Chris
Chris

Reputation: 58322

How do I revoke generated access tokens for Dropbox applications?

I have generated (manually through the web UI) multiple access tokens during testing, and all seem valid. I have probably also generated some and not actually noted them down anywhere.

How do I: a) list access tokens b) remove/revoke unneeded access tokens

I have looked here: www.dropbox.com/account/security and I can see my app listed, but there is no mention of access tokens. I do not want to remove the entire app, just some of the access tokens for it.

The app in question has "App folder" access, which means that it can only access one particular folder (and children).

Note: When I say "all seem valid" - I mean that each token can successfully be used to perform actions on the specific app folder at play.

Upvotes: 4

Views: 1150

Answers (2)

Xavi Montero
Xavi Montero

Reputation: 10755

Update 2024

Based on Chris' answer but with the new UI:

Disconnect the App

Once you click on "disconnect", they'll ask you via popup if you want to keep or remove the contents of the application folder. Keep them.

Uncheck removing contents

  • After this you'll see "no apps connected".
  • After this, you can refresh your application page and see it failing (401, not authorized).
  • Then head to the apps https://www.dropbox.com/developers/apps/ and browse to your app, then generate a new token.
  • Copy/paste the new token to the application's credentials.
  • After generating the code, reload your web application and see it accessing the old content again.
  • Refresh https://www.dropbox.com/account/connected_apps and you'll see the app again.

Upvotes: 3

Chris
Chris

Reputation: 58322

As per the Dropbox forum:

a) The Dropbox web site/API don't offer a way to list individual access tokens.

b) There are several ways to revoke access tokens.

  • The user can revoke all access tokens for an app via the account security page by clicking the 'x' at the right of the app's row. This will revoke all access tokens for that app-user pair though, and doesn't offer a way to revoke specific/individual ones.

  • If the app uses the "app folder" permission, the user can delete the app folder itself, which will cause any further API calls for that app-user pair to fail.

  • The app can revoke individual access tokens using the /2/auth/token/revoke API endpoint. That will revoke only the individual access token used to make the call itself. You can use it multiple times to revoke any/all access tokens you have.

https://www.dropboxforum.com/t5/API-support/How-to-revoke-an-access-token-Other-answers-suggest-security/m-p/218788/highlight/false#M11497

Upvotes: 2

Related Questions