Need to see if your shared folder is taking up space on your dropbox 👨‍💻? Find out how to check here.

Forum Discussion

RTS S.'s avatar
RTS S.
Helpful | Level 6
7 years ago
Solved

IOS ASWebAuthenticationSession for OAuth

Previously I used a WKWebView  browser control to perform the OAUth. This allowed me to trap the redirect URL to obtain the access code. My redirect URL was http://localhost/Auth

Now I am using the Native browser interface ASWebAuthenticationSession This requires that you use an APPLICATION specific callback URL scheme for your redirect uri. i.e. MyAppName://Auth

The Dropbox APP console allows me to specifiy this as the Redirect URL but gives an error when I try to call the  oauth2/authrize endpoint using this as the redirect_uri

API
  • RTS S.'s avatar
    RTS S.
    7 years ago

    Thanks, I used the Code flow as it looked more secure.

    It would seem that custom URL schemes would be as secure as LOCALHOST ... both of which can only work on the user's device.

     

     

     

6 Replies

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    7 years ago

    Can you share the full URL of the page displaying the error, as well as the text of the error itself? Thanks in advance! 

  • RTS S.'s avatar
    RTS S.
    Helpful | Level 6
    7 years ago
        static let CLIENT_ID = "......"
    static let CLIENT_SECRET = "...."
    static let REDIRECT_URL = "myapp://Auth"
    static let OAUTH_URL = "https://www.dropbox.com/1/oauth2/authorize"
    
    override func OAuthURL() -> String {
      return String(format:"%@?redirect_uri=%@&response_type=code&client_id=%@&force_reapprove=true",
                    DropboxOAuthInfo.OAUTH_URL,
                    HTTP.urlEncode(DropboxOAuthInfo.REDIRECT_URL),
                    DropboxOAuthInfo.CLIENT_ID)
    }
  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Community Moderator rankDropbox Community Moderator
    7 years ago

    Thanks! Based on the code you shared, I see that you're using the "code" flow (i.e., 'response_type=code'). For the code flow, only "https://" is allowed in the redirect URI (unless on localhost), so "myapp://" wouldn't be allowed.

    Instead, for client-side applications like this, you should use the "token" flow, i.e., 'response_type=token'. That does allow custom URL schemes in redirect URIs, such as "myapp://". 

    For more information on how to use the token flow, please refer to the /oauth2/authorize documentation.

  • RTS S.'s avatar
    RTS S.
    Helpful | Level 6
    7 years ago

    Thanks, I used the Code flow as it looked more secure.

    It would seem that custom URL schemes would be as secure as LOCALHOST ... both of which can only work on the user's device.

     

     

     

  • Eddyfc's avatar
    Eddyfc
    New member | Level 2
    7 years ago
    {"swagger": "2.0", "basePath": "/", "paths": {"/model/metadata": {"get": {"responses": {"200": {"des

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.

The Dropbox Community team is active from Monday to Friday. We try to respond to you as soon as we can, usually within 2 hours.

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X, Facebook or Instagram.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!