Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
I have a .net app that needs to get all of the shared links for a particular file. The only way I can see to do this is to:
I am an Admin and have approved this app during authorization. This all works well on my computer. If another user, who is not an Admin, tries to get an authorization token they receive an error message saying "You must be a team administrator to authorize this app. Either login to a Dropbox for Business admin account, or contact an existing administrator for your team."
How do I authorize a non-Admin user, or is there a better way to do this?
Thanks
An access token is just a string, so you could technically transmit it using whatever communication mechanism you wish. If you give the access token string, which was created by authorization from an admin, to a non-admin user, they could then technically run the same code to make a DropboxTeamClient, list groups, list members, operate as members, and list shared links.
That wouldn't be recommended though, as a matter of security, as a team-linked access token like that enables access that a non-admin doesn't have.
When using any "team" scopes, the app can only be authorized by a team admin, because it would be connected to the entire team, not just a particular account.
If you just want to connect to a particular account, you can disable any team scopes, so that it can be authorized by non-admins. Access tokens/refresh tokens without the team scopes will be specific to the particular account (Business or not) and so would not require you to get a member ID and use AsMember; you would instead make a DropboxClient directly (not a DropboxTeamClient).
For reference, the ListSharedLinksAsync method requires the 'sharing.read' scope, which isn't a team scope. You can find more information on scopes in the OAuth Guide.
If you don't need to call any team endpoints (e.g., if you just need to call user methods, such as ListSharedLinksAsync), I recommend this solution instead for simplicity and security.
Thanks Greg.
Is there a way to get all of the shared links that exist for a file, without using the DropboxTeamClient? If I only have a DropboxClient for the current user, I can only see the shared links for a file for that user, correct?
Yes, if you have a DropboxClient you can call ListSharedLinksAsync to list the shared links for that file for only that user. If you only need to list all of the shared links for that file for that particular user, that would work.
If you need to be able to list all shared links for a file across all members of the team though, you would need to use the team scopes and start with the DropboxTeamClient, as that's how you would get access to all team member accounts, and call for each member. In that case, you don't need to have each member authorize the app themself though, as the single authorization from a team admin would grant access to the entire team.
Yes, I'm trying to list all shared links for a file across all members of the team. I guess the part I'm stuck on then is how to get the DropboxTeamClient for a non-Admin user. What oauth2accessToken would I use to create a new DropboxTeamClient?
You cannot get a DropboxTeamClient based on a non-admin's authorization. To get a DropboxTeamClient, you would need to use team scopes and have an admin authorize the connection. Since using team scopes means the connection would be able to access the entire team and perform team-level operations, only a team admin is able to perform that authorization.
When using team scopes and having a team admin authorize the app, the resulting access token is connected to the team itself and can be used to get a DropboxTeamClient. If you need to operate on all team member accounts (whether the members are admins or not) without having each member individually authorize the app, that would be the right process to follow. That would only need to be authorized by an admin once.
The app is using team scopes, and has been authorized by an admin (me). Everything works fine on my computer using my Dropbox account.
How does a non-admin user, on a different computer, get access to the resulting team connected token? Do you have a code example of how the non-admin user would create a new DropboxTeamClient, using the token I created as an admin?
The goal is to be able to have a non-admin user get all of the members of the team, and check the shared links for each member.
An access token is just a string, so you could technically transmit it using whatever communication mechanism you wish. If you give the access token string, which was created by authorization from an admin, to a non-admin user, they could then technically run the same code to make a DropboxTeamClient, list groups, list members, operate as members, and list shared links.
That wouldn't be recommended though, as a matter of security, as a team-linked access token like that enables access that a non-admin doesn't have.
OK, so it sounds like what I'm trying to do isn't really recommended. I'll try to approach this problem a different way. Thank you for all your help.
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!