cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Update: Find information on Dropbox support during COVID-19 here
Close

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

How does Redirect URI in App Console work

Explorer | Level 3

Hello,

 

I am developing an application where I want to integrate Dropbox with the Python SDK and later on I want to have webhooks.

I don't want my application to be publicly accessible, but I know that because of webhooks I need to have a publicly accessible URI.

How does that work with the Redirect uri when I request an access token for example? I define an URI like http://127.0.0.1:port/.. and the same URI in the application, and it works just fine. Is my application publicly accessible somehow here? Or the only time when it is really publicly accessible is only when Dropbox needs to send the webhook notification?

 

I am asking this because I am trying to implement the whole application on a private Git repository but the Dropbox service on a public Git repository, but I am encountering problems with csrf tokens and obviously everything needs to be in one place so it is not considered a CSRF attack.

I want to figure out if it is really neccessary to divide those two things (when implementing the basic functions like obtaining the access token and getting the files), or I need that public Git rep only for webhooks.

1 Accepted Solution

Accepted Solutions

Re: How does Redirect URI in App Console work

Dropboxer
Dropboxer

OAuth 2 redirect URIs and webhook URIs serve different purposes, and are registered separately. They do not need to be identical, or even share a domain. You can find more information on how the OAuth app authorization works, including the use of OAuth 2 redirect URIs, in the OAuth guide. You can find more information on using webhooks in the webhooks documentation.

 

OAuth 2 redirect URIs don't technically need to be publicly accessible. They just need to be accessible to the user going through the OAuth 2 app authorization flow. In your example, http://127.0.0.1:port/, the redirect URI is on 127.0.0.1, which is localhost, not a public address. (To what extent your local computer/server is publicly accessible is unrelated to Dropbox itself.)

 

Webhook URIs, on the other hand, do need to be publicly accessible, since the Dropbox API servers need to be able to access them in order to send the webhook notifications.

View solution in original post

1 Reply 1

Re: How does Redirect URI in App Console work

Dropboxer
Dropboxer

OAuth 2 redirect URIs and webhook URIs serve different purposes, and are registered separately. They do not need to be identical, or even share a domain. You can find more information on how the OAuth app authorization works, including the use of OAuth 2 redirect URIs, in the OAuth guide. You can find more information on using webhooks in the webhooks documentation.

 

OAuth 2 redirect URIs don't technically need to be publicly accessible. They just need to be accessible to the user going through the OAuth 2 app authorization flow. In your example, http://127.0.0.1:port/, the redirect URI is on 127.0.0.1, which is localhost, not a public address. (To what extent your local computer/server is publicly accessible is unrelated to Dropbox itself.)

 

Webhook URIs, on the other hand, do need to be publicly accessible, since the Dropbox API servers need to be able to access them in order to send the webhook notifications.

View solution in original post

Work Smarter with Dropbox

The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.

Sound good? Let's get started.
Polls
Have you been keeping up good habits while working from home?
We've created a working from home cheat sheet to help keep up on those habits, check it out here.
Need more support?