cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Learn more about how Connie, a member of the Community, uses Dropbox here!

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Forced to make all users Team Admins? "You must be a team administrator to authorize this app"

Forced to make all users Team Admins? "You must be a team administrator to authorize this app"

Tech Dev Oldsmar
New member | Level 2

Good morning:

 

Transitioning to short-lived token with a snag.  The "no expiration" token currently used in the 10-person dev environment is working perfect to upload/download/save, etc.... files/folders in a shared teams environment.   

 

Got oauth2 working for me and my other user with Team Administrator access.  The app must obviously have scoped access to the shared folders:

 

Scroped-DBX-API-settings.jpg

 

I bought another business license to create a test user without teams admin access and (like my other 8 users).  Without admin access, I cannot register the app.  I get this error:

error-connecting-app-need-team-admin-access.jpg

I use the DBX API for an intranet and manage access through Azure AD so I have precise control of how folders are created, files saved, etc....   I'd like the API available to regular business DBX users without making them Team Administrators.   I'm skirting this right now in production with the non-expiring token but those days are numbered. 

 

Any ideas?   Thanks in advance. 

 

 

1 Accepted Solution

Accepted Solutions

Re: Forced to make all users Team Admins? "You must be a team administrator to authorize this

Greg-DB
Dropboxer

This error is about which scopes are being requested. For reference, scoped apps can use two main kinds of scopes: "Individual" and "Team".

 

Individual scopes enable access to functionality for an individual account, such as uploading and downloading files, creating folders, etc. They can be authorized by any kind of Dropbox account.

 

Team scopes enable access to functionality for entire Business teams, such as managing members, etc. They can only be authorized by team admins.

 

The error here is indicating that the app is requesting team scopes, but the user is not an admin and so cannot authorize that. If you want to allow non-admins to connect the app, you'll need to request only individual scopes. 

 

If your app never needs to use team scopes, you can configure this by disabling the team scopes entirely from the app's Permissions settings (which are shown in your screenshot).

 

Alternatively, if your app does sometimes need to use team scopes, you can instead specify which scopes to request from a user on the fly by setting a particular set of scopes when constructing the authorization URL. That is, you can list the scopes to request in the 'scope' parameter on the /oauth2/authorize URL. (If you're using an SDK to process the flow, refer to the relevant SDK documentation for information on how to configure that.)

View solution in original post

2 Replies 2

Re: Forced to make all users Team Admins? "You must be a team administrator to authorize this

Greg-DB
Dropboxer

This error is about which scopes are being requested. For reference, scoped apps can use two main kinds of scopes: "Individual" and "Team".

 

Individual scopes enable access to functionality for an individual account, such as uploading and downloading files, creating folders, etc. They can be authorized by any kind of Dropbox account.

 

Team scopes enable access to functionality for entire Business teams, such as managing members, etc. They can only be authorized by team admins.

 

The error here is indicating that the app is requesting team scopes, but the user is not an admin and so cannot authorize that. If you want to allow non-admins to connect the app, you'll need to request only individual scopes. 

 

If your app never needs to use team scopes, you can configure this by disabling the team scopes entirely from the app's Permissions settings (which are shown in your screenshot).

 

Alternatively, if your app does sometimes need to use team scopes, you can instead specify which scopes to request from a user on the fly by setting a particular set of scopes when constructing the authorization URL. That is, you can list the scopes to request in the 'scope' parameter on the /oauth2/authorize URL. (If you're using an SDK to process the flow, refer to the relevant SDK documentation for information on how to configure that.)

View solution in original post

Re: Forced to make all users Team Admins? "You must be a team administrator to authorize this

Tech Dev Oldsmar
New member | Level 2

Hello Greg:

 

Worked!   The .NET SDK DBX App has Teams rights but I only request individual rights in the authorization URL scope directive:  

 

https://www.dropbox.com/oauth2/authorize?client_id=MY_CLIENT_ID&redirect_uri=MY_REDIRECT_URI&respons...scope=account_info.write account_info.read files.metadata.write files.metadata.read files.content.write files.content.read

 

That allows a non-Team Admin to approve the app.   When I need to actually use a Team feature (team_info.read team_data.member team_data.team_space files.team_metadata.write members.read groups.read) I create a teamClient.AsMember and everything seems to be fine.   I tested it out to create a subfolder within a Team directory and no problem!  

 

Thanks!

 

Anton

Poll
Are you starting new work habits this year?
Who's talking

Top contributors to this post

What do Dropbox user levels mean?
Need more support?