@Zard wrote:
It's my fault, I am using Net Core, the examples code of .net is too old, I can't understanf them.
...
Hi again @Zard,
Yes, the examples can be more... familiar/convenient to newbie users... for sure.
@Zard wrote:
..., and I see Token Flow can get token directly, so I wan to try it, but I can't get data from url easily.
...
Keep in mind that all access tokens are short lived, so you cannot use them for long running task! For long term access you need refresh token. Through URL directly can be fetch access token only. That's why you may need to perform code flow as Greg mentioned earlier above.
@Zard wrote:
...
This is my first to use OAuth 2.0, When integrating other APIs, they only need apikey, apiSecret, or token to complete authentication, ...
It's similar with Dropbox API too. The only difference is that the token, you're talking about, has to be refresh token, not access token! 😉 They are different things.
@Zard wrote:
..., I Just want to use Dropbox api when users are uploading files. and My app is like that:
/contents/authorize: I add this action to get code, but it return me a html code in content of response.
/contents/token: this action to to receive code and to get a token by api.
/contents: upload files and submit form data, but I can not get token directly by one action, it needs to redirect to html and back, that I can not get token directly when submitting form.
...
🙂 Keep in mind that /oauth2/authorize is web page where a user of your application (or you as a user) would start granting access for your application to the corresponding account. It's NOT access point (i.e. something that need to be called)! You have to open it (once prepared) in web browser and copy the authorization code from there by hand (without redirect URL) or 'catch it' using redirect URL in the application. 😉 After that, once you have that code, you can use /oauth2/token to receive/materialize the code to tokens. Detailed steps can be seen here (without redirect URL).
In .Net you can take a look on the example here. In Program.cs can be seen automatic OAuth flow organization alongside other things. If it's too complex for you, replace 'AcquireAccessToken' method with the following:
private async Task<string> AcquireAccessToken()
{
var accessToken = Settings.Default.AccessToken;
var refreshToken = Settings.Default.RefreshToken;
var uid = Settings.Default.Uid;
if (string.IsNullOrEmpty(refreshToken))
{
try
{
Console.WriteLine("Waiting for credentials.");
var state = Guid.NewGuid().ToString("N");
var pkceObject = new PKCEOAuthFlow();
var authorizeUri = pkceObject.GetAuthorizeUri(
OAuthResponseType.Code, ApiKey, RedirectUri.ToString(),
tokenAccessType: TokenAccessType.Offline, state: state,
includeGrantedScopes: IncludeGrantedScopes.User);
Console.WriteLine("authorizeUri: {0}", authorizeUri);
var http = new HttpListener();
http.Prefixes.Add(LoopbackHost);
http.Start();
System.Diagnostics.Process.Start(authorizeUri.ToString());
var context = await http.GetContextAsync();
Console.WriteLine("QueryString: {0}", context.Request.Url);
var responseUri = context.Request.Url;
context.Response.ContentType = "text/html; charset=utf-8";
using (var file = File.OpenRead("index.html"))
{
file.CopyTo(context.Response.OutputStream);
}
context.Response.OutputStream.Close();
http.Stop();
OAuth2Response credResponse = await pkceObject.ProcessCodeFlowAsync(responseUri, ApiKey, RedirectUri.ToString(), state);
Console.WriteLine("credResponse: {0}", credResponse.ToString());
accessToken = credResponse.AccessToken;
refreshToken = credResponse.RefreshToken;
uid = credResponse.Uid;
Console.WriteLine("ScopeList: {0}", credResponse.ScopeList);
Settings.Default.AccessToken = accessToken;
Settings.Default.Uid = uid;
Settings.Default.RefreshToken = refreshToken;
Settings.Default.Save();
}
catch (Exception e)
{
Console.WriteLine("Error: {0}", e.Message);
return null;
}
}
return uid;
}
I think the above is a bit more clear. The file "index.html" inside is as follows:
<html>
<head>
<meta charset="UTF-8">
<link href="https://fonts.googleapis.com/css?family=Nunito+Sans:400,400i,700,900&display=swap" rel="stylesheet">
</head>
<style>
body {
text-align: center;
padding: 40px 0;
background: #EBF0F5;
}
h1 {
color: #88B04B;
font-family: "Nunito Sans", "Helvetica Neue", sans-serif;
font-weight: 900;
font-size: 40px;
margin-bottom: 10px;
}
p {
color: #404F5E;
font-family: "Nunito Sans", "Helvetica Neue", sans-serif;
font-size:20px;
margin: 0;
}
i {
color: #9ABC66;
font-size: 100px;
line-height: 200px;
margin-left:-15px;
}
.card {
background: white;
padding: 60px;
border-radius: 4px;
box-shadow: 0 2px 3px #C8D0D8;
display: inline-block;
margin: 0 auto;
}
</style>
<body>
<div class="card">
<div style="border-radius:200px; height:200px; width:200px; background: #F8FAF5; margin:0 auto;">
<i class="checkmark">✓</i>
</div>
<h1>Успех</h1>
<p>🎉 Успешно свързахте приложението си,<br/>може да продължите използването му! 😉</p>
</div>
</body>
</html>
Here everything is performed in one step of redirection - no second needed.
Hope this makes the things much more clear.
