Re: "App Authentication" for App (without tokens). Yet another migration from long lived t

lalomores · ‎03-07-2022

Hi there! I see there have been a lot of questions in the forum on this topic, so I'll just cut to the chase.

My app is made in Meteor (NodeJS) and React. Clients of my app do not need to handle files, just see them. Files are not client related, only related to my Dropbox App and corresponding Dropbox app folder.

Checking the Authentication Types the most obvious candidate to replace my long lived token, seems to be "App Authentication": "This type only uses the app's own app key and secret, and doesn't identify a specific user or team". That's perfect. I can safely provide app key and secret in the server exclusively, as the client will never need those. The question is how do I achieve that type of auth?

In the js sdk, I only found this example using app key and secret, yet afterwards it goes through the oauth process in the browser anyways. If I don't do that oauth part, I get an error [*] as a result of calling dbx.filesListFolders({ path: '', recursive: true }):

Any ideas what may I be missing?

[*]:

"error": {

"name": "DropboxResponseError",

"status": 409,

"headers": {},

"error": {

"error_summary": "path/unsupported_content_type/...",

"error": {

".tag": "path",

"path": {

".tag": "unsupported_content_type"

}

dwissing · ‎05-10-2022

I have spent hours trying to get the API working. It worked great before the tokens started expiring every 4 hours. I have read everything I can find about this, but I can't piece it together. I have an app that need to access a dedicated Dropbox folder. I don't care who is using the app, and I don't want the users to need to authenticate. It worked well with the long term token I generated in the app console before that option was removed.

It seems like now I have to figure out how to build a separate app just to authorize and create the token. I would love to be able to generate a token from the app console similar to how we could before. This would save me many, many hours of work.

Здравко · ‎05-11-2022

Hi @dwissing,

Take a look on https://www.dropboxforum.com/t5/Dropbox-API-Support-Feedback/Issue-in-generating-access-token/td-p/5... how you would be able do the same in regular terminal. 😉

Hope this helps.

dwissing · ‎05-11-2022

So this shows how to refresh a token manually in terminal. My app is Vue.js. Current code is: import { Dropbox } from 'dropbox'

import { Dropbox } from 'dropbox'
import axios from 'axios'
async function get_thumbnail() {
  const dropbox_token =
    'sl.**CODE**'
  const options = {
    format: 'jpeg',
    mode: 'strict',
    path: found_file_path.value,
    size: 'w64h64'
  }
  var dbx = new Dropbox({
    accessToken: dropbox_token
  })
  try {
    const response = await dbx.filesGetThumbnail(options)
    return response
  } catch (error) {
    console.log(error)
  }
}

I can use the info you provided in a terminal to get a new access token, but how do I do it automatically?

Здравко · ‎05-11-2022

@dwissing wrote:
...
I can use the info you provided in a terminal to get a new access token, but how do I do it automatically?
...

🙂 No, no, no... Seems my forwarding was too brief and no very clear.

On the page, I referred to above, entire work flow is described, not only initial authentication! The last part there, as you noticed, is refresh description. Since you are using Dropbox SDK, where refresh process is implemented internally, you don't need to do it by hand. 😁 In such a way you would do some job of SDK by hand.

The only thing you need to do is initialization of Dropbox client object using refresh token, instead of access token. That's it. In addition it's NOT good idea every time when need to perform particular operation, new object sets up (like you are doing now). This leads to efficiency lost. Better, set one client object at the beginning (with global view or so), keep it, and use it till the end.

Take a look here how you can initialize a client object using refresh token. 😉

Hope it's a bit more clear now.

Greg-DB · ‎05-11-2022

@dwissing Здравко is correct, and offered helpful guidance, so please refer to that. Also, note that refresh tokens don't expire, so you can store and re-use them repeatedly.

Здравко · ‎05-11-2022

@Greg-DB wrote:
... , so you can store and re-use them repeatedly.

@Greg-DB, better let @dwissing focus on the particular setup. No storage or reusage is need in particular case. The refresh token is available as a constant and can be used as a replacement for 'token.result.refresh_token', in particular.

dwissing · ‎05-11-2022

Thank you.

I tried just replacing the access token with the refresh token in the dbx - new Dropbox() line, but that did not work.

The example you pointed to uses the key and secret in this command, along with "fetch". I am not familiar with fetch, but I get the following error:

TypeError: Failed to execute 'fetch' on 'Window': Illegal invocation
at Dropbox2.fetch (<anonymous>:1:876)
at dropbox.js:108:22

import { Dropbox } from 'dropbox'
import axios from 'axios'
const config = {
  fetch,
  clientId: 'app_key',
  clientSecret: 'app_secret'
}
var dbx = new Dropbox(config)

async function get_thumbnail() {
  const options = {
    format: 'jpeg',
    mode: 'strict',
    path: found_file_path.value,
    size: 'w64h64'
  }

  try {
    const response = await dbx.filesGetThumbnail(options)
    return response
  } catch (error) {
    console.log(error)
  }
}

Здравко · ‎05-11-2022

@Здравкоwrote:
...
The only thing you need to do is initialization of Dropbox client object using refresh token, instead of access token.
...

@dwissing wrote:
...
I tried just replacing the access token with the refresh token in the dbx - new Dropbox() line, but that did not work.
...

Of course, what did you expect??? 🤔 Did you expect different way of initialization and replacement to be the same? Does referred example use refresh token just as an access token replacement? (or not exactly) 🤷

Where you are getting this 'fetch' from? 🧐 (take a look on the example once again) 😉

Where you are setting your refresh token actually??? 🤦 (focus on the enlightened line in the example, once again)

Ensharp your attention little bit! 🙂

dwissing · ‎05-11-2022

The example you linked to above has this setup:

const fetch = require('node-fetch');
const app = require('express')();

const hostname = 'localhost';
const port = 3000;

const config = {
  fetch,
  clientId: 'jg8wc1hfkvel6ql',
  clientSecret: 'f0i5w4e6mlbbme5',
};

const { Dropbox } = require('dropbox'); // eslint-disable-line import/no-unresolved

const dbx = new Dropbox(config);

Instead of using an access token in the "new Dropbox()" command, they are using the above config including "fetch". I don't really understand how this works, or where I can put the refresh token in order to use it to create a new Dropbox object.

Здравко · ‎05-11-2022

@dwissing wrote:
... I don't really understand how this works, or where I can put the refresh token in order to use it to create a new Dropbox object.

Ok, I'm putting the example with enlightened line here again. Can you explain what exactly this line is doing (exactly this, no any other)? What will change if you replace the argument there to your refresh token literal? 🤔

Don't go fast! Relax little bit (as much as need). When you get ready, take a look on the line. What are you seeing there, what this line does actually? What if you put this line at the beginning? (next client object creation)

Re: "App Authentication" for App (without tokens). Yet another migration from long lived t

"App Authentication" for App (without tokens). Yet another migration from long lived tokens question