cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Update: Find information on Dropbox support during COVID-19 here
Close
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

IOS ASWebAuthenticationSession for OAuth

Helpful | Level 6

Previously I used a WKWebView  browser control to perform the OAUth. This allowed me to trap the redirect URL to obtain the access code. My redirect URL was http://localhost/Auth

Now I am using the Native browser interface ASWebAuthenticationSession This requires that you use an APPLICATION specific callback URL scheme for your redirect uri. i.e. MyAppName://Auth

The Dropbox APP console allows me to specifiy this as the Redirect URL but gives an error when I try to call the  oauth2/authrize endpoint using this as the redirect_uri

1 Accepted Solution

Accepted Solutions
Highlighted

Re: IOS ASWebAuthenticationSession for OAuth

Helpful | Level 6

Thanks, I used the Code flow as it looked more secure.

It would seem that custom URL schemes would be as secure as LOCALHOST ... both of which can only work on the user's device.

 

 

 

View solution in original post

6 Replies 6
Highlighted

Re: IOS ASWebAuthenticationSession for OAuth

Dropboxer
Dropboxer

Can you share the full URL of the page displaying the error, as well as the text of the error itself? Thanks in advance! 

Highlighted

Re: IOS ASWebAuthenticationSession for OAuth

Helpful | Level 6
    static let CLIENT_ID = "......"
    static let CLIENT_SECRET = "...."
    static let REDIRECT_URL = "myapp://Auth"
    static let OAUTH_URL = "https://www.dropbox.com/1/oauth2/authorize"
    
    override func OAuthURL() -> String {
      return String(format:"%@?redirect_uri=%@&response_type=code&client_id=%@&force_reapprove=true",
                    DropboxOAuthInfo.OAUTH_URL,
                    HTTP.urlEncode(DropboxOAuthInfo.REDIRECT_URL),
                    DropboxOAuthInfo.CLIENT_ID)
    }

Highlighted

Re: IOS ASWebAuthenticationSession for OAuth

Helpful | Level 6

The image did not get attached ... here it is as a link:

Screen Capture

Highlighted

Re: IOS ASWebAuthenticationSession for OAuth

Dropboxer
Dropboxer

Thanks! Based on the code you shared, I see that you're using the "code" flow (i.e., 'response_type=code'). For the code flow, only "https://" is allowed in the redirect URI (unless on localhost), so "myapp://" wouldn't be allowed.

Instead, for client-side applications like this, you should use the "token" flow, i.e., 'response_type=token'. That does allow custom URL schemes in redirect URIs, such as "myapp://". 

For more information on how to use the token flow, please refer to the /oauth2/authorize documentation.

Highlighted

Re: IOS ASWebAuthenticationSession for OAuth

Helpful | Level 6

Thanks, I used the Code flow as it looked more secure.

It would seem that custom URL schemes would be as secure as LOCALHOST ... both of which can only work on the user's device.

 

 

 

View solution in original post

Highlighted

Re: IOS ASWebAuthenticationSession for OAuth

New member | Level 2
New member | Level 2
{"swagger": "2.0", "basePath": "/", "paths": {"/model/metadata": {"get": {"responses": {"200": {"des

Work Smarter with Dropbox

The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.

Sound good? Let's get started.
Who's talking

Top contributors to this post

What do Dropbox user levels mean?
Need more support?