<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: What is the call for logout from current Dropbox account? in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/What-is-the-call-for-logout-from-current-Dropbox-account/m-p/403085#M21998</link>
    <description>&lt;P&gt;I believe the correct fix is to implement the auth flow using ASWebAuthenticationSession.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;What I am doing now is creating a `SFSafariViewController`, hitting &lt;A href="https://www.dropbox.com/logout" target="_blank"&gt;https://www.dropbox.com/logout&lt;/A&gt; and when that page loads immediately start `&lt;SPAN&gt;DropboxClientsManager&lt;/SPAN&gt;&lt;SPAN&gt;.&lt;/SPAN&gt;authorizeFromController`. &amp;nbsp;There is a visual artifact of seeing a logout screen but at least it works.&lt;/P&gt;</description>
    <pubDate>Thu, 19 Mar 2020 07:13:08 GMT</pubDate>
    <dc:creator>Ray F.11</dc:creator>
    <dc:date>2020-03-19T07:13:08Z</dc:date>
    <item>
      <title>What is the call for logout from current Dropbox account?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/What-is-the-call-for-logout-from-current-Dropbox-account/m-p/259940#M15126</link>
      <description>&lt;P&gt;What is the call for logout from current Dropbox account?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I followed exactly same procedure to configure my project using SwiftyDropbox.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;I have called this to logout button in my code:&lt;/P&gt;
&lt;P&gt;&lt;CODE&gt;DropboxClientsManager.unlinkClients()&lt;/CODE&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;SPAN&gt;But when i again login with code:&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;PRE&gt;&lt;SPAN class="pl-k"&gt;import&lt;/SPAN&gt; &lt;SPAN class="pl-en"&gt;SwiftyDropbox&lt;/SPAN&gt;

&lt;SPAN class="pl-k"&gt;func&lt;/SPAN&gt; &lt;SPAN class="pl-en"&gt;myButtonInControllerPressed&lt;/SPAN&gt;() {
    DropboxClientsManager.&lt;SPAN class="pl-c1"&gt;authorizeFromController&lt;/SPAN&gt;(UIApplication.&lt;SPAN class="pl-smi"&gt;shared&lt;/SPAN&gt;,
                                                  &lt;SPAN class="pl-c1"&gt;controller&lt;/SPAN&gt;: &lt;SPAN class="pl-c1"&gt;self&lt;/SPAN&gt;,
                                                  &lt;SPAN class="pl-c1"&gt;openURL&lt;/SPAN&gt;: { (&lt;SPAN class="pl-c1"&gt;url&lt;/SPAN&gt;: URL) &lt;SPAN class="pl-k"&gt;-&amp;gt;&lt;/SPAN&gt; &lt;SPAN class="pl-c1"&gt;Void&lt;/SPAN&gt; &lt;SPAN class="pl-k"&gt;in&lt;/SPAN&gt;
                                                    UIApplication.&lt;SPAN class="pl-smi"&gt;shared&lt;/SPAN&gt;.&lt;SPAN class="pl-c1"&gt;openURL&lt;/SPAN&gt;(url)
                                                  })
}&lt;/PRE&gt;
&lt;P&gt;&amp;nbsp;it just clearing Access Tokens but does not getting logout of current user? and shows me as logged in with Allow and Cancel window?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Is there somthing i have missed out ?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Thanks in Advance!!!&lt;/P&gt;</description>
      <pubDate>Wed, 29 May 2019 09:16:11 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/What-is-the-call-for-logout-from-current-Dropbox-account/m-p/259940#M15126</guid>
      <dc:creator>nilesh123</dc:creator>
      <dc:date>2019-05-29T09:16:11Z</dc:date>
    </item>
    <item>
      <title>Re: What is the call for logout from current Dropbox account?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/What-is-the-call-for-logout-from-current-Dropbox-account/m-p/259961#M15130</link>
      <description>That's correct, the unlinkClients method clears the access tokens stored by the SDK, but it does not sign the user of the Dropbox web site in the browser. (The API access tokens are separate from the web site session.)&lt;BR /&gt;&lt;BR /&gt;The user can sign out (and sign back in, if they want) manually on the web site. Or, if necessary, the app can direct them to &lt;A href="https://www.dropbox.com/logout" target="_blank"&gt;https://www.dropbox.com/logout&lt;/A&gt; .</description>
      <pubDate>Thu, 11 Jan 2018 15:11:43 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/What-is-the-call-for-logout-from-current-Dropbox-account/m-p/259961#M15130</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2018-01-11T15:11:43Z</dc:date>
    </item>
    <item>
      <title>Re: What is the call for logout from current Dropbox account?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/What-is-the-call-for-logout-from-current-Dropbox-account/m-p/403054#M21997</link>
      <description>&lt;P&gt;Isn't this a bug/security hole? &amp;nbsp;It seems like a major leak in the abstraction. (The fact is that I shouldn't know anything about the web). &amp;nbsp;FWIW, the BoxSDK gets this right. If you destroy the client, you have to reauth everytime. &amp;nbsp;I am not sure how to "direct the user" to a URL since it is not like I am using a web client. &amp;nbsp;At least directly. &amp;nbsp;I will try some random stuff but it would be useful if you could post some sample code here. &amp;nbsp;Thanks!&lt;/P&gt;</description>
      <pubDate>Wed, 18 Mar 2020 23:24:23 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/What-is-the-call-for-logout-from-current-Dropbox-account/m-p/403054#M21997</guid>
      <dc:creator>Ray F.11</dc:creator>
      <dc:date>2020-03-18T23:24:23Z</dc:date>
    </item>
    <item>
      <title>Re: What is the call for logout from current Dropbox account?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/What-is-the-call-for-logout-from-current-Dropbox-account/m-p/403085#M21998</link>
      <description>&lt;P&gt;I believe the correct fix is to implement the auth flow using ASWebAuthenticationSession.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;What I am doing now is creating a `SFSafariViewController`, hitting &lt;A href="https://www.dropbox.com/logout" target="_blank"&gt;https://www.dropbox.com/logout&lt;/A&gt; and when that page loads immediately start `&lt;SPAN&gt;DropboxClientsManager&lt;/SPAN&gt;&lt;SPAN&gt;.&lt;/SPAN&gt;authorizeFromController`. &amp;nbsp;There is a visual artifact of seeing a logout screen but at least it works.&lt;/P&gt;</description>
      <pubDate>Thu, 19 Mar 2020 07:13:08 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/What-is-the-call-for-logout-from-current-Dropbox-account/m-p/403085#M21998</guid>
      <dc:creator>Ray F.11</dc:creator>
      <dc:date>2020-03-19T07:13:08Z</dc:date>
    </item>
    <item>
      <title>Re: What is the call for logout from current Dropbox account?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/What-is-the-call-for-logout-from-current-Dropbox-account/m-p/403155#M21999</link>
      <description>&lt;P&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/250221"&gt;@Ray F.11&lt;/a&gt;&amp;nbsp;Thanks for following up. I'm not sure I follow what the security issue is, but if you've found a security issue with Dropbox, please report it via our HackerOne account:&amp;nbsp;&lt;A href="https://hackerone.com/dropbox" target="_blank"&gt;https://hackerone.com/dropbox&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;In any case, regardless of what browser/control one is using, the user's web session isn't directly connected to the user's API session. The user needs to sign in to the web site, if they're not already signed in, in order to authorize the third party app. The user's web session is handled via cookies in the browser, and the API access is handled via access tokens given to the app. The app/SDK doesn't know what the user's state in the browser is (i.e., whether they're already logged in or not). It just receives&amp;nbsp;an access token if/when the user authorizes the app. The user can also always manage their web sessions via&amp;nbsp;&lt;A href="https://www.dropbox.com/account/security" target="_blank"&gt;https://www.dropbox.com/account/security&lt;/A&gt;&amp;nbsp;, and separately manage connected API apps via&amp;nbsp;&lt;A href="https://www.dropbox.com/account/connected_apps" target="_blank"&gt;https://www.dropbox.com/account/connected_apps&lt;/A&gt;&amp;nbsp;.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Also, when logging in to the flow to authorize an app,&amp;nbsp;Dropbox only requests "Session" cookies by default, so the user would only be logged in for as long as the browser decides to keep that "session". Having the app explicitly hit&amp;nbsp;&lt;A href="https://www.dropbox.com/logout" target="_blank"&gt;https://www.dropbox.com/logout&lt;/A&gt; , like you've implemented is purely optional.&lt;/P&gt;</description>
      <pubDate>Thu, 19 Mar 2020 14:32:06 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/What-is-the-call-for-logout-from-current-Dropbox-account/m-p/403155#M21999</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2020-03-19T14:32:06Z</dc:date>
    </item>
  </channel>
</rss>

