cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Discuss Dropbox Developer & API

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Auto login when trying to sign up new user

Labels:

Auto login when trying to sign up new user

mylnikovD
New member | Level 2
‎02-05-2020 06:19 AM
Go to solution

Hello everyone!
I'm maybe doing something extremely wrong here, but in my app (express nodejs server + mongodb) I have the signing up routine in the following way:
Fresh user goes to "https://www.dropbox.com/oauth2/authorize?response_type=code&redirect_uri={my app's callback route and client id}
There he logs in to dropbox if it's not already done and then prompted to connect this account to my app. After accepting or rejecting the prompt he is redirected to my callback route where the received token is handled via passportJS dropbox extension and session is created and stored in browser. Meanwhile user creates password for the email used in dropbox account and uses these credentials to log in to the app later.
However when user logs out successfully, and goes on registration route again, the dropbox automatically confirms all the data (if user existing also in my app is already signed up and that he already gave permission to connect the app to this account) and logs the user in to my app automatically as well.
So the question is - are there ways to ask user, does he want to log in with currently logged in dropbox account, or he wants to register some another account? 
It asks me permission to log in to the app when I'm running the app in my developer mode on localhost, so I can easily log out from existing user there and sign up a new one if I want, so maybe I can do the same for production build?
Thanks in advance for your help! 

Labels:
  • 0 Likes
  • 5 Replies
  • 2,753 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
‎02-05-2020 08:16 AM
Go to solution

Yes, by default, if the user has already approved the app and there is an https:// redirect URI being used, Dropbox may automatically redirect them to the redirect URI.

You can prevent this from happening though by using the 'force_reapprove=true' option for the www.dropbox.com/oauth2/authorize authorization page. If you set that, Dropbox will not automatically redirect the user. In that case, the user has the opportunity to log out and log back in with a different account before authorizing the app.

View solution in original post

5 Replies 5

Здравко
Legendary | Level 20
‎02-05-2020 06:54 AM
Go to solution
@mylnikovD wrote:

... After accepting or rejecting the prompt he is redirected to my callback route where the received token is handled via passportJS dropbox extension and session is created and stored in browser. ...
However when user logs out successfully, and goes on registration route again, the dropbox automatically confirms all the data (if user existing also in my app is already signed up and that he already gave permission to connect the app to this account) and logs the user in to my app automatically as well. ...

Hi @mylnikovD,

Don't you see something strange? :thinking: All data are in the browser and in same time you ask why Dropbox automatically confirms! :wink: If you want full logout, take care for everything in the browser (no any lead back or at least not direct). Otherwise this becomes a security concern! Take in mind that the user already have confirmed your application access to Dropbox, at that moment.

Hope this gives right direction.

0 Likes

mylnikovD
New member | Level 2
‎02-05-2020 07:13 AM
Go to solution

Yes, I understand that I need to clear everything on logout, and I'm actually doing it, I'm destroying the session and clearing the cookie, but user remains logged in on the dropbox, so when he goes to the dropbox link that is used for registration, the it sends back the token of this logged in user and my app automatically logs him in, so maybe there is a way to log out from dropbox as well from my app when user logs out from it?

0 Likes

Здравко
Legendary | Level 20
‎02-05-2020 07:40 AM
Go to solution

As far as I know, there isn't such way, but user should gonna be asked for add new application instance, in such a case. After that, everything is user responsibility, new app instance or rejects and tries usage new Dropbox account. You can't get in there, would be Dropbox security issue. Does something else happen? You can add tips, describing such a situation, in your application users guide. :wink:

0 Likes

Greg-DB
Dropbox Staff
‎02-05-2020 08:16 AM
Go to solution

Yes, by default, if the user has already approved the app and there is an https:// redirect URI being used, Dropbox may automatically redirect them to the redirect URI.

You can prevent this from happening though by using the 'force_reapprove=true' option for the www.dropbox.com/oauth2/authorize authorization page. If you set that, Dropbox will not automatically redirect the user. In that case, the user has the opportunity to log out and log back in with a different account before authorizing the app.

mylnikovD
New member | Level 2
‎02-06-2020 12:51 AM
Go to solution

Thanks a lot for your help, Greg, that seems as perfect for my case!

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    mylnikovD New member | Level 2
  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    Здравко Legendary | Level 20
What do Dropbox user levels mean?