'generar token de acceso' devuelve un token similar.
aplicación b4x, devuelva también, un token similar.

como resolver

 

[behnam_tr]

check this :

how use OAuth2 class for dropbox ??

how use OAuth2 class for dropbox ?? for upload and download file from dropbox i test any other dropbox libs for b4j but without result also i want to any user could upload to his account form this app https://www.b4x.com/android/forum/threads/class-b4x-google-oauth2.79426/#content

b4x.com

i'm using this way and is ok

 

[DonManfred]

and THE NEW PROBLEM IS that the token expire in 5 hour aprox

where does the token came from? How you did created it?
Are you using OAUth2 and the REST Api from dropbox?

 

[netsistemas]

I use DropBoxV2 0.44

    Public  DB_auth As DbxAuth
    Public  DB_token As String
    Public  DB_AppKey As String  ="gstrexxxxxxxxxx"
   
   
    'in create:
        DB_auth.Initialize(DB_AppKey)
       
    'when db_token is empty: this open navegator
        DB_auth.startOAuth2Authentication
       
'in resume after close navegator and authorize:
DB_token = modExtintores.db_auth.OAuth2Token

and then token are:
sl.blablablablablabla

only 4 hours available.

(i don't know this libreary:

how use OAuth2 class for dropbox ??

how use OAuth2 class for dropbox ?? for upload and download file from dropbox i test any other dropbox libs for b4j but without result also i want to any user could upload to his account form this app https://www.b4x.com/android/forum/threads/class-b4x-google-oauth2.79426/#content

b4x.com

i view this in soucr code java 5.2.0 library and the new method i think are correct: (new method startOAuth2PKCE , may be, is ok)

    public static void startOAuth2Authentication(Context context, String app_key, List<String> scope) {
        if (USE_SLT) {
            Auth.startOAuth2PKCE(context, app_key, DbxRequestConfigFactory.getRequestConfig(), scope);
        } else {
            Auth.startOAuth2Authentication(context, app_key);
        }
    }

 

[DonManfred]

may be, is ok

the upper one is when using ShortLifeToken, the second for any other. At least

if (USE_SLT)

let me think so.

Dropbox-Library IS using the second one already. At least in my Version...
Honestly it is of newer date than the published one. I have V0.62
I´ll do an update today. Check it with the new Version again and let me know....

 

[netsistemas]

the file: DropboxActivity.java
in sdk-java5.2 have this code:

private final static boolean USE_SLT = true; //If USE_SLT is set to true, our Android example
// will use our Short Lived Token.

if USE_SLT is true, may be this is the problem... the SDK is compile with ShortLivedToken.
Changin to FALSE?

I don't know how recompile the library...

And, the last version of your library bublish is 0.44
when download the v0.62?
i need wait you acción?
(sorry for my english)

 

[DonManfred]

Changin to FALSE?

I DID NOT COMPILE it at all.I just download them from maven and use them.

 

[DonManfred]

when download the v0.62?
i need wait you acción?

As written above i´ll publish a new version today. As of now i am at work.

 

[netsistemas]

thanks and sorry, i don't speak english and the translator no say me all your message perfect for me....future, past, present... is dificult translate for me.

 

[DonManfred]

is dificult translate for me

Your translations are hard to understand for me either. ;-)
Most translations-websites are crap. Even google translate is.

 

[DonManfred]

@ShortName("DbxAuth")
public class AuthWrapper {
    private BA ba;
    private String key;
    public void Initialize(final BA ba, String appKey) {
        this.ba = ba;
        this.key = appKey;
    }
  public String getOAuth2Token() {
      return Auth.getOAuth2Token();
  }
  public void startOAuth2Authentication(BA ba) {
        Auth.startOAuth2Authentication(ba.context, key);
  }
[...]
}

As you can see in the wrappercode for DbxAuth: calling startOAuth2Authentication will use the same code as in the example-code you postet above.

 

[netsistemas]

public static void startOAuth2Authentication(Context context, String app_key, List<String> scope) {
        if (USE_SLT) {
            Auth.startOAuth2PKCE(context, app_key, DbxRequestConfigFactory.getRequestConfig(), scope);
        } else {
            Auth.startOAuth2Authentication(context, app_key);
        }
    }

your code execute :
Auth.startOAuth2PKCE(context, app_key, DbxRequestConfigFactory.getRequestConfig(), scope);
beacuase USE_SLT is TRUE (Public Var)

but, you sure, understand all problem and
solution?
---
NO.NO.. SORRY... you call auth.startOAuth2Authentication OK.

 

[DonManfred]

your code execute :
Auth.startOAuth2PKCE(context, app_key, DbxRequestConfigFactory.getRequestConfig(), scope);
beacuase USE_SLT is TRUE (Public Var)

NO! My code do not use this code. My wrapper IS using this code

Auth.startOAuth2Authentication(context, app_key);

 

[netsistemas]

write in my english:

and the problem, may be than we need execute the other method:
Auth.startOAuth2PKCE

i read this link:

Java SDK - No refresh token? | The Dropbox Community

Hey, i try to get the refresh token with the Java SDK (Android App). I start authentication with...

www.dropboxforum.com

but i can't understand what is the new funcionalitiy.
old call are no correct,
and new call are for short time?
uff, It is strange think.

-----------
write with transalte from spanish to english (google translattion):

maybe now you have to execute:
Auth.startOAuth2PKCE


because the old call says that it is out of date, and the new one that it is for short times.
I can't understand it.

 

[netsistemas]

ah.. important,
the console dropbox return me always short time token (sl.blablabla)

 

[netsistemas]

i write to dropbox and this is the message:

I GO TO CHANGE to FTP.... (or find some token in other dispotive!!!! amaizing)


Hubert, Apr 26, 2022, 8:28 AM PDT:

Hi,

Dropbox is in the process of switching to only issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here.

Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation.

For reference, while the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption, if you have any. Also, note though that after the change you won't be able to create new long-lived access tokens.

While the change began on September 30th 2021, we're releasing it gradually, so you may not have seen your app(s) affected until now. Once it applies to your app, it would apply regardless of the "Access token expiration" setting for your app, and that setting may no longer be available for your app.

Note that this is something that would need to be implemented by the programmer of the app though, so if you are not the programmer responsible for this integration, you may need to get an update from them to support this.

Regards,
Hubert

​

---

Roberto Alonso, Apr 26, 2022, 8:17 AM PDT:

App name: Roberto AV
Platform: java (b4x)
SDK/library: dropbox-sdk-java-5.2.0

Details:
your console (https://www.dropbox.com/developers/) alway returnme a token sorti time:
sample:

sl.BGf0f4DqEHDFmnpgwKhr92C8u-rqAsxjuZ9OrzWGfPaCCEK_MTI72t1-2IUBQO3vnblablablablablablabla

this token only are available for 4 hour.
how get long time (without expiration).

 

[DonManfred]

i write to dropbox and this is the message

He is only talking about the use of OAuth and refreshtoken.
No single word about the use of their java SDK.

I´ll investigate

 

[netsistemas]

I have found an old TOKEN on a device that I no longer use. I have copied the token-code and included in my APP and now it works.
It is not the solution, because I think that Dropbox will eliminate these tokens one day, although at the moment it says that they will continue to be operational.

I also don't understand how a token from another device can be copied and included in my APP. It is true that my APP has an application code, but I see it as a huge security problem. Perhaps for this reason, DROPBOX wants to suppress them.

I suppose that with the application code and the TOKEN, dropbox knows which account it is linked to, since my developer account is different from the client account. We have 2 different dropbox accounts.
I will be attentive to this post, in case someone gives me more clarity.
Thank you DonManfred for all your support, both on this issue and on many others. You will be invited to a beer. What less!!

 

[DonManfred]

although at the moment it says that they will continue to be operational

this happens to me too as i only use token created in the appconsole and only for my private apps (no playstore).

I also don't understand how a token from another device can be copied and included in my APP

A token can be used if it is valid. You should not publish an app having a hardcode token as it can be stolen.

BTW: I tried three different Auth-methods yesterday using the java sdk. ALL of them (include Auth.startOAuth2PKCE) return a sl.* Token.

 

[netsistemas]

Well, I'm afraid that this new functionality of DROP-BOX is going to cause many problems. I understand the security problem that a fixed token in an APP entails, but I have no other choice. My app is not in play-store. They eliminated it for having my client's LOGO. So now I also distribute it from DROPBOX, but that's another story.

I have begun to transform the sending of files, through an FTP system as I do in other cases. The question will be to justify all these hours of work to my client and see how I can pass them on. Sorry, OUR working hours.
Thanks again for your support.