Forum Discussion

foxo1's avatar
foxo1
Explorer | Level 4
4 years ago

OAuth2 via Python SDK and Django

Hi again,

 

So I'm trying to implement the non-pkce authorization via the Python SDK using DropboxOAuth2Flow with redirects.

 

View 1 creates the initial auth_flow object.

 

 

def dp_auth_start(request):
   auth_flow = dropbox.DropboxOAuth2Flow(....use_pkce=False)
   return HttpRedirect(auth_flow.start())

 

 

 

View 2 is supposed to take in the servers reply after the user has authorized my app and then again ask for the access_token.

 

 

def dp_auth_accepted(request):
   auth_flow.finish(request.GET)
   ... continue with code here

 

 

 As expected view 2 will yield an error that auth_flow is undefined. Of course, because it has not been passed on from view 1 to view 2 and is not newly defined here.

 

So my question is a hybrid one:

1) How does the Python SDK account for object transfers in a Django setting? 

2) Is there a way that DropboxOAuth2Flow objects will be serializable in the future? This would make things super easy.

3) How would I pass a non-Django object that is not serializable from view 1 to view 2 in a feasible and secure way? I know I could use pickle but try not to (it's working but comes at a price I'm hardly willing to pay). 

 

I really appreciate any help you can provide!

Thanks a lot!

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    I can't offer help for Django in particular, as that's made by Dropbox, but I'll be happy to offer whatever guidance I can in general.

     

    First, I'll send this along as a feature request to make DropboxOAuth2Flow serializable though I can't promise if or when that might be implemented.

     

    Anyway, you generally shouldn't need to serialize it though; you can just recreate it when needed. For instance, here's an example (albeit written for Flask, and for an older version of the Dropbox SDK, but the idea is the same) showing how the flow is recreated via the "get_flow" method, which is re-used in both steps.

    • foxo1's avatar
      foxo1
      Explorer | Level 4

      Hi Greg-DB!

       

      Thanks again for your reply - it works perfectly now without any pickling or weird dictionary.

      For anyone out there I'd like to share my code to help you out if need be:

       

       

      @login_required
      def dropbox_authorization(request):
          auth_flow = dropbox.DropboxOAuth2Flow(
              _APP_KEY, 
              _REDIRECT_URI, 
              request.session,
              'dropbox-auth-csrf-token', 
              _APP_SECRET, 
              _LOCALE, 
              'offline',
              use_pkce=False)
          return HttpResponseRedirect(auth_flow.start())
      
      
      @login_required
      def dropbox_authorization_success(request):
          def _get_flow(request):
              return dropbox.DropboxOAuth2Flow(
                  _APP_KEY,
                  _REDIRECT_URI,
                  request.session,
                  'dropbox-auth-csrf-token',
                  _APP_SECRET, 
                  _LOCALE)
      
          result = _get_flow(request).finish(request.GET)
          request.user.dp_refresh_token = result.refresh_token
          request.user.save()
          request.session['access_token'], request.session['expires_at'] = result.access_token, result.expires_at.isoformat()
      
          return #to the view of your liking

       

      Hope this helps!

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.5,945 PostsLatest Activity: 2 hours ago
351 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!