Need to see if your shared folder is taking up space on your dropbox 👨‍💻? Find out how to check here.

Forum Discussion

aston's avatar
aston
Explorer | Level 4
7 years ago
Solved

OAuth 2.0 for native apps

Hi,

How a native app (a desktop application) can implement and use the Authorization flow without having to know/use the app's secret?

Quoting from here:

"The current industry best practice is to use the Authorization Flow while omitting the client secret, and to use an external user agent to complete the flow."

The browser of the system can be this "external user agent", but all the examples that I could find for the Java SDK (as this one) need the app-info file with the secret populated in order to work. I have tried having the secret empty or null but the authorization fails at the end with the following error:

Error in DbxWebAuth.authorize: {"error": "invalid_client: Invalid client_id or client_secret"}

 

Is implicit grant the only way to go?

API
  • Greg-DB's avatar
    Greg-DB
    7 years ago

    Yes, for client-side apps, you should use the "implicit" a.k.a. "token" flow. This is the version of the Dropbox OAuth app authorization flow that does not require use of the app secret.

    The DbxWebAuth class in the official Dropbox API v2 Java SDK is only built for web apps though, and does not support the implicit flow. I'll pass this along as a feature request, but I can't promise if or when that might be implemented though.

    There is a special flow built for Android though, in case you're running on Android. Otherwise, you'll need to implement the implicit flow directly.

2 Replies

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    7 years ago

    Yes, for client-side apps, you should use the "implicit" a.k.a. "token" flow. This is the version of the Dropbox OAuth app authorization flow that does not require use of the app secret.

    The DbxWebAuth class in the official Dropbox API v2 Java SDK is only built for web apps though, and does not support the implicit flow. I'll pass this along as a feature request, but I can't promise if or when that might be implemented though.

    There is a special flow built for Android though, in case you're running on Android. Otherwise, you'll need to implement the implicit flow directly.

  • aston's avatar
    aston
    Explorer | Level 4
    7 years ago

    Thank you for the response.

    I asked the question for implementation plans in the Java SDK GitHub repo.

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!