<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Login without DB UI intervention? in Dropbox API Support &amp; Feedback</title>
    <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Login-without-DB-UI-intervention/m-p/132663#M3924</link>
    <description>&lt;P&gt;Richard has this correct. This is possible, though it is&amp;nbsp;not recommended.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;The iOS Core SDK does use OAuth 1, and the generated token on the App Console uses OAuth 2, as you noted, so you can't plug that in directly. You'd need to instead implement and run the OAuth 1 flow once for your account. There was another thread where I helped another developer through this in some detail here:&lt;/P&gt;
&lt;P&gt;&lt;A href="https://www.dropboxforum.com/hc/en-us/community/posts/204110983-Is-linking-necessary-to-download-files-" rel="nofollow noreferrer"&gt;https://www.dropboxforum.com/hc/en-us/community/posts/204110983-Is-linking-necessary-to-download-files-&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;The StackOverflow posts I linked to there should be useful too:&lt;/P&gt;
&lt;P&gt;&lt;A href="https://stackoverflow.com/questions/15014001/allow-dropbox-api-to-access-my-account-on-users-device" rel="nofollow noreferrer"&gt;https://stackoverflow.com/questions/15014001/allow-dropbox-api-to-access-my-account-on-users-device&lt;/A&gt;&lt;BR /&gt;&lt;A href="https://stackoverflow.com/questions/27834922/auto-login-dropbox-account-on-core-api-without-login-prompt" rel="nofollow noreferrer"&gt;https://stackoverflow.com/questions/27834922/auto-login-dropbox-account-on-core-api-without-login-prompt&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;Again though, I should emphasize that this is not recommended. A malicious user could extract the access token from your app and use it directly, bypassing any access controls you may have attempted to enforce.&lt;/P&gt;</description>
    <pubDate>Fri, 05 Feb 2016 02:55:56 GMT</pubDate>
    <dc:creator>Greg-DB</dc:creator>
    <dc:date>2016-02-05T02:55:56Z</dc:date>
    <item>
      <title>Login without DB UI intervention?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Login-without-DB-UI-intervention/m-p/132660#M3921</link>
      <description>&lt;P&gt;I am using the iOS SDK with objC (v1). Is there a way to programmatically login to a dropbox account from my app without having the DB UI prompt for user/password pop up? We want to use our DB (the developer's) rather than the DB of the user of our app.&lt;/P&gt;
&lt;P&gt;Basically rather than call linkfromcontroller we want to run it from within our app.&lt;/P&gt;
&lt;P&gt;Thanks in advance!&lt;/P&gt;</description>
      <pubDate>Wed, 29 May 2019 09:36:09 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Login-without-DB-UI-intervention/m-p/132660#M3921</guid>
      <dc:creator>TK K.</dc:creator>
      <dc:date>2019-05-29T09:36:09Z</dc:date>
    </item>
    <item>
      <title>Re: Login without DB UI intervention?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Login-without-DB-UI-intervention/m-p/132661#M3922</link>
      <description>&lt;P&gt;No - the intention is that you never handle the user credentials.&lt;/P&gt;
&lt;P&gt;If you want to use a central DB account, then the best thing to do is do the authentication process during your development, and include the valid auth token in the final build of the app - then it never has to auth with Dropbox, its already been done. &amp;nbsp;You can build in an update routine so the app regularly checks for a new auth token from your server if you need to.&lt;/P&gt;</description>
      <pubDate>Thu, 04 Feb 2016 23:15:52 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Login-without-DB-UI-intervention/m-p/132661#M3922</guid>
      <dc:creator>Richard P.</dc:creator>
      <dc:date>2016-02-04T23:15:52Z</dc:date>
    </item>
    <item>
      <title>Re: Login without DB UI intervention?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Login-without-DB-UI-intervention/m-p/132662#M3923</link>
      <description>&lt;P&gt;Thanks for the prompt reply and sorry if this is known.&amp;nbsp;We want the app to bring data to OUR dropbox not the users, and we don't want users using the app to login to dropbox at all.&lt;/P&gt;
&lt;P&gt;If I understand you right how would we get hold of the valid auth token after our app is logged in to our account during development? And what would we use in the objC SDK to initialize this for our session so calls would proceed properly as if it was linked via UI process etc?&lt;/P&gt;
&lt;P&gt;We thought maybe we could use the "generated" token and embed it in the app but apparently this does not work with the objC SDK since it uses Oath1 not OAuth2...&lt;/P&gt;</description>
      <pubDate>Thu, 04 Feb 2016 23:24:50 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Login-without-DB-UI-intervention/m-p/132662#M3923</guid>
      <dc:creator>TK K.</dc:creator>
      <dc:date>2016-02-04T23:24:50Z</dc:date>
    </item>
    <item>
      <title>Re: Login without DB UI intervention?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Login-without-DB-UI-intervention/m-p/132663#M3924</link>
      <description>&lt;P&gt;Richard has this correct. This is possible, though it is&amp;nbsp;not recommended.&amp;nbsp;&lt;/P&gt;
&lt;P&gt;The iOS Core SDK does use OAuth 1, and the generated token on the App Console uses OAuth 2, as you noted, so you can't plug that in directly. You'd need to instead implement and run the OAuth 1 flow once for your account. There was another thread where I helped another developer through this in some detail here:&lt;/P&gt;
&lt;P&gt;&lt;A href="https://www.dropboxforum.com/hc/en-us/community/posts/204110983-Is-linking-necessary-to-download-files-" rel="nofollow noreferrer"&gt;https://www.dropboxforum.com/hc/en-us/community/posts/204110983-Is-linking-necessary-to-download-files-&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;The StackOverflow posts I linked to there should be useful too:&lt;/P&gt;
&lt;P&gt;&lt;A href="https://stackoverflow.com/questions/15014001/allow-dropbox-api-to-access-my-account-on-users-device" rel="nofollow noreferrer"&gt;https://stackoverflow.com/questions/15014001/allow-dropbox-api-to-access-my-account-on-users-device&lt;/A&gt;&lt;BR /&gt;&lt;A href="https://stackoverflow.com/questions/27834922/auto-login-dropbox-account-on-core-api-without-login-prompt" rel="nofollow noreferrer"&gt;https://stackoverflow.com/questions/27834922/auto-login-dropbox-account-on-core-api-without-login-prompt&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;Again though, I should emphasize that this is not recommended. A malicious user could extract the access token from your app and use it directly, bypassing any access controls you may have attempted to enforce.&lt;/P&gt;</description>
      <pubDate>Fri, 05 Feb 2016 02:55:56 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Login-without-DB-UI-intervention/m-p/132663#M3924</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2016-02-05T02:55:56Z</dc:date>
    </item>
    <item>
      <title>Re: Login without DB UI intervention?</title>
      <link>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Login-without-DB-UI-intervention/m-p/132664#M3925</link>
      <description>&lt;P&gt;You guys ROCK! I had read that post earlier and the guys' inability to listen made me miss the key part. To summarize for Oauth1 (until we get v2 for objC) you run a connect using linkfromController and then dump the MPOAuthCredentialConcreteStore creds for the userid&amp;nbsp;of the dropbox you want to connect to. First you have to get the real userid&amp;nbsp;by making a request for the account info via the loadAccountInfo method (at first I thought it was the name or email addy), then you call the credentialStoreForUserId method to extract the creds from the local SDK framework.&lt;/P&gt;
&lt;P&gt;Take the stored token and secret returned in the creds and stuff them into the sharedSession via the updateAccessToken:accessTokenSecret:forUserId method in the future and VOILA you are linked.&amp;nbsp;In fact the isLinked method of DBSession only looks to see if there is an entry in the creds array internally so it is then ready to rock.&lt;/P&gt;
&lt;P&gt;As you guys pointed out storing the token and secret in the app is a security risk (whose extent also depends on the nature of the data being stored). A smart developer might fetch these from his own website using other secure means so as to keep the app secure and to enable the developer to reissue the credential periodically without breaking the app.&lt;/P&gt;
&lt;P&gt;Thanks again for helping me see the light! Hopefully the v2 interfaces for objC will not be drastically different than the v1 when they come? I am quite pleased with how easy the integration is compared to the other cloud storage services.&lt;/P&gt;
&lt;P&gt;One final question on the topic. If I wanted to use this technique as a sideband storage to our own dropbox silently AND to enable users with the regular auth cycle for their datastorage I am guessing I need to setup 2 DBSessions? Perhaps put the user's dropbox on the shared Session and do our sideband transmissions to our own dropBox on another DBsession?&lt;/P&gt;</description>
      <pubDate>Fri, 05 Feb 2016 05:22:00 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Login-without-DB-UI-intervention/m-p/132664#M3925</guid>
      <dc:creator>TK K.</dc:creator>
      <dc:date>2016-02-05T05:22:00Z</dc:date>
    </item>
  </channel>
</rss>

