• Sign in

Upgrading a Dropbox OAuth 1 token to OAuth 2

Posted by Steve Marx on March 19, 2014

At Dropbox, we're big fans of OAuth 2, and we hope you are too! As you're making the transition from OAuth 1 to OAuth 2, you may wonder what to do about existing OAuth 1 access tokens that you've already stored for your users. Rather than having to maintain two code paths (one for OAuth 1 and OAuth 2), you can simplify your code by converting those existing tokens to OAuth 2 using these two Core API endpoints:

By using these two methods together, you can convert an OAuth 1 access token to an OAuth 2 access token. First, generate a new OAuth 2 access token (using the existing OAuth 1 token for authentication). Then disable the (no longer needed) OAuth 1 token.

The following code, adapted from the oauth1_upgrade.py example script in the Python SDK, demonstrates this two-step process:

# Get a DropboxClient object using an existing OAuth 1 access token.
sess = session.DropboxSession(APP_KEY, APP_SECRET)
sess.set_token(access_token_key, access_token_secret)
client = client.DropboxClient(sess)

# Create an OAuth 2 access token for the user.
oauth2_access_token = client.create_oauth2_access_token()

# Disable the OAuth 1 access token.
client.disable_access_token()

Here's a similar example in PHP, adapted from the upgrade-oauth1-token.php example script in the PHP SDK:

$upgrader = new dbx\OAuth1Upgrader($appInfo, "upgrade-example", "en");

// Get an OAuth 2 access token from the existing OAuth 1 access token.
$oauth1AccessToken = new dbx\OAuth1AccessToken($accessToken, $accessTokenSecret);
$oauth2AccessToken = $upgrader->createOAuth2AccessToken($oauth1AccessToken);

// Disable the OAuth 1 access token.
$upgrader->disableOAuth1AccessToken($oauth1AccessToken);

The Java and Ruby SDKs have similar methods and similar example code.

A note on OAuth 1 support

Although we prefer OAuth 2 in general, we plan to continue supporting OAuth 1 as long as we support v1 of the Core API.