<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: PKCE vs Tokenbearer in LUA in Discuss Dropbox Developer &amp; API</title>
    <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/PKCE-vs-Tokenbearer-in-LUA/m-p/557883#M2245</link>
    <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1492955"&gt;@Loky31&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;..., or a LUA library that helps with that. ...&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;Hi &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1492955"&gt;@Loky31&lt;/a&gt;,&lt;/P&gt;&lt;P&gt;Doesn't 'lua-http' work for you? It's a http client and server together, so has to be quite easy to implement Dropbox connection and OAuth flow too. If it doesn't fit your needs may be next would be implementing really from scratch using 'luasocket'.&lt;/P&gt;&lt;P&gt;Hope this gives some ideas.&lt;/P&gt;</description>
    <pubDate>Tue, 16 Nov 2021 12:51:21 GMT</pubDate>
    <dc:creator>Здравко</dc:creator>
    <dc:date>2021-11-16T12:51:21Z</dc:date>
    <item>
      <title>PKCE vs Tokenbearer in LUA</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/PKCE-vs-Tokenbearer-in-LUA/m-p/557707#M2242</link>
      <description>&lt;P&gt;Hello all,&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I'm currently willing to use dropbox for uploading and downloading from an android app, in LUA language.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;I gave a try using the token generated on the app page in dropbox console interface and it works quite well.&lt;/P&gt;&lt;P&gt;Then come the troubles &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@FBF7D2AB59A0D6E861EBF6A36F93B7E2/emoticons/1f642.png" alt=":slightly_smiling_face:" title=":slightly_smiling_face:" /&gt;&lt;/P&gt;&lt;P&gt;From what I read, I should implement PKCE to get token for the different terminals that use the app. That will avoid to have the token in "clear" in the binaries. Right?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;From that I have two questions:&amp;nbsp;&lt;/P&gt;&lt;P&gt;Is that a good practice or something to be absolutely done?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;The second one, is someone has already performed that in LUA language?&amp;nbsp;&lt;/P&gt;&lt;P&gt;I don't know how do it :s&lt;/P&gt;</description>
      <pubDate>Mon, 15 Nov 2021 16:37:12 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/PKCE-vs-Tokenbearer-in-LUA/m-p/557707#M2242</guid>
      <dc:creator>Loky31</dc:creator>
      <dc:date>2021-11-15T16:37:12Z</dc:date>
    </item>
    <item>
      <title>Re: PKCE vs Tokenbearer in LUA</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/PKCE-vs-Tokenbearer-in-LUA/m-p/557768#M2243</link>
      <description>&lt;P&gt;Dropbox doesn't have any official resources for Lua in particular, but perhaps someone else on the forum has something they can share.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;As for the functionality itself, note that every Dropbox user API access token identifies one specific app-account pair, and allows access to that account to the extent allowed by the app's permissions as authorized by the user. So, the access token you generated on the App Console is for that app and your account in particular. In order to allow arbitrary end-users to connect the app to their own accounts, you should implement the OAuth flow in your app. That way, the app gets an access token for each end-user. You can find more information in &lt;A href="https://developers.dropbox.com/oauth-guide" target="_self"&gt;the OAuth Guide&lt;/A&gt; and &lt;A href="https://www.dropbox.com/developers/documentation/http/documentation#authorization" target="_self"&gt;authorization documentation&lt;/A&gt;. For client-side apps, the PKCE OAuth flow in particular is the best option.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;You should not embed and distribute your own access token (or refresh token) in a client-side app, as that would enable anyone with the app to get the access token and use it to access your own account. Even if you attempt to obfuscate the token(s) in the app's binary, client-side apps can't keep secrets secure, so you could only make it more difficult but not impossible for someone to extract the token(s).&lt;/P&gt;</description>
      <pubDate>Mon, 15 Nov 2021 20:19:14 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/PKCE-vs-Tokenbearer-in-LUA/m-p/557768#M2243</guid>
      <dc:creator>Greg-DB</dc:creator>
      <dc:date>2021-11-15T20:19:14Z</dc:date>
    </item>
    <item>
      <title>Re: PKCE vs Tokenbearer in LUA</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/PKCE-vs-Tokenbearer-in-LUA/m-p/557860#M2244</link>
      <description>&lt;P&gt;thanks Greg-DB.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;That's clarify quite a lot the topic &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@FBF7D2AB59A0D6E861EBF6A36F93B7E2/emoticons/1f642.png" alt=":slightly_smiling_face:" title=":slightly_smiling_face:" /&gt;&lt;/P&gt;&lt;P&gt;Still have to find someone who has done that in LUA, or a LUA library that helps with that. As of today I understand how it works but I'm not really able to implement it from scratch.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;Anyway, thanks for the help &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@FBF7D2AB59A0D6E861EBF6A36F93B7E2/emoticons/1f642.png" alt=":slightly_smiling_face:" title=":slightly_smiling_face:" /&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 16 Nov 2021 09:43:40 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/PKCE-vs-Tokenbearer-in-LUA/m-p/557860#M2244</guid>
      <dc:creator>Loky31</dc:creator>
      <dc:date>2021-11-16T09:43:40Z</dc:date>
    </item>
    <item>
      <title>Re: PKCE vs Tokenbearer in LUA</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/PKCE-vs-Tokenbearer-in-LUA/m-p/557883#M2245</link>
      <description>&lt;BLOCKQUOTE&gt;&lt;HR /&gt;&lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1492955"&gt;@Loky31&lt;/a&gt;&amp;nbsp;wrote:&lt;BR /&gt;&lt;P&gt;..., or a LUA library that helps with that. ...&lt;/P&gt;&lt;HR /&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;Hi &lt;a href="https://www.dropboxforum.com/t5/user/viewprofilepage/user-id/1492955"&gt;@Loky31&lt;/a&gt;,&lt;/P&gt;&lt;P&gt;Doesn't 'lua-http' work for you? It's a http client and server together, so has to be quite easy to implement Dropbox connection and OAuth flow too. If it doesn't fit your needs may be next would be implementing really from scratch using 'luasocket'.&lt;/P&gt;&lt;P&gt;Hope this gives some ideas.&lt;/P&gt;</description>
      <pubDate>Tue, 16 Nov 2021 12:51:21 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/PKCE-vs-Tokenbearer-in-LUA/m-p/557883#M2245</guid>
      <dc:creator>Здравко</dc:creator>
      <dc:date>2021-11-16T12:51:21Z</dc:date>
    </item>
    <item>
      <title>Re: PKCE vs Tokenbearer in LUA</title>
      <link>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/PKCE-vs-Tokenbearer-in-LUA/m-p/557904#M2246</link>
      <description>&lt;P&gt;Many thanks, I will dig into it &lt;img class="lia-deferred-image lia-image-emoji" src="https://www.dropboxforum.com/html/@FBF7D2AB59A0D6E861EBF6A36F93B7E2/emoticons/1f642.png" alt=":slightly_smiling_face:" title=":slightly_smiling_face:" /&gt;&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 16 Nov 2021 13:46:05 GMT</pubDate>
      <guid>https://www.dropboxforum.com/t5/Discuss-Dropbox-Developer-API/PKCE-vs-Tokenbearer-in-LUA/m-p/557904#M2246</guid>
      <dc:creator>Loky31</dc:creator>
      <dc:date>2021-11-16T13:46:05Z</dc:date>
    </item>
  </channel>
</rss>

