cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Are you interested in learning how media industry leaders use Dropbox Replay? Register for our webinar here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Each OAuth 2.0 re-authentication asks for user's permission

Each OAuth 2.0 re-authentication asks for user's permission

serge30
Explorer | Level 3
Go to solution

Hello,

 

I'm developing JS SPA which uses Dropbox as a storage. It has no backend, thus I'm using OAuth 2.0 code flow with PKCE.

 

According to the documentation https://developers.dropbox.com/oauth-guide: 

 

If the token expires - throwing a 401 error - your application may simply re-authenticate as described above. If your token is expired, but the user is signed into Dropbox and their approval is still valid, the redirects will not require end-user input. A user’s approval remains valid until explicitly revoked.

 

But if I redirect user to auth link, it still requires user to accept application and grant permissions.

 

Can I configure Dropbox to ask user for permissions only first time? So further token refresh will be seamless for user.

 

--

Thanks,

Serhii

1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
Go to solution

There isn't anything additional you should/can configure for this. Dropbox will automatically redirect through the flow when it can, but there are some exceptions. For example, it will only do so when an https:// redirect URI is supplied; it won't automatically redirect to http://. Also, if the user has linked accounts, they won't be automatically redirected, as they need to select which account to use.

View solution in original post

2 Replies 2

Greg-DB
Dropbox Staff
Go to solution

There isn't anything additional you should/can configure for this. Dropbox will automatically redirect through the flow when it can, but there are some exceptions. For example, it will only do so when an https:// redirect URI is supplied; it won't automatically redirect to http://. Also, if the user has linked accounts, they won't be automatically redirected, as they need to select which account to use.

serge30
Explorer | Level 3
Go to solution

Greg,

 

Oh, I run app locally on http://localhost:3000 So that's a case.

 

Thank you!

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    serge30 Explorer | Level 3
  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?