Reputation: 58322
How do I revoke generated access tokens for Dropbox applications?
I have generated (manually through the web UI) multiple access tokens during testing, and all seem valid. I have probably also generated some and not actually noted them down anywhere.
How do I: a) list access tokens b) remove/revoke unneeded access tokens
I have looked here: www.dropbox.com/account/security and I can see my app listed, but there is no mention of access tokens. I do not want to remove the entire app, just some of the access tokens for it.
The app in question has "App folder" access, which means that it can only access one particular folder (and children).
Note: When I say "all seem valid" - I mean that each token can successfully be used to perform actions on the specific app folder at play.
Upvotes: 4
Views: 1150
Answers (2)
Reputation: 10755
Update 2024
Based on Chris' answer but with the new UI:
- You have to "disconnect" the App.
- To do so, navigate to here https://www.dropbox.com/account/connected_apps
- Then in the list of the apps, click the arrow to display more content.
- Finally click "Disconnect"
Once you click on "disconnect", they'll ask you via popup if you want to keep or remove the contents of the application folder. Keep them.
- After this you'll see "no apps connected".
- After this, you can refresh your application page and see it failing (401, not authorized).
- Then head to the apps https://www.dropbox.com/developers/apps/ and browse to your app, then generate a new token.
- Copy/paste the new token to the application's credentials.
- After generating the code, reload your web application and see it accessing the old content again.
- Refresh https://www.dropbox.com/account/connected_apps and you'll see the app again.
Upvotes: 3
Reputation: 58322
As per the Dropbox forum:
a) The Dropbox web site/API don't offer a way to list individual access tokens.
b) There are several ways to revoke access tokens.
The user can revoke all access tokens for an app via the account security page by clicking the 'x' at the right of the app's row. This will revoke all access tokens for that app-user pair though, and doesn't offer a way to revoke specific/individual ones.
If the app uses the "app folder" permission, the user can delete the app folder itself, which will cause any further API calls for that app-user pair to fail.
The app can revoke individual access tokens using the /2/auth/token/revoke API endpoint. That will revoke only the individual access token used to make the call itself. You can use it multiple times to revoke any/all access tokens you have.
Upvotes: 2
Related Questions
- re-usable refresh tokens for dropbox api?
- Dropbox OAuth2 API always prompts user for permission when a refresh token is requested
- Getting a new refresh token when using one to get an access token dropbox v2 api
- Dropbox Access Token Expiry
- Revoke Dropbox token programmatically
- Revoke Dropbox access in Java/Android SDK
- How to revoke access token from Dropbox
- Dropbox api: how to save access token to reuse later?
- Dropbox API Token Verification
- Dropbox Sync API AccessToken