cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
What’s new: end-to-end encryption, Replay and Dash updates. Find out more about these updates, new features and more here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: API secret in dropbox.oauth.DropboxOAuth2FlowNoRedirect and redistribution

Labels:

API secret in dropbox.oauth.DropboxOAuth2FlowNoRedirect and redistribution

salven
Helpful | Level 6
‎05-19-2018 04:43 PM
Go to solution

Hi,

 I am writing a simple app in the form of a python script which follows the OAuth2 procedure for the user to link and use their own account. Now, the DropboxOAuth2FlowNoRedirect() method requires both the app key *and* secret to be passed and I can't seem to reconciliate this with replies to similar questions, where it was specified that only the key is really needed. How would I go to redistribute the app without embedding (or revealing) the app key?

Labels:
  • 1 Likes
  • 4 Replies
  • 3,194 Views
1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
‎05-21-2018 07:52 AM
Go to solution

The Dropbox OAuth 2 app authorization implementation supports two different flows:
- the "code" flow: this flow requires both the app key and secret
- the "token" flow: this flow only requires the app key

 

The `DropboxOAuth2FlowNoRedirect` class in the Dropbox Python SDK uses the "code" flow, so it requires the app key and secret.

 

The Python SDK doesn't implement the "token" flow unfortunately, but I'll pass this along as a feature request. 

 

That being the case, to distribute a client-side Python app without including the app secret, you'd need to implement the token flow yourself, either by modifying the SDK or without using the SDK at all. Note that the token flow requires a redirect URI though, so you'd need to use a local redirect URI.

View solution in original post

0 Likes
4 Replies 4

Greg-DB
Dropbox Staff
‎05-21-2018 07:52 AM
Go to solution

The Dropbox OAuth 2 app authorization implementation supports two different flows:
- the "code" flow: this flow requires both the app key and secret
- the "token" flow: this flow only requires the app key

 

The `DropboxOAuth2FlowNoRedirect` class in the Dropbox Python SDK uses the "code" flow, so it requires the app key and secret.

 

The Python SDK doesn't implement the "token" flow unfortunately, but I'll pass this along as a feature request. 

 

That being the case, to distribute a client-side Python app without including the app secret, you'd need to implement the token flow yourself, either by modifying the SDK or without using the SDK at all. Note that the token flow requires a redirect URI though, so you'd need to use a local redirect URI.

0 Likes

salven
Helpful | Level 6
‎05-21-2018 11:27 AM
Go to solution

Thank you, Greg, that helps a lot.

 

 

0 Likes

Manotai M.
New member | Level 2
‎05-22-2018 06:40 AM
Go to solution
การทำงานversionเก่ามีผลต่อการใช้งานในDropboxของฉัน
0 Likes

Greg-DB
Dropbox Staff
‎05-22-2018 09:06 AM
Go to solution

@Manotai M. If you're having trouble with Dropbox itself, you can contact support here:

 

https://www.dropbox.com/support

 

 

 

 

[This thread is now closed. If you have a similar or new question, you can ask here]

0 Likes
Need more support?