cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Do you have an idea for Dropbox Paper? Share it with us here!

Auto login when trying to sign up new user

New member | Level 2

Hello everyone!
I'm maybe doing something extremely wrong here, but in my app (express nodejs server + mongodb) I have the signing up routine in the following way:
Fresh user goes to "https://www.dropbox.com/oauth2/authorize?response_type=code&redirect_uri={my app's callback route and client id}
There he logs in to dropbox if it's not already done and then prompted to connect this account to my app. After accepting or rejecting the prompt he is redirected to my callback route where the received token is handled via passportJS dropbox extension and session is created and stored in browser. Meanwhile user creates password for the email used in dropbox account and uses these credentials to log in to the app later.
However when user logs out successfully, and goes on registration route again, the dropbox automatically confirms all the data (if user existing also in my app is already signed up and that he already gave permission to connect the app to this account) and logs the user in to my app automatically as well.
So the question is - are there ways to ask user, does he want to log in with currently logged in dropbox account, or he wants to register some another account? 
It asks me permission to log in to the app when I'm running the app in my developer mode on localhost, so I can easily log out from existing user there and sign up a new one if I want, so maybe I can do the same for production build?
Thanks in advance for your help! 

1 Accepted solution

Accepted Solutions
Highlighted

Re: Auto login when trying to sign up new user

Dropboxer

Yes, by default, if the user has already approved the app and there is an https:// redirect URI being used, Dropbox may automatically redirect them to the redirect URI.

You can prevent this from happening though by using the 'force_reapprove=true' option for the www.dropbox.com/oauth2/authorize authorization page. If you set that, Dropbox will not automatically redirect the user. In that case, the user has the opportunity to log out and log back in with a different account before authorizing the app.

View solution in original post

Reply
Loading...
5 Replies

Re: Auto login when trying to sign up new user

Star Collaborator | Level 19

@mylnikovD wrote:

... After accepting or rejecting the prompt he is redirected to my callback route where the received token is handled via passportJS dropbox extension and session is created and stored in browser. ...
However when user logs out successfully, and goes on registration route again, the dropbox automatically confirms all the data (if user existing also in my app is already signed up and that he already gave permission to connect the app to this account) and logs the user in to my app automatically as well. ...


Hi @mylnikovD,

Don't you see something strange? thinking face All data are in the browser and in same time you ask why Dropbox automatically confirms! winking face If you want full logout, take care for everything in the browser (no any lead back or at least not direct). Otherwise this becomes a security concern! Take in mind that the user already have confirmed your application access to Dropbox, at that moment.

Hope this gives right direction.

Reply
Loading...

Re: Auto login when trying to sign up new user

New member | Level 2

Yes, I understand that I need to clear everything on logout, and I'm actually doing it, I'm destroying the session and clearing the cookie, but user remains logged in on the dropbox, so when he goes to the dropbox link that is used for registration, the it sends back the token of this logged in user and my app automatically logs him in, so maybe there is a way to log out from dropbox as well from my app when user logs out from it?

Reply
Loading...

Re: Auto login when trying to sign up new user

Star Collaborator | Level 19

As far as I know, there isn't such way, but user should gonna be asked for add new application instance, in such a case. After that, everything is user responsibility, new app instance or rejects and tries usage new Dropbox account. You can't get in there, would be Dropbox security issue. Does something else happen? You can add tips, describing such a situation, in your application users guide. winking face

Reply
Loading...
Highlighted

Re: Auto login when trying to sign up new user

Dropboxer

Yes, by default, if the user has already approved the app and there is an https:// redirect URI being used, Dropbox may automatically redirect them to the redirect URI.

You can prevent this from happening though by using the 'force_reapprove=true' option for the www.dropbox.com/oauth2/authorize authorization page. If you set that, Dropbox will not automatically redirect the user. In that case, the user has the opportunity to log out and log back in with a different account before authorizing the app.

View solution in original post

Reply
Loading...

Re: Auto login when trying to sign up new user

New member | Level 2

Thanks a lot for your help, Greg, that seems as perfect for my case!

Reply
Loading...
Developer & API Discussions

Have a question? Our Dropbox Community is here to help you find an answer!
You won’t have to wait too long for a reply, but why not learn more about the Community while you’re here.

Not the right discussion for you? Find out what else our Community has to say about Developer & API Discussions.

Or, search our Help Center for even more.