Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
I don't want to keep my own user membership db and login logic for my web app. My web app is going to be only for Dropbox and I want to rely on Dropbox Login only. Otherwise, saving the access token means, I have to associate it with the Email of the user. That means, I have to have my own login system asking Email of the user first before using the access token for Dropbox. I want to avoid all that login system.
That means, the web app will work the following way:
1) There is no membership db or cookie so it remembers nothing about a user.
2) Every time, the user wants to access it, he clicks on a "Login to Dropbox" button.
3) Since Dropbox handles auto-login, the "Allow" screen comes up from Dropbox. Clicking on Allow starts the web app with its own folder.
That means, the app goes through the Oauth2 initial logic (2 steps) to get authorization code and then get access token each time.
Questions:
1) Is this 2-click usage acceptable behavior for a web app as per your policy?
2) If not, is there any scheme by which I can eliminate just Step 3? Then the user just clicks the Login button and the web app starts.
Thanks.
This is sort of already possible. If you send the user through the app authorization flow again, they may (e.g., as long as your app's redirect URI uses https://) be automatically redirected, without having to click "Allow", if they've already authorized the app. You can find a note about this under "force_reapprove" in the documentation:
https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize
Note that this still will return a new access token to your app though.
1) Unfortunately we can't provide any absolute guarantee of your app's compliance based on a description, so you should be sure to review all the guidelines and terms before developing an app:
https://www.dropbox.com/developers/reference/tos
https://www.dropbox.com/developers/reference/devguide
https://www.dropbox.com/developers/reference/branding
2) To avoid having the user go through the Dropbox app authorization flow each time, you would need to store the access token in their session/cookies and re-use it when they return.
>>To avoid having the user go through the Dropbox app authorization flow each time, you would need to store the access token in their session/cookies and re-use it when they return.<<
I have no problem in saving the access token in the DB against the Email. But next time when the user comes to use the App, I want Dropbox to authenticate the user, just for Login, before I use the saved access token. In other words, the user should then login to Dropbox but should not be presented with Allow dialog and should not generate another access token. Is that possible? I want to use the saved access token for a user next time only if he is authenticated by Dropbox.
Thanks,
Sanjay
This is sort of already possible. If you send the user through the app authorization flow again, they may (e.g., as long as your app's redirect URI uses https://) be automatically redirected, without having to click "Allow", if they've already authorized the app. You can find a note about this under "force_reapprove" in the documentation:
https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize
Note that this still will return a new access token to your app though.
That's exactly what I want. That means, I can just save a flag in the cookie that says it was approved once. And use it to switch on that option. Switch it off only if the user wants to switch the dropbox accounts by some other action.
>>Note that this still will return a new access token to your app though.
That's OK. Will it create a problem for Dropbox system itself to have too many access tokens generated? Or does it automatically recycle by invalidating the old one?
Thanks,
Sanjay
Finally, I was able to test it with https and it works perfectly. In fact, if I follow this approach, it works automatically, asking for login only once and then navigating automatically. This is great.
Thanks,
Sanjay
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!