At Dropbox, we’re big fans of OAuth 2, and we hope you are too! As you’re making the transition from OAuth 1 to OAuth 2, you may wonder what to do about existing OAuth 1 access tokens that you’ve already stored for your users. Rather than having to maintain two code paths (one for OAuth 1 and OAuth 2), you can simplify your code by converting those existing tokens to OAuth 2 using these two Core API endpoints:
- /oauth2/token_from_oauth1 is authenticated with an OAuth 1 token and returns an OAuth 2 token.
- /disable_access_token disables an existing token (OAuth 1 or OAuth 2).
By using these two methods together, you can convert an OAuth 1 access token to an OAuth 2 access token. First, generate a new OAuth 2 access token (using the existing OAuth 1 token for authentication). Then disable the (no longer needed) OAuth 1 token.
The following code, adapted from the
oauth1_upgrade.py example script in the Python SDK, demonstrates this two-step process:
# Get a DropboxClient object using an existing OAuth 1 access token. sess = session.DropboxSession(APP_KEY, APP_SECRET) sess.set_token(access_token_key, access_token_secret) client = client.DropboxClient(sess) # Create an OAuth 2 access token for the user. oauth2_access_token = client.create_oauth2_access_token() # Disable the OAuth 1 access token. client.disable_access_token()
Here’s a similar example in PHP, adapted from the
upgrade-oauth1-token.php example script in the PHP SDK:
$upgrader = new dbxOAuth1Upgrader($appInfo, "upgrade-example", "en"); // Get an OAuth 2 access token from the existing OAuth 1 access token. $oauth1AccessToken = new dbxOAuth1AccessToken($accessToken, $accessTokenSecret); $oauth2AccessToken = $upgrader->createOAuth2AccessToken($oauth1AccessToken); // Disable the OAuth 1 access token. $upgrader->disableOAuth1AccessToken($oauth1AccessToken);
The Java and Ruby SDKs have similar methods and similar example code.
A note on OAuth 1 support
Although we prefer OAuth 2 in general, we plan to continue supporting OAuth 1 as long as we support v1 of the Core API.