Does this mean, every user who want to access dropbox files, need to create an dropbox app and generate consumer key and secret?
No, users just have to authenticate using the OAuth process flow - the application will have your keys and secrets embedded in it, they don't have to generate their own.
thanks for prompt response...
yes we can keep key. secret inside application. so which OAUTH flow we can use so that for new user we can get access token...i cant find grantType password working in dropbox which is way to pass username/password
As I said before, you can't have your users present their Dropbox username and password to your application - that is not allowed.
You have to use the authentication flow detailed here:
This flow connects to the Dropbox servers using a browser instance, allows the user to authenticate directly with the Dropbox servers, and gives you an authentication token at the end of it. It is that authentication token that you then use to access Dropbox on behalf of that user.
ohh this is 3legged flow...
Dropbox dnt support "4.3 Resource Owner Password Credentials Grant" ??
Oauth2 specs: https://tools.ietf.org/html/rfc6749#section-1.3.3
POST /token HTTP/1.1
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.Sound good? Let's get started.