drop_auth() generating short lived tokens about rdrop2 HOT 13 OPEN

After calling drop_auth() in R, in the pop-up webpage, I added "&token_access_type=offline" to the end of the URL, then hit enter to refresh the page, then authorize as usual. In this way, there should be "a long-lived refresh_token that can be used to request a new, short-lived access token" generated to your app folder. Then I published the app as usual, my authorization problem was solved.

from rdrop2.

I just got back from Dropbox. Here is the reply:

"Dropbox is in the process of switching to only issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here.

Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation.

For reference, while the creation of new long-lived access tokens is now deprecated, we don't currently have a plan to disable existing long-lived access tokens. (If that changes, we will of course announce that ahead of time.) That being the case, you can continue using existing long-lived access token(s) without interruption, if you have any. Also, note though that after the change you won't be able to create new long-lived access tokens.

While the change began on September 30th, we're releasing it gradually, so you may not have seen your app(s) affected yet/until now. Once it applies to your app, it would apply regardless of the "Access token expiration" setting for your app, and that setting may no longer be available for your app."

I mark the answers to your questions in bold.

from rdrop2.

I need the token to be long lived (not expire).

Did you try "implement refresh tokens" mentioned here? What I did so far is after calling drop_auth() in R, in the pop-up webpage, I added "&token_access_type=offline" to the end of the URL to generate "a long-lived refresh_token that can be used to request a new, short-lived access token." It seems working after 4 hours.

from rdrop2.

@Emily-Chai I'm having the same problem here. I tried adding the "&token_access_type=offline" to the URL, but it didn't work. Did you manage to solve the problem @BrookeGibbons ?

from rdrop2.

I had the same problem, and the solution is to change one line in the rdrop2::drop_auth function: dropbox_token <- httr::oauth2.0_token(dropbox, dropbox_app, cache = cache, query_authorize_extra = list(token_access_type = "offline")). With this, the token includes both a short lived token and a refresh token. Then, this token can be refreshed with dropbox_token$refresh(), which returns a new short lived token. It would be nice to add this as an empty list parameter to drop_auth, as it's supposed to be by default in httr::oauth2.0_token. See this for the introduction of this argument in httr 1.4.0.

from rdrop2.

@Emily-Chai's fix also worked for me too.

from rdrop2.

@Emily-Chai @BrookeGibbons
So, if I do token <- drop_auth() and then add "&token_access_type=offline" to the URL, I get "a long-lived refresh_token that can be used to request a new, short-lived access token".
I can save that with saveRDS(token, TOKEN_PATH).
However, I am unsure how I need to use it further.
How do I request a new short-lived token? (do I do token <- readRDS(TOKEN_PATH) and then token$refresh(), or how does that work?)
When does this need to happen? (at each application start?)

from rdrop2.

@karthik any updates on this? In particular in relation to @jcarbaut 's fix? I am currently having the same issue with short lived tokens.

from rdrop2.

@karthik any updates on this? In particular in relation to @jcarbaut 's fix? I am currently having the same issue with short lived tokens.

In the meantime, you can use the fix on a copy of the drop_auth function (the code is straightforward), or alternately Emily-Chain's trick above (I have not tested this, but it should work too). Once you have a refresh token, you can store it and use it in your app to get a short-lived token with token$refresh(). It will work for 4 hours: you may create this token at the beginning of a shiny app session, for instance.

If you need longer runs, it will be more difficult: if I understand correctly, the httr package does not do it automatically (it's one of the purposes of httr2, which rdrop2 does not currently use), so you'll have to do it "by hand" in your app: basically, each time you use a token, check its validity. This could be done by wrapping each reference to the token with a function that checks this.

from rdrop2.

@jcarbaut Thank you, very helpful. Have made the changes in my copy of the drop_auth function based on your PR. 4 hours should work for me, a user is on average only going to use each session for 30 minutes maximum. Hopefully in the future rdrop2 will move to httr2. Thanks again, Ben

from rdrop2.

I'm trying to make my Shiny app work in combination with dropbox, however I still didn't manage. It would really be helpfull for non-developers if the package was updated with this functionality. Alternatively, it would help if anyone could provide the complete example code for a working shiny app including the fix. Thank you so much, if anyone can do that!

from rdrop2.

After one morning of fiddling I managed, here's for the not-so apt like me: 1. make sure you are in the folder of your shiny-app. 2. In the console, load the library rdrop2. 3. In the console type drop_auth() 4. in the website that opens, do what Emily-Chai suggested: After calling drop_auth() in R, in the pop-up webpage, I added "&token_access_type=offline" to the end of the URL, then hit enter to refresh the page. 5. In your console, save the token saveRDS(token, "droptoken.rds") 6. Then go to the code in your shiny-app and below the calling of the other libraries put: outputDir <- "put here yours"; token<-readRDS("droptoken.rds"); token$refresh() 7. run your shiny app. I put this in both my ui and server scripts, don't know if that is neccesary. Now after one day, it still works, thanks everyone above again for the ingredients!

from rdrop2.

5. In your console, save the token saveRDS(token, "droptoken.rds")

@TessaEPronk @Emily-Chai Can you clarify? At what step in 1-5 is a token variable created in the workspace?

from rdrop2.