Your workflow is unique 👨‍💻 -  tell us how you use Dropbox here.

Forum Discussion

Mixware's avatar
Mixware
Explorer | Level 3
8 years ago

How to relink a user (revoke) using the javascript api.

Can anyone show me an example how to use the javascript api to revoke and then let the user re-link to Dropbox?  
API
anthonyhaffey's avatar
anthonyhaffey
Explorer | Level 4
8 years ago

So I tried sending the user to the logout page, but them logging in with a different profile doesn't seem to change which user is logged in with my javascript app. 

 

Is there no way to change the output of dbx.getAuthenticationUrl to give a web address that'll automatically log the user out?

Greg-DB's avatar
Greg-DB
Icon for Dropbox Community Moderator rankDropbox Community Moderator
8 years ago

anthonyhaffey The user's web session, that is, the account signed in to the Dropbox web site, is separate from the API client's access, that is, the account identified by the access token your app has.

 

If you're trying to switch the account logged in to your app, make sure you throw away the old access token, as that will always be for the old account.

 

For reference though apps can technically sign users out of the Dropbox web site during the app authorization flow. Similar to the 'force_reapprove' parameter on /authorize, there is a 'force_reauthentication' parameter:

 

https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize

 

This also isn't currently implemented in the official JavaScript SDK, but I'll be sure to pass this along as a feature request. We generally don't encourage its use though, as it's more disruptive to the user.

  • anthonyhaffey's avatar
    anthonyhaffey
    Explorer | Level 4
    8 years ago

    Greg-DB Thanks for your response. I've tried throwing away the old token, but I've found that my method for asking them to reauthenticate automatically logs them onto the same dropbox account:

    dbx.authTokenRevoke();
var dbx = new Dropbox({ clientId: CLIENT_ID });
var authUrl = dbx.getAuthenticationUrl('https://www.open-collector.org/alpha/Admin/Tools/Simulator_SQL/');
document.getElementById('authlink').href = authUrl;
$("#authlink")[0].click();

    Is there something I need to change or add to this code to prevent them automatically being authenticated onto the same dropbox account as they were before I revoked the authorisation token?

     

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    8 years ago
    Depending on your use case, you may want to add the `force_reapprove` or `force_reauthentication` parameters. Please refer to my earlier posts on this thread for more information about those.

    Since those aren't implemented in the JavaScript SDK, you'd need to parse and modify the `authUrl` value in this code to add one of those parameters.
  • anthonyhaffey's avatar
    anthonyhaffey
    Explorer | Level 4
    8 years ago

    Greg-DB Thanks! All I had to do was add "&force_reauthentication=true" to the end of the authUrl generated by the dbx.getAuthenticationUrl function. 

About Dropbox API Support and Feedback

Node avatar for Dropbox API Support and Feedback
Get help with the Dropbox API from fellow developers and experts.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!