One month down in 2025: How are your resolutions coming along? Check out how to get back on track here.
Forum Discussion
Ch M1
3 years agoExplorer | Level 3
Re: can i pass the email and password in the url of dropbox to automatically login to the dropbox
Hi,
with the auth url "https://www.dropbox.com/oauth2/authorize/?client_id=<key>&token_access_type=offline&response_type=code", it require user login my dropbox account first, and then return a code. it is not make sense. If every user can login my account, why we need the secret key ?? With a request link to upload far more make sense of my requirement. however, my app not able to receive return info with request link. how can I have the code return secretly or without login??
The app key and app secret, also known as client ID and secret, identify the app itself, not any particular account, and do not themselves enable access to any account.
The OAuth app authorization flow is a way for arbitrary end-users to allow apps to connect to their accounts. It is not possible to fully automate the OAuth process where the user chooses to authorize the app and the app then receives the resulting access token and optional refresh token. This needs to be done manually by the user at least once. If your app needs to maintain long-term access without the user manually re-authorizing it repeatedly, the app should request "offline" access so that it gets a refresh token. The refresh token doesn't expire and can be stored and used repeatedly to get new short-lived access tokens whenever needed, without the user manually reauthorizing the app.
The app key/secret and OAuth flow do not allow other users to access your account. Access/refresh tokens and user credentials (username and password) enable access to accounts. As long as you do not distribute your access/refresh tokens or username/password, other users would not have a way to access your own account.
It sounds like you want your users to always connect to your own account only. The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. While it is technically possible to always connect to just one account for all users, we do not officially support this, for various technical and security reasons.
- Greg-DB
Dropbox Staff
The app key and app secret, also known as client ID and secret, identify the app itself, not any particular account, and do not themselves enable access to any account.
The OAuth app authorization flow is a way for arbitrary end-users to allow apps to connect to their accounts. It is not possible to fully automate the OAuth process where the user chooses to authorize the app and the app then receives the resulting access token and optional refresh token. This needs to be done manually by the user at least once. If your app needs to maintain long-term access without the user manually re-authorizing it repeatedly, the app should request "offline" access so that it gets a refresh token. The refresh token doesn't expire and can be stored and used repeatedly to get new short-lived access tokens whenever needed, without the user manually reauthorizing the app.
The app key/secret and OAuth flow do not allow other users to access your account. Access/refresh tokens and user credentials (username and password) enable access to accounts. As long as you do not distribute your access/refresh tokens or username/password, other users would not have a way to access your own account.
It sounds like you want your users to always connect to your own account only. The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. While it is technically possible to always connect to just one account for all users, we do not officially support this, for various technical and security reasons.
- Ch M1Explorer | Level 3
Thank you very much for your replying. I spent a lot of time for exploring this issue. Your last sentence make sense every thing. I am looking for a storage with one account for all users. Looks like Dropbox is not designed for this purpose.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.5,950 PostsLatest Activity: 7 minutes ago
If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!