We’re Still Here to Help (Even Over the Holidays!) - find out more here.
Forum Discussion
Solved
What if I want the User to login each time
I don't want to keep my own user membership db and login logic for my web app. My web app is going to be only for Dropbox and I want to rely on Dropbox Login only. Otherwise, saving the access token ...
This is sort of already possible. If you send the user through the app authorization flow again, they may (e.g., as long as your app's redirect URI uses https://) be automatically redirected, without having to click "Allow", if they've already authorized the app. You can find a note about this under "force_reapprove" in the documentation:
https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize
Note that this still will return a new access token to your app though.
>>To avoid having the user go through the Dropbox app authorization flow each time, you would need to store the access token in their session/cookies and re-use it when they return.<<
I have no problem in saving the access token in the DB against the Email. But next time when the user comes to use the App, I want Dropbox to authenticate the user, just for Login, before I use the saved access token. In other words, the user should then login to Dropbox but should not be presented with Allow dialog and should not generate another access token. Is that possible? I want to use the saved access token for a user next time only if he is authenticated by Dropbox.
Thanks,
Sanjay
Apparently, many may want this feature. For example, here is a thread on SO that has exactly a similar question with no solution so far.
https://stackoverflow.com/questions/12275100/is-there-a-way-to-use-dropbox-for-authentication-without-re-authorization
https://stackoverflow.com/questions/12275100/is-there-a-way-to-use-dropbox-for-authentication-without-re-authorization
- Greg-DB
Dropbox Community Moderator
This is sort of already possible. If you send the user through the app authorization flow again, they may (e.g., as long as your app's redirect URI uses https://) be automatically redirected, without having to click "Allow", if they've already authorized the app. You can find a note about this under "force_reapprove" in the documentation:
https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize
Note that this still will return a new access token to your app though.
That's exactly what I want. That means, I can just save a flag in the cookie that says it was approved once. And use it to switch on that option. Switch it off only if the user wants to switch the dropbox accounts by some other action.
>>Note that this still will return a new access token to your app though.
That's OK. Will it create a problem for Dropbox system itself to have too many access tokens generated? Or does it automatically recycle by invalidating the old one?
Thanks,
Sanjay
- Greg-DBThere isn't a limit to the number of access tokens that can be created for an app-user pair, and I'm not aware of any issues arising from creating many. Dropbox won't automatically recycle/invalidate them.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
