cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Update: Find information on Dropbox support during COVID-19 here
Close

Discuss Dropbox Developer & API

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Auto login when trying to sign up new user

New member | Level 2
New member | Level 2

Hello everyone!
I'm maybe doing something extremely wrong here, but in my app (express nodejs server + mongodb) I have the signing up routine in the following way:
Fresh user goes to "https://www.dropbox.com/oauth2/authorize?response_type=code&redirect_uri={my app's callback route and client id}
There he logs in to dropbox if it's not already done and then prompted to connect this account to my app. After accepting or rejecting the prompt he is redirected to my callback route where the received token is handled via passportJS dropbox extension and session is created and stored in browser. Meanwhile user creates password for the email used in dropbox account and uses these credentials to log in to the app later.
However when user logs out successfully, and goes on registration route again, the dropbox automatically confirms all the data (if user existing also in my app is already signed up and that he already gave permission to connect the app to this account) and logs the user in to my app automatically as well.
So the question is - are there ways to ask user, does he want to log in with currently logged in dropbox account, or he wants to register some another account? 
It asks me permission to log in to the app when I'm running the app in my developer mode on localhost, so I can easily log out from existing user there and sign up a new one if I want, so maybe I can do the same for production build?
Thanks in advance for your help! 

1 Accepted Solution

Accepted Solutions
Highlighted

Re: Auto login when trying to sign up new user

Dropboxer
Dropboxer

Yes, by default, if the user has already approved the app and there is an https:// redirect URI being used, Dropbox may automatically redirect them to the redirect URI.

You can prevent this from happening though by using the 'force_reapprove=true' option for the www.dropbox.com/oauth2/authorize authorization page. If you set that, Dropbox will not automatically redirect the user. In that case, the user has the opportunity to log out and log back in with a different account before authorizing the app.

View solution in original post

5 Replies 5
Highlighted

Re: Auto login when trying to sign up new user

Super Collaborator | Level 20

@mylnikovD wrote:

... After accepting or rejecting the prompt he is redirected to my callback route where the received token is handled via passportJS dropbox extension and session is created and stored in browser. ...
However when user logs out successfully, and goes on registration route again, the dropbox automatically confirms all the data (if user existing also in my app is already signed up and that he already gave permission to connect the app to this account) and logs the user in to my app automatically as well. ...


Hi @mylnikovD,

Don't you see something strange? All data are in the browser and in same time you ask why Dropbox automatically confirms! If you want full logout, take care for everything in the browser (no any lead back or at least not direct). Otherwise this becomes a security concern! Take in mind that the user already have confirmed your application access to Dropbox, at that moment.

Hope this gives right direction.

Highlighted

Re: Auto login when trying to sign up new user

New member | Level 2
New member | Level 2

Yes, I understand that I need to clear everything on logout, and I'm actually doing it, I'm destroying the session and clearing the cookie, but user remains logged in on the dropbox, so when he goes to the dropbox link that is used for registration, the it sends back the token of this logged in user and my app automatically logs him in, so maybe there is a way to log out from dropbox as well from my app when user logs out from it?

Highlighted

Re: Auto login when trying to sign up new user

Super Collaborator | Level 20

As far as I know, there isn't such way, but user should gonna be asked for add new application instance, in such a case. After that, everything is user responsibility, new app instance or rejects and tries usage new Dropbox account. You can't get in there, would be Dropbox security issue. Does something else happen? You can add tips, describing such a situation, in your application users guide.

Highlighted

Re: Auto login when trying to sign up new user

Dropboxer
Dropboxer

Yes, by default, if the user has already approved the app and there is an https:// redirect URI being used, Dropbox may automatically redirect them to the redirect URI.

You can prevent this from happening though by using the 'force_reapprove=true' option for the www.dropbox.com/oauth2/authorize authorization page. If you set that, Dropbox will not automatically redirect the user. In that case, the user has the opportunity to log out and log back in with a different account before authorizing the app.

View solution in original post

Highlighted

Re: Auto login when trying to sign up new user

New member | Level 2
New member | Level 2

Thanks a lot for your help, Greg, that seems as perfect for my case!

Polls
Do you know how to organize your files and folders?
We have created a guide on folder best practice, so you can get organized now check it out here.

Work Smarter with Dropbox

The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.

Sound good? Let's get started.
Who's talking

Top contributors to this post

What do Dropbox user levels mean?
Need more support?