Node-red-node-dropbox token expiration

Since the Dropbox API was changed about a year ago, users have found that they need to continually apply for new tokens for the node Auth to work.
This topic is to discuss the issue, and try and find a resolution to restore functionality.

I dropped dropbox and instead use a ssd drive on my home network. It is acceptable safety level for me, only problem if the house would burn down (but then problems with a slightly different magnitude would call for higher priority anyway)

Don't leave it permanently connected. A nearby lightning strike can take out multiple devices on a network.

1 Like

I thought Microsoft's privacy policy guarantees they will not look at private repositories. If so then, if it were shown that they had been looking, there would be a big fuss and legal suits I think.

@hardillb - Ben, you did a PR about a year ago for the Dropbox node, was the purpose of that to deal with short-term tokens, as I see that you mention it in the node's amended node tip.

:man_shrugging: you exepect me to remember something longer ago than last week?

Do you have a link to a PR/merge?

Looks like the code got merged, but never published to npm (@dceejay can you publish it please)

Other than that, if dropbox have changed things again then somebody will need to step up and propose a PR to fix it as I don't use the node and don't have the bandwidth to fix/test at the moment.

done to that level

Yes, that's what I thought, thanks.

@FSHelgeland @DiverRich could you update your Dropbox node's to v1.1.0 and try again pls.

I will have a go.

1 Like

Updated. I won't know for sure if the token stayed active until tomorrow. Unless there is another way to check that you'd like me to try.

1 Like

Not sure about that one - but there is a huge stink in the open source community at the moment about it as the Microsoft Copilot siphons code from within Github and includes it (with no attribution)

Craig

@Paul-Reed, unfortunately it didn't retain the token.

Let's see how it works out for Freddy.

I can't test, or try things at the moment as I'm on holiday, and working from my phone, but I'll give it some attention when I return home.

@Paul-Reed sorry to inform you that it did not work here either. Dropbox only provides short-lived tokens now so we probably have to do something with Oauth.

Looking at the changes that were introduced in the latest node version, if you go to 'Add new Dropbox config' in the Dropbox node, you will note that the bottom paragraph was amended to be:
"On the subsequent page, click the button to ensure the token does not expire, then generated an access token. Copy it into the box above."

Did you create a new config & follow that paragraph, or used your existing configs?

I did not follow your recipe, will try now.

I've had direct dealings with Microsoft security and with their UK CISO and I can tell you that while the central support teams CAN access your data, it is extremely tightly controlled. Their processes ensure that only a direct customer request will be considered and that support personnel are only given access for a very limited period.

As Colin implies, their big cash-cows are large enterprises and governments, they are not about to risk that looking at your or my personal data.

But if you are really worried, the fix is very simple - pre-encrypt the data. If you have a backup script, add a local encryption step to it.

Oh, and if you think that Dropbox has better security than Microsoft's infrastructure - hmm, well I have an e-lock I'd like to sell you :slight_smile:

3 Likes

Perhaps I've found the issue. What I see in the dropbox developer app console doesn't match your instructions. Specifically, item #2 just isn't a thing. Nowhere can I select 'Dropbox API app." I am able to create an app and set permissions and generate a token, but there is also no option on the subsequent page to click any button related to the token. The subsequent page is all about app permissions. I assume I'm missing something obvious (which is often the case when it comes to these matters.)