Android Question API access token expired in DROPBOX

netsistemas

Active Member
Licensed User
Longtime User
Reinstalo mi aplicación con:

Dropbox-core-sdk JAR 5.1.1 (y prueba también con 5.2)​

(para solucionar este otro error:​

)




y EL NUEVO PROBLEMA ES que el token expira en 5 horas aprox.

Leí este enlace:
pero no se como resolver en b4x

el nuevo token tiene un texto similar a este:
sl.BGZp2KQIbO-EQauhExxxxxEYkyuQI_NwYEzsG0G5XeG_6hS8CS5jvzyZ7_PXC6YbAOgSxxxxxWP1x1vdGiYITcXg6An6BQhp15XjWuwWrk_7_uxxxxx6-n-nKWJb4YCOrK-xXsJ9wkcd

el token comienza con sl. y leí que el token con este inicio y duración solo funciona 5 horas.

en

el botón 'generar token de acceso' devuelve un token similar.
aplicación b4x, devuelva también, un token similar.

como resolver
 
Last edited:

behnam_tr

Active Member
Licensed User
check this :


i'm using this way and is ok
 
Upvote 0

DonManfred

Expert
Licensed User
Longtime User
and THE NEW PROBLEM IS that the token expire in 5 hour aprox
where does the token came from? How you did created it?
Are you using OAUth2 and the REST Api from dropbox?
 
Upvote 0

netsistemas

Active Member
Licensed User
Longtime User
I use DropBoxV2 0.44

B4X:
    Public  DB_auth As DbxAuth
    Public  DB_token As String
    Public  DB_AppKey As String  ="gstrexxxxxxxxxx"
   
   
    'in create:
        DB_auth.Initialize(DB_AppKey)
       
    'when db_token is empty: this open navegator
        DB_auth.startOAuth2Authentication
       
'in resume after close navegator and authorize:
DB_token = modExtintores.db_auth.OAuth2Token

and then token are:
sl.blablablablablabla

only 4 hours available.

(i don't know this libreary:

i view this in soucr code java 5.2.0 library and the new method i think are correct: (new method startOAuth2PKCE , may be, is ok)
B4X:
    public static void startOAuth2Authentication(Context context, String app_key, List<String> scope) {
        if (USE_SLT) {
            Auth.startOAuth2PKCE(context, app_key, DbxRequestConfigFactory.getRequestConfig(), scope);
        } else {
            Auth.startOAuth2Authentication(context, app_key);
        }
    }
 
Upvote 0

DonManfred

Expert
Licensed User
Longtime User
may be, is ok
the upper one is when using ShortLifeToken, the second for any other. At least
B4X:
if (USE_SLT)
let me think so.

Dropbox-Library IS using the second one already. At least in my Version...
Honestly it is of newer date than the published one. I have V0.62
I´ll do an update today. Check it with the new Version again and let me know....
 
Upvote 0

netsistemas

Active Member
Licensed User
Longtime User
the file: DropboxActivity.java
in sdk-java5.2 have this code:

private final static boolean USE_SLT = true; //If USE_SLT is set to true, our Android example
// will use our Short Lived Token.

if USE_SLT is true, may be this is the problem... the SDK is compile with ShortLivedToken.
Changin to FALSE?

I don't know how recompile the library...

And, the last version of your library bublish is 0.44
when download the v0.62?
i need wait you acción?
(sorry for my english)
 
Upvote 0

netsistemas

Active Member
Licensed User
Longtime User
thanks and sorry, i don't speak english and the translator no say me all your message perfect for me....future, past, present... is dificult translate for me.
 
Upvote 0

DonManfred

Expert
Licensed User
Longtime User
B4X:
@ShortName("DbxAuth")
public class AuthWrapper {
    private BA ba;
    private String key;
    public void Initialize(final BA ba, String appKey) {
        this.ba = ba;
        this.key = appKey;
    }
  public String getOAuth2Token() {
      return Auth.getOAuth2Token();
  }
  public void startOAuth2Authentication(BA ba) {
        Auth.startOAuth2Authentication(ba.context, key);
  }
[...]
}

As you can see in the wrappercode for DbxAuth: calling startOAuth2Authentication will use the same code as in the example-code you postet above.
 
Upvote 0

netsistemas

Active Member
Licensed User
Longtime User
B4X:
public static void startOAuth2Authentication(Context context, String app_key, List<String> scope) {
        if (USE_SLT) {
            Auth.startOAuth2PKCE(context, app_key, DbxRequestConfigFactory.getRequestConfig(), scope);
        } else {
            Auth.startOAuth2Authentication(context, app_key);
        }
    }

your code execute :
Auth.startOAuth2PKCE(context, app_key, DbxRequestConfigFactory.getRequestConfig(), scope);
beacuase USE_SLT is TRUE (Public Var)

but, you sure, understand all problem and
solution?
---
NO.NO.. SORRY... you call auth.startOAuth2Authentication OK.
 
Upvote 0

DonManfred

Expert
Licensed User
Longtime User
your code execute :
Auth.startOAuth2PKCE(context, app_key, DbxRequestConfigFactory.getRequestConfig(), scope);
beacuase USE_SLT is TRUE (Public Var)
NO! My code do not use this code. My wrapper IS using this code
B4X:
Auth.startOAuth2Authentication(context, app_key);
 
Upvote 0

netsistemas

Active Member
Licensed User
Longtime User
write in my english:

and the problem, may be than we need execute the other method:
Auth.startOAuth2PKCE

i read this link:


but i can't understand what is the new funcionalitiy.
old call are no correct,
and new call are for short time?
uff, It is strange think.

-----------
write with transalte from spanish to english (google translattion):

maybe now you have to execute:
Auth.startOAuth2PKCE


because the old call says that it is out of date, and the new one that it is for short times.
I can't understand it.
 
Upvote 0

netsistemas

Active Member
Licensed User
Longtime User
ah.. important,
the console dropbox return me always short time token (sl.blablabla)
 
Upvote 0

netsistemas

Active Member
Licensed User
Longtime User
i write to dropbox and this is the message:

I GO TO CHANGE to FTP.... (or find some token in other dispotive!!!! amaizing)


Hubert, Apr 26, 2022, 8:28 AM PDT:

Hi,

Dropbox is in the process of switching to only issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here.

Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation.

For reference, while the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption, if you have any. Also, note though that after the change you won't be able to create new long-lived access tokens.

While the change began on September 30th 2021, we're releasing it gradually, so you may not have seen your app(s) affected until now. Once it applies to your app, it would apply regardless of the "Access token expiration" setting for your app, and that setting may no longer be available for your app.

Note that this is something that would need to be implemented by the programmer of the app though, so if you are not the programmer responsible for this integration, you may need to get an update from them to support this.

Regards,
Hubert




Roberto Alonso, Apr 26, 2022, 8:17 AM PDT:

App name: Roberto AV
Platform: java (b4x)
SDK/library: dropbox-sdk-java-5.2.0

Details:
your console (https://www.dropbox.com/developers/) alway returnme a token sorti time:
sample:

sl.BGf0f4DqEHDFmnpgwKhr92C8u-rqAsxjuZ9OrzWGfPaCCEK_MTI72t1-2IUBQO3vnblablablablablablabla

this token only are available for 4 hour.
how get long time (without expiration).
 
Upvote 0

netsistemas

Active Member
Licensed User
Longtime User
I have found an old TOKEN on a device that I no longer use. I have copied the token-code and included in my APP and now it works.
It is not the solution, because I think that Dropbox will eliminate these tokens one day, although at the moment it says that they will continue to be operational.

I also don't understand how a token from another device can be copied and included in my APP. It is true that my APP has an application code, but I see it as a huge security problem. Perhaps for this reason, DROPBOX wants to suppress them.

I suppose that with the application code and the TOKEN, dropbox knows which account it is linked to, since my developer account is different from the client account. We have 2 different dropbox accounts.
I will be attentive to this post, in case someone gives me more clarity.
Thank you DonManfred for all your support, both on this issue and on many others. You will be invited to a beer. What less!!
 
Upvote 0

DonManfred

Expert
Licensed User
Longtime User
although at the moment it says that they will continue to be operational
this happens to me too as i only use token created in the appconsole and only for my private apps (no playstore).
I also don't understand how a token from another device can be copied and included in my APP
A token can be used if it is valid. You should not publish an app having a hardcode token as it can be stolen.

BTW: I tried three different Auth-methods yesterday using the java sdk. ALL of them (include Auth.startOAuth2PKCE) return a sl.* Token.
 
Upvote 0

netsistemas

Active Member
Licensed User
Longtime User
Well, I'm afraid that this new functionality of DROP-BOX is going to cause many problems. I understand the security problem that a fixed token in an APP entails, but I have no other choice. My app is not in play-store. They eliminated it for having my client's LOGO. So now I also distribute it from DROPBOX, but that's another story.

I have begun to transform the sending of files, through an FTP system as I do in other cases. The question will be to justify all these hours of work to my client and see how I can pass them on. Sorry, OUR working hours.
Thanks again for your support.
 
Upvote 0
Top