Forum Discussion

seizo's avatar
seizo
Helpful | Level 6
9 years ago
Solved

How to find the present-log-in-account in the redirect_uri

I have a question about /oauth2/authorize end point. Now I'm developing an Android app. The app sends a request to /oauth2/authorize end point. (response_type=token) I could confirm that the endp...
API
Greg-DB's avatar
Greg-DB
Icon for Dropbox Community Moderator rankDropbox Community Moderator
9 years ago

When Dropbox sends the user back to the redirect URI specified by your app, it will include the 'account_id' for the account that authorized the app, along with the other parameters, on the URL fragment. You can find the documentation for all of the pieces of information returned here:

 

https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize

 

Note that since this occurs client-side, you can't strictly trust these values for authentication purposes, so you should then call /2/users/get_current_account using that access token to verify the account ID, if that's what you need it for:

 

https://www.dropbox.com/developers/documentation/http/documentation#users-get_current_account

seizo's avatar
seizo
Helpful | Level 6
9 years ago

Greg, thank you for the advice.

 

As you said there is account_id in the URL fragment.
It is like this below.
"dbid%32221111%%%%%%%sssspppp"

But the user who are facing the redirect-page needs to know the current account,
because he/she has to decide to change the account or not at this moment.


So I think that /oauth2/authorize end point has to return log-in id
like "aaaa@dropbox.com" rather than account_id like "dbid%32221111%%%%%%%sssspppp",
to specify the user the account that /oauth2/authorize have permitted to access.

 

:)

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    9 years ago
    The /oauth2/authorize web page itself shows the user which account they're currently logged in to in the drop down in the upper right corner of the page. They can also switch which account they're logged in to by signing out and in there, before authorizing the app.
    • seizo's avatar
      seizo
      Helpful | Level 6
      9 years ago

      Thank you Greg for the kind explanation. <(_ _)>

       

      When I use oauth2/authorize endpoint ...
      with the parameter "response_type=code" and
      without the parameter "redirect_uri=https://myWebpage.com"
      I can get a code in the https://www.dropbox.com/1/oauth2/authorize_submit page.
      As you wrote, there is a drop down in the upper right corner.

       

      But in case I use the endpoint ...
      with the parameter "response_type=token" and
      with the parameter "redirect_uri=https://myWebpage.com"
      it seems to be difficult to install the similar drop down in the private redirect_uri, doesn't it?

       

      :)

      • Greg-DB's avatar
        Greg-DB
        Icon for Dropbox Community Moderator rankDropbox Community Moderator
        9 years ago
        I'm not sure I understand what you mean when you say "it seems to be difficult to install the similar drop down in the private redirect_uri, doesn't it?"

        Can you elaborate? If that's your own private page, you can design it however you'd like.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!