cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Are you interested in hearing how one of our Community members uses Dropbox for sailing trips? Read all about it here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: How to find the present-log-in-account in the redirect_uri

How to find the present-log-in-account in the redirect_uri

seizo
Helpful | Level 6
Go to solution

I have a question about /oauth2/authorize end point.

Now I'm developing an Android app.
The app sends a request to /oauth2/authorize end point. (response_type=token)
I could confirm that the endpoint redirects the data to a certain web-page that I had set in my app-settings (redirect_uri).


At this moment, if I had already logged in to Dropbox service with the account "AAA@gmail.com"
I can get token for the account "AAA@gmail.com" in the redirect_uri.

Here is my question below .....

If I have several Dropbox accounts,
for example ...
"AAA@gmail.com"
"BBB@gmail.com"
"CCC@gmail.com"
how can I know the the token in the redirect_uri is for?

Are there any ways to send the present-log-in-account-id to the redirect_uri.


How to find the present-log-in-account in the redirect_uri

1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
Go to solution
It's no problem!

The user can change accounts if they want before clicking "Allow". You may want to set force_reapprove=true though. Otherwise, Dropbox may automatically redirect them before that can do so. You can find more information on that parameter here:

https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize

View solution in original post

8 Replies 8

Greg-DB
Dropbox Staff
Go to solution

When Dropbox sends the user back to the redirect URI specified by your app, it will include the 'account_id' for the account that authorized the app, along with the other parameters, on the URL fragment. You can find the documentation for all of the pieces of information returned here:

 

https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize

 

Note that since this occurs client-side, you can't strictly trust these values for authentication purposes, so you should then call /2/users/get_current_account using that access token to verify the account ID, if that's what you need it for:

 

https://www.dropbox.com/developers/documentation/http/documentation#users-get_current_account

seizo
Helpful | Level 6
Go to solution

Greg, thank you for the advice.

 

As you said there is account_id in the URL fragment.
It is like this below.
"dbid%32221111%%%%%%%sssspppp"

But the user who are facing the redirect-page needs to know the current account,
because he/she has to decide to change the account or not at this moment.


So I think that /oauth2/authorize end point has to return log-in id
like "aaaa@dropbox.com" rather than account_id like "dbid%32221111%%%%%%%sssspppp",
to specify the user the account that /oauth2/authorize have permitted to access.

 

🙂

Greg-DB
Dropbox Staff
Go to solution
The /oauth2/authorize web page itself shows the user which account they're currently logged in to in the drop down in the upper right corner of the page. They can also switch which account they're logged in to by signing out and in there, before authorizing the app.

seizo
Helpful | Level 6
Go to solution

Thank you Greg for the kind explanation. <(_ _)>

 

When I use oauth2/authorize endpoint ...
with the parameter "response_type=code" and
without the parameter "redirect_uri=https://myWebpage.com"
I can get a code in the https://www.dropbox.com/1/oauth2/authorize_submit page.
As you wrote, there is a drop down in the upper right corner.

 

But in case I use the endpoint ...
with the parameter "response_type=token" and
with the parameter "redirect_uri=https://myWebpage.com"
it seems to be difficult to install the similar drop down in the private redirect_uri, doesn't it?

 

🙂

Greg-DB
Dropbox Staff
Go to solution
I'm not sure I understand what you mean when you say "it seems to be difficult to install the similar drop down in the private redirect_uri, doesn't it?"

Can you elaborate? If that's your own private page, you can design it however you'd like.

seizo
Helpful | Level 6
Go to solution

Sorry for my bad writing. <(_ _)>
I'm not a native English speaker. 🙂

 

And thanks to your kind advices, I have been able to figure out what I should do.

I would have liked the app-users to know what account he/she logged in, and to have chance to change accounts if he/she wants.

 

To achieve that, the best way seems to be ....
     Step 1 : Get a CODE using the oauth2/authorize end point
     Step 2 : Convert the CODE into a bearer token using the /oauth2/token end point


But at first, I was trying to get a bearer token using the oauth2/authorize end point with the parameter "response_type=token".
That seems to be my mistake.

 

I appreciate your help. <(_ _)>

Greg-DB
Dropbox Staff
Go to solution
It's no problem!

The user can change accounts if they want before clicking "Allow". You may want to set force_reapprove=true though. Otherwise, Dropbox may automatically redirect them before that can do so. You can find more information on that parameter here:

https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize

Kiang M59
Explorer | Level 4
Go to solution
ใช้งานง่ายและรวดเร็ว
Need more support?