Keep getting new access token

good_boy · ‎05-28-2018

I can successfully authenticate Dropbox in my Phonegap app the first time, but I keep getting a new one if the button is pressed again, why is that? Shouldn't it return the same token again?

And there is a blank screen which appears. I have seen many dirty solution to change the inappbrowser.js code itself. this is problematic, since the plugin can't be edited if I have to compile the app for multiple platforms from an online build service.

What is your suggestion for a proper implementation, where authorization happens only once if successful and stored indefinitely in the app without concern if the app cache is cleared by user and a blank page is also not displayed?

At present I have this basic implementation, in index.html

<button onclick="authenticateWithCordova()">Authenticate</button>
<script>
function authenticateWithCordova()
        {
            var dbx = new window.Dropbox.Dropbox({ clientId: 'xxxxxxxxxx' });
            dbx.authenticateWithCordova(AuthSuccess,AuthFail);

        }

        function AuthSuccess(accessToken)
        {   
            localStorage.accessToken = accessToken;
            console.log(accessToken);
        }

        function AuthFail()
        {
        alert("Auth Fail"); 
        }
</script>

Greg-DB · ‎05-29-2018

You are not supposed to get the same access token on different app authorizations. Each time you go through the flow, you will get a different one. You generally should store and re-use the access token you get so that the user doesn't have to process the app authorization flow every time.

Can you elaborate on the issue you're referring to when you mention the "blank screen"?

good_boy · ‎05-29-2018

If the user is authorizing for the first time, the inappbrowser in Cordova opens the dropbox login web address which allows the user to login and authorize the app, which returns an access token.

But if the button is pressed again, the inappbrowser would open momentarily and then close immediately and return the new access token.

So to a user a blank screen is shown for 1-2 seconds, then it closes.

Greg-DB · ‎05-29-2018

Thanks! It sounds like you're referring to the behavior of the Dropbox OAuth app authorization flow where, if the user has already authorized your app, then they may be automatically redirected back to your app instead of having to provide explicit authorization again. (This is when the browser would presented momentarily, but then would be automatically dismissed since the authorization flow automatically completed.) If the user fully revokes the app's authorization, e.g., via https://www.dropbox.com/account/security , though, then they will not be automatically redirected.

Apps can also control this behavior using the 'force_reapprove' parameter on /authorize:

https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize

This isn't currently implemented in the official JavaScript SDK, but I'll be sure to pass this along as a feature request.

Keep getting new access token

Keep getting new access token

Top contributors to this post