<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: How to store secret_id in Java desktop app in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/How-to-store-secret-id-in-Java-desktop-app/m-p/426126#M22748</link>
    <description>&lt;P&gt;The app key, a.k.a. client ID, is public, and does not need to be hidden. The app secret a.k.a. client secret, should ideally be kept secret. (Leaking your app secret could let someone impersonate your app to an extent, though it wouldn't by itself enable access to any file data.)&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Client-side apps fundamentally can't keep secrets. You can make it more difficult for someone to try to extract it, but you can't make it impossible. For this reason, client-side apps, such as a desktop app like you describe, ideally shouldn't contain&amp;nbsp;the app secret at all. To process the OAuth app authorization flow without the app secret, client-side apps should use &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize" target="_self"&gt;the "token" flow&lt;/A&gt;.&lt;/P&gt;</description>
    <pubDate>Tue, 02 Jun 2020 20:23:43 GMT</pubDate>
    <dc:creator>Greg-DB</dc:creator>
    <dc:date>2020-06-02T20:23:43Z</dc:date>
    <item>
      <title>How to store secret_id in Java desktop app</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/How-to-store-secret-id-in-Java-desktop-app/m-p/426083#M22746</link>
      <description>&lt;P&gt;Hello,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;As I want to deploy the next version of my Java desktop app with the integration of the Dropbox API so that users can have access to their dropbox folder within the program. For this, I will need to have my dropbox app client_id and secret_id in my Java code somewhere.&lt;/P&gt;
&lt;P&gt;What are the recommendations and risks when dealing with client_id and secret_id in the compiled code ? While I plan on encoding them in base64 to make it a little harder to see when decompiling a jar, what is the best thing recommended ?&lt;/P&gt;
&lt;P&gt;What are the risks of someone "seeing" my app client_id and secret_id ?&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Thanks&lt;/P&gt;
&lt;P&gt;Frederic&lt;/P&gt;</description>
      <pubDate>Tue, 02 Jun 2020 18:04:25 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/How-to-store-secret-id-in-Java-desktop-app/m-p/426083#M22746</guid>
      <dc:creator>FJBDev</dc:creator>
      <dc:date>2020-06-02T18:04:25Z</dc:date>
    </item>
    <item>
      <title>Re: How to store secret_id in Java desktop app</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/How-to-store-secret-id-in-Java-desktop-app/m-p/426126#M22748</link>
      <description>&lt;P&gt;The app key, a.k.a. client ID, is public, and does not need to be hidden. The app secret a.k.a. client secret, should ideally be kept secret. (Leaking your app secret could let someone impersonate your app to an extent, though it wouldn't by itself enable access to any file data.)&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Client-side apps fundamentally can't keep secrets. You can make it more difficult for someone to try to extract it, but you can't make it impossible. For this reason, client-side apps, such as a desktop app like you describe, ideally shouldn't contain&amp;nbsp;the app secret at all. To process the OAuth app authorization flow without the app secret, client-side apps should use &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize" target="_self"&gt;the "token" flow&lt;/A&gt;.&lt;/P&gt;</description>
      <pubDate>Tue, 02 Jun 2020 20:23:43 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/How-to-store-secret-id-in-Java-desktop-app/m-p/426126#M22748</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2020-06-02T20:23:43Z</dc:date>
    </item>
    <item>
      <title>Re: How to store secret_id in Java desktop app</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/How-to-store-secret-id-in-Java-desktop-app/m-p/426146#M22749</link>
      <description>&lt;P&gt;Thank you! I will use the implicit grant flow.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I apologize as I just realized that my question is a duplicate of this one. Feel free to delete mine if you need/want : &lt;A href="https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Proper-way-of-handling-APP-KEY-and-APP-SECRET/m-p/410478" target="_blank"&gt;https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Proper-way-of-handling-APP-KEY-and-APP-SECRET/m-p/410478&lt;/A&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 02 Jun 2020 21:44:49 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/How-to-store-secret-id-in-Java-desktop-app/m-p/426146#M22749</guid>
      <dc:creator>FJBDev</dc:creator>
      <dc:date>2020-06-02T21:44:49Z</dc:date>
    </item>
  </channel>
</rss>

