cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Dropbox Authentication only with code

Dropbox Authentication only with code

sosnos
Explorer | Level 4
Go to solution

I need to create a React app that gives the possibility of uploading files on Dropbox, and I'm having some doubts about how to make the Dropbox Authentication with Javascript code. I don't want the user to be redirected to the "Authorization page" where he has to click on some button, but I want to get the permission to my App and my files only by code. I tried to use the official SDK but I got redirected to said authorization page. Is there a way to do that, with or without the official SDK? Or am I thinking it wrong and the authorization page actually appears just one time and the next ones I can get the authorization and the token just with my Javascript code?

1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
Go to solution

@sosnos We recommend using the latest version of the official Dropbox SDK. You can find the official API v2 Dropbox JavaScript SDK here, including the official documentation and examples. That does contain the 'getAuthenticationUrl' method, documented here. You can find an example of using that here.

View solution in original post

4 Replies 4

Greg-DB
Dropbox Staff
Go to solution

In order to get an access token for a user's account in order to interact with the user's Dropbox account programmatically, you do need to get authorization from the user at least once. An app gets authorization from the user by sending them through the OAuth app authorization flow. If the user authorizes the app, the app will receive an access token it can use to call the API, and optionally a refresh token. The app can store and re-use that, so it doesn't need to send the user through the authorization flow again. 

 

Depending on what settings you use though, you may need to send the use through the authorization flow again occasionally to get a new access token. Please first read the OAuth Guide for information on the different options available and what kind of input they do or don't require from the user. 

Robert S.138
Helpful | Level 7
Go to solution

In addition to what Greg said, I would add that there is a very good reason for requiring that the user go through the explicit authorization process on a web page at least once.  If there were a way to accomplish the same thing without ever sending the user to a web page, it would then be possible for malicious app code to trick the user into devulging their Dropbox password to the app.  If an app can see the user's Dropbox password then the app could send it to a malicious entity that could then break into the user's Dropbox and compromise their privacy.  As it is, the app never sees the user's password.  And the web page ensures that the user is fully informed as to why they are being asked for their password, and their security is protected.

 

sosnos
Explorer | Level 4
Go to solution

Sorry for the late reply, I understand now why I have to do the authorization step. I followed the Image Flipping code on GitHub and successfully got my user in, but I noticed it works with an old version of the Dropbox Javascript SDK; I tried to use the latest version but the code didn't go through because there's no "getAuthenticationURL" in the new SDK.  Can I still use the old version or should I try to use the latest version?

Greg-DB
Dropbox Staff
Go to solution

@sosnos We recommend using the latest version of the official Dropbox SDK. You can find the official API v2 Dropbox JavaScript SDK here, including the official documentation and examples. That does contain the 'getAuthenticationUrl' method, documented here. You can find an example of using that here.

Need more support?