cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to know all about tools for creatives that work seamlessly with Dropbox, like Adobe? Well, check it out right here!

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Authorisation flow for a Python client console app

Authorisation flow for a Python client console app

aplowman
Explorer | Level 4

I am trying to integrate Dropbox into my Python console application. I understand there are two types of authorisation flows: "code" and "token". Since my app is a client app, I don't want to have to store an app secret within the source code and so I believed the "token" flow was the right choice for me. So I started a simple local server up from within my app that can serve on a URI that I have added to my "Redirect URIs" on the Dropbox App console. The problem is: the access token forwarded by Dropbox after authorisation is stored in the URL fragment that is not sent to the server (as opposed to in the query string), so there is no way for my Python console app to access the token. How can I authorise Dropbox in this case without exposing an app secret? Thanks.

1 Accepted Solution

Accepted Solutions

Re: Authorisation flow for a Python client console app

Greg-DB
Dropboxer

No, the Dropbox API only supports the "token" and "code" OAuth 2 flows, both of which require user interaction in the browser. 

So in your case, given the interaction is with a remote machine, it sounds like having the user copy/paste the token may be the most reasonable option. You can use this page as your redirect URI for that if you want: https://www.dropbox.com/1/oauth2/display_token

View solution in original post

3 Replies 3

Re: Authorisation flow for a Python client console app

Greg-DB
Dropboxer

That's correct, using the "token" flow is preferred for client-side applications like this, as it doesn't require the use of the app secret.

As you mentioned though, the access token is returned on the URL fragment of the required redirect URI, so it's not acessible to the server. So, to get the access token back to a console app, you'll need to retrieve the access token via another means. Some options are:

  • display the access token on your redirect URI page, and have the user manually copy and paste it into the app 
  • run some JavaScript on your redirect URI page to get the access token from the fragment and send it to your app via a mechanism of your choosing (e.g., some other HTTPS/AJAX request)

Re: Authorisation flow for a Python client console app

aplowman
Explorer | Level 4

Thanks for your reply. I'll try out these solutions!

This is a tricky situation for my app, since it will be mainly used on a remote cluster, where users connect via SSH and there is no desktop environment. I'm guessing there are no ways to authorise wholly in the command line?

Re: Authorisation flow for a Python client console app

Greg-DB
Dropboxer

No, the Dropbox API only supports the "token" and "code" OAuth 2 flows, both of which require user interaction in the browser. 

So in your case, given the interaction is with a remote machine, it sounds like having the user copy/paste the token may be the most reasonable option. You can use this page as your redirect URI for that if you want: https://www.dropbox.com/1/oauth2/display_token

View solution in original post

Poll
Do you work or study in the creative industry? If so, which area?
If you use Adobe, don't forget to check out our latest integrations update here.
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropboxer
  • User avatar
    aplowman Explorer | Level 4
What do Dropbox user levels mean?
Need more support?