cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How does Redirect URI in App Console work

Labels:

How does Redirect URI in App Console work

MajaS
Explorer | Level 3
‎03-24-2017 08:16 AM
Go to solution

Hello,

 

I am developing an application where I want to integrate Dropbox with the Python SDK and later on I want to have webhooks.

I don't want my application to be publicly accessible, but I know that because of webhooks I need to have a publicly accessible URI.

How does that work with the Redirect uri when I request an access token for example? I define an URI like http://127.0.0.1:port/.. and the same URI in the application, and it works just fine. Is my application publicly accessible somehow here? Or the only time when it is really publicly accessible is only when Dropbox needs to send the webhook notification?

 

I am asking this because I am trying to implement the whole application on a private Git repository but the Dropbox service on a public Git repository, but I am encountering problems with csrf tokens and obviously everything needs to be in one place so it is not considered a CSRF attack.

I want to figure out if it is really neccessary to divide those two things (when implementing the basic functions like obtaining the access token and getting the files), or I need that public Git rep only for webhooks.

Labels:
  • 1 Likes
  • 1 Replies
  • 8,111 Views
1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
‎03-25-2017 07:31 AM
Go to solution

OAuth 2 redirect URIs and webhook URIs serve different purposes, and are registered separately. They do not need to be identical, or even share a domain. You can find more information on how the OAuth app authorization works, including the use of OAuth 2 redirect URIs, in the OAuth guide. You can find more information on using webhooks in the webhooks documentation.

 

OAuth 2 redirect URIs don't technically need to be publicly accessible. They just need to be accessible to the user going through the OAuth 2 app authorization flow. In your example, http://127.0.0.1:port/, the redirect URI is on 127.0.0.1, which is localhost, not a public address. (To what extent your local computer/server is publicly accessible is unrelated to Dropbox itself.)

 

Webhook URIs, on the other hand, do need to be publicly accessible, since the Dropbox API servers need to be able to access them in order to send the webhook notifications.

View solution in original post

1 Reply 1

Greg-DB
Dropbox Staff
‎03-25-2017 07:31 AM
Go to solution

OAuth 2 redirect URIs and webhook URIs serve different purposes, and are registered separately. They do not need to be identical, or even share a domain. You can find more information on how the OAuth app authorization works, including the use of OAuth 2 redirect URIs, in the OAuth guide. You can find more information on using webhooks in the webhooks documentation.

 

OAuth 2 redirect URIs don't technically need to be publicly accessible. They just need to be accessible to the user going through the OAuth 2 app authorization flow. In your example, http://127.0.0.1:port/, the redirect URI is on 127.0.0.1, which is localhost, not a public address. (To what extent your local computer/server is publicly accessible is unrelated to Dropbox itself.)

 

Webhook URIs, on the other hand, do need to be publicly accessible, since the Dropbox API servers need to be able to access them in order to send the webhook notifications.

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?