Dropbox: Add support for refresh tokens#9131
Conversation
bd6568b to
6d1647d
Compare
Dropbox dropped support for long-lived access tokens, keeping only short-lived ones when you use the "Generate token" method, meaning that the token only works for a few hours. This commit introduces support for refresh tokens which allow for generating short-lived tokens dynamically, essentially having the same functionality as a long-lived token. The downside is that in the "Dropbox token" field in the settings you now have to both add a refresh token (which isn't trivial to generate https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens), as well as the app's key, a colon and the app's secret (all this in base64 encoding). In the future the refresh-token support would probably be better if it didnt generate a new short-lived token for each request (which this implementation does), and instead cached them and just generated new ones when they expired. Fixes koreader#8571
|
|
||
| function DropBox:config(item, callback) | ||
| local text_info = "How to generate Access Token:\n".. | ||
| local text_info = "How to link your Dropbox account:\n".. |
There was a problem hiding this comment.
Sorry, I'd overlooked this untranslated string earlier but if you don't mind (since it's not really part of this PR per se), could you make this:
_([[multiline string]])
That should be the easiest for translators.
There was a problem hiding this comment.
I think its done, let me know if I should change anything else
|
What if a user has a long-lived token available? |
I think we should drop the support for long-lived tokens as they have been unavailable for over 6 months but if you want we could also add a checkbox or something to add support for the deprecated long-lived tokens:) |
|
My old long-lived token works fine right now. |
Yes, but new users cannot generate any new long-lived tokens, so that would only work for people who have generated a token before December 2021 |
|
So we need a checkbox to allow using an old long-lived tokens and a new field in the server settings. Secondly, can you consider the possibility to generate an access token once at the beginning of the current session, store it in self.dropbox_access_token, and clear upon closing the Dropbox or CloudStorage menu (as a compromised simpler solution, to avoid checking via 401 error if the token has expired). For sure we shall need to write the clearer instruction how to generate a refresh token, including under Windows systems. I've used Postman for that. Are there any online services to make a POST request without registration? |
|
I'm not sure about any online services, but there is something called Thunder Client that provides a GUI tool. Note that curl is now shipped with Windows: https://curl.se/windows/microsoft.html |
That is a really good idea, i will certainly do that
I'm still unsure about why would keep support for long-lived tokens as they are not able to be generated anymore so it would kind of be just having support for a deprecated feature
Yes, we would definitely need better instructions. I used curl to generate the refresh token but there is probably a more user-friendly way:) (maybe we could create a bash script that generates it) |
|
Hi ! |
|
I also still have the old token :D |
|
I think mine expired by not using it for a few months. |
|
Mine is still ok and i can think of large periods of time i didn't use it (and didn't use my kobo at all). Is it because i generated it as mentionned here ?
https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/API-access-token-expired/td-p/363473 |
@hius07 That could indeed work although I do see it as a bit of unnecessary work as the tokens are completely deprecated and we should switch sooner rather than later to the supported method. If you really feel this is necessary I will try and implement it over this next few days, as it would need a partial rewrite of the cloudstorage.lua interface. |
|
Is this superceded by #9496 ? |
|
Closed in favour of #9496. |

Dropbox dropped support for long-lived access tokens, keeping only
short-lived ones when you use the "Generate token" method, meaning that
the token only works for a few hours.
This commit introduces support for refresh tokens which allow for
generating short-lived tokens dynamically, essentially having the same
functionality as a long-lived token.
The downside is that in the "Dropbox token" field in the settings you
now have to both add a refresh token (which isn't trivial to generate https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens),
as well as the app's key, a colon and the app's secret (all this in
base64 encoding).
In the future the refresh-token support would probably be better if it
didnt generate a new short-lived token for each request (which this
implementation does), and instead cached them and just generated new
ones when they expired.
Fixes #8571
This change is