Get all shared links for a file

icefishandrew · ‎04-19-2023

I have a .net app that needs to get all of the shared links for a particular file. The only way I can see to do this is to:

Get a DropboxTeamClient with "team_info.read", "team_data.member", "groups.read" scopes
Get the proper group id through TeamTeamRoutes.GroupsListAsync
Get all of the members of the group through TeamTeamRoutes.GroupsMembersListAsync
Cycle through the GroupMemberInfo getting the TeamMemberId, and then get a DropboxClient from DropboxTeamClient.AsMember(TeamMemberId)
Get all of the shared links for that file, for that member, using SharingUserRoutes.ListSharedLinksAsync

I am an Admin and have approved this app during authorization. This all works well on my computer. If another user, who is not an Admin, tries to get an authorization token they receive an error message saying "You must be a team administrator to authorize this app. Either login to a Dropbox for Business admin account, or contact an existing administrator for your team."

How do I authorize a non-Admin user, or is there a better way to do this?

Thanks

Greg-DB · ‎04-19-2023

An access token is just a string, so you could technically transmit it using whatever communication mechanism you wish. If you give the access token string, which was created by authorization from an admin, to a non-admin user, they could then technically run the same code to make a DropboxTeamClient, list groups, list members, operate as members, and list shared links.

That wouldn't be recommended though, as a matter of security, as a team-linked access token like that enables access that a non-admin doesn't have.

View solution in original post

Greg-DB · ‎04-19-2023

When using any "team" scopes, the app can only be authorized by a team admin, because it would be connected to the entire team, not just a particular account.

If you just want to connect to a particular account, you can disable any team scopes, so that it can be authorized by non-admins. Access tokens/refresh tokens without the team scopes will be specific to the particular account (Business or not) and so would not require you to get a member ID and use AsMember; you would instead make a DropboxClient directly (not a DropboxTeamClient).

For reference, the ListSharedLinksAsync method requires the 'sharing.read' scope, which isn't a team scope. You can find more information on scopes in the OAuth Guide.

If you don't need to call any team endpoints (e.g., if you just need to call user methods, such as ListSharedLinksAsync), I recommend this solution instead for simplicity and security.

icefishandrew · ‎04-19-2023

Thanks Greg.

Is there a way to get all of the shared links that exist for a file, without using the DropboxTeamClient? If I only have a DropboxClient for the current user, I can only see the shared links for a file for that user, correct?

Greg-DB · ‎04-19-2023

Yes, if you have a DropboxClient you can call ListSharedLinksAsync to list the shared links for that file for only that user. If you only need to list all of the shared links for that file for that particular user, that would work.

If you need to be able to list all shared links for a file across all members of the team though, you would need to use the team scopes and start with the DropboxTeamClient, as that's how you would get access to all team member accounts, and call for each member. In that case, you don't need to have each member authorize the app themself though, as the single authorization from a team admin would grant access to the entire team.

icefishandrew · ‎04-19-2023

Yes, I'm trying to list all shared links for a file across all members of the team. I guess the part I'm stuck on then is how to get the DropboxTeamClient for a non-Admin user. What oauth2accessToken would I use to create a new DropboxTeamClient?

Greg-DB · ‎04-19-2023

You cannot get a DropboxTeamClient based on a non-admin's authorization. To get a DropboxTeamClient, you would need to use team scopes and have an admin authorize the connection. Since using team scopes means the connection would be able to access the entire team and perform team-level operations, only a team admin is able to perform that authorization.

When using team scopes and having a team admin authorize the app, the resulting access token is connected to the team itself and can be used to get a DropboxTeamClient. If you need to operate on all team member accounts (whether the members are admins or not) without having each member individually authorize the app, that would be the right process to follow. That would only need to be authorized by an admin once.

icefishandrew · ‎04-19-2023

The app is using team scopes, and has been authorized by an admin (me). Everything works fine on my computer using my Dropbox account.

How does a non-admin user, on a different computer, get access to the resulting team connected token? Do you have a code example of how the non-admin user would create a new DropboxTeamClient, using the token I created as an admin?

The goal is to be able to have a non-admin user get all of the members of the team, and check the shared links for each member.

Greg-DB · ‎04-19-2023

An access token is just a string, so you could technically transmit it using whatever communication mechanism you wish. If you give the access token string, which was created by authorization from an admin, to a non-admin user, they could then technically run the same code to make a DropboxTeamClient, list groups, list members, operate as members, and list shared links.

That wouldn't be recommended though, as a matter of security, as a team-linked access token like that enables access that a non-admin doesn't have.

icefishandrew · ‎04-19-2023

OK, so it sounds like what I'm trying to do isn't really recommended. I'll try to approach this problem a different way. Thank you for all your help.

Get all shared links for a file

Get all shared links for a file

Top contributors to this post