How to refresh the Access token from using refresh token when expired

[chimpa]

I am moving the Dropbox app authentication flow to use short lived tokens with refresh tokens. I need the app to work just like it worked with a long lived tokens before.

I learned that I can get a refresh token and use that in subsequent calls to SDK methods without reauthorizing the access.

1. I understand that once the initial Access token is expired, it is no longer usable. But we continue to use the refresh token without updating the access token. Is there a way that I can get a new Access Token using the refresh without going through the authorization process again? (I want this to be happened without end user action)

2. Although we dont update the Access token, I believe the SDK is retrieving a new access token in the background, every time we call a method using the refresh token. But I dont find a method that returns this new Access token. If I get this Access token, I can store it and use it again within the allowed period. This will reduce some calls done in the SDK to get a new Access token.

Can you please answer the above and verify if my understanding is correct?

Versions

• What version of the SDK are you using? 5.5
• What version of the language are you using? .net 4.8
• What platform are you using? Web based

[greg-db]

Is there a way that I can get a new Access Token using the refresh without going through the authorization process again?

Yes, performing the refresh process using the refresh token retrieves a new short-lived access token, and doesn't require any manual user interaction.

I believe the SDK is retrieving a new access token in the background, every time we call a method using the refresh token

While the SDK does automatically perform the refresh process for you, it does not necessarily do it for every call. It will only do so when it needs to. (You can see the logic for this in the SDK's code here.)

I don't believe the SDK offers a way to retrieve the current short-lived access token itself, but I'll pass this along as a feature request. I can't promise if or when that might be implemented though.

[tipa]

Any updates on this?
If we can't access the new access token, then the SDK would need to do a access token refresh every single time after initialization (because we can only hand over the initial (expired) access token in the DropboxClient constructor). Is this really expected behavior?

[greg-db]

@tipa This request for the ability to retrieve the current short-lived access token is still open with the team, but I don't have any news on it right now. And yes, that's correct, the SDK will automatically perform a refresh as needed.

[tipa]

Any update from the team? I am still using a workaround where I handle the refresh logic myself to avoid unnecessary refreshes by the SDK after each initialization.

[greg-db]

@tipa No, I don't have an update on this request.