cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

List files in app folder of user

Labels:

List files in app folder of user

CySDeveloper
Explorer | Level 3
‎02-28-2022 05:00 AM
Go to solution

Hi,

Please help as I am sort of stuck...

I am developing a dropbox app to load files in to our system that have been dropped into an application folder by some user.

So when configuring this the user, through our frontend, connects to dropbox and accepts the app, I then store the account id and i do a call to list and store the cursor.

Within the app i use the webhook to detect changes in the application folder.

When the hook is triggered I post a message on a queue with the user accounts that have had files changed.

Then a backend process works through the messages on the queue and uses ( for each account) the list/continue with the previous cursor. So i connect to dropbox with the application ID and secret...

And this is where i am stuck:: how do I specify for what account the list/continue and the cursor is meant, i cannot seem to specify this on the call.

Labels:
  • 0 Likes
  • 9 Replies
  • 1,708 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Здравко
Legendary | Level 20
‎02-28-2022 06:46 AM
Go to solution

Any access token gives access to particular user content to be processed with particular access rights. It doesn't matter what type of client you have used (web or other).

Available content is restricted to selected application access (to entire account or to application folder only). Access rights are restricted to the selected scopes, if any. That's it.

Classical access token, used in API calls, doesn't need any additional application authentication despite of Dropbox always knows what application the particular token has been issued to. It denotes an user always. If you mean refresh token, then on refresh the application needs to authenticate again. If you are using SDK, normally you shouldn't care for that. Your SDK will take care.

 

@CySDeveloper wrote:

...

Or, and this might be an answer to my question,  do i get a special access-token returned that is specifically for the application id/user combination?

To be honest, I'm not sure what exactly you mean here. Does the above cover your question?

View solution in original post

0 Likes
9 Replies 9

Здравко
Legendary | Level 20
‎02-28-2022 05:13 AM
Go to solution

Hi @CySDeveloper,

To identify particular account you have to keep account associated access/refresh token in advance and use the access token. That's it.

Take a look on following example: https://github.com/dropbox/mdwebhook/blob/1b32d5aec51019eb698905345a21af46e0d4be8e/app.py#L66

Hope this gives direction.

0 Likes

CySDeveloper
Explorer | Level 3
‎02-28-2022 05:16 AM
Go to solution

Hi thank you for your response,

 

I understand the option that you have given, but it is not what i want.

If i keep the accesstoken/refreshtoken then i will have full access like the user, whereas I have asked them to accept my application with a specific set of minimized rights. So now I want to access the application folder as the application and not as that user.

Do you have any ideas?

 

Tnx

0 Likes

Здравко
Legendary | Level 20
‎02-28-2022 05:28 AM
Go to solution
@CySDeveloper wrote:

...

If i keep the accesstoken/refreshtoken then i will have full access like the user, whereas I have asked them to accept my application with a specific set of minimized rights....

Not exactly. It depends on what kind of rights were given to the particular application. If the rights are to the application folder only, that folder is the root you can see and nothing else. You can't do anything outside the application folder. What kind of application you have created? Is it restricted to application folder or not?! Also what kind of scopes were associated to the application? (they are describing what the application can do)

 

@CySDeveloper wrote:

... So now I want to access the application folder as the application and not as that user.

...

As far as I know Dropbox doesn't provide such possibility.

0 Likes

CySDeveloper
Explorer | Level 3
‎02-28-2022 05:32 AM
Go to solution

It is a scopedapp/appfolder (which is all I need). 

scopes are file.metadata.read, file.metadata.write, files.content.read, files.content.write

 

If this is not possible then the whole application approach in dropbox does not make sense, as i always connect with full user rights.

So i believe there must be a way...

0 Likes

Здравко
Legendary | Level 20
‎02-28-2022 05:45 AM
Go to solution
@CySDeveloper wrote:

It is a scopedapp/appfolder (which is all I need). 

..., as i always connect with full user rights.

...

🤔 The above are mutually exclusive. You are restricted to a single folder, something not applied to the corresponding user (with full rights).

 

@CySDeveloper wrote:

...

So i believe there must be a way...

I believe this this will be available some day, but not right now... unfortunately.

0 Likes

CySDeveloper
Explorer | Level 3
‎02-28-2022 05:51 AM
Go to solution

yes i know they are mutually exclusive, my sentence was a bit convoluted.

It was trying to say that it made no sense to have an app with restricted access settings if in the end if the app wants to do anything with files in the application folder (of a user that installed the app and agreed to the restricted access) the app must connect using the access token of the user that was captured when he agreed to install the app and thus with FULL access to the user account. 

Are you sure that all dropbox apps in the end access the files in the application folder with FULL access rights??

0 Likes

Здравко
Legendary | Level 20
‎02-28-2022 06:09 AM
Go to solution
@CySDeveloper wrote:

...

Are you sure that all dropbox apps in the end access the files in the application folder with FULL access rights??

😁 I don't know what you mean "FULL access". You have access to one subfolder of App folder only. The one associated to your application. You can NOT perform anything outside this folder, which is just a single folder in user account. In addition, got restricted to selected scopes... Is this full access?! I don't think so.

There is another possibility. If your activities are restricted to what is possible to be performed with "App Authentication", then Yes, you can use such. Take in mind that such activities are strongly restricted to data that are in one or another way public. For example if you want to get a thumbnail of a file shared with share link or residing within a share folder or to list files in such folder... Most probably that's not what you are looking for.

0 Likes

CySDeveloper
Explorer | Level 3
‎02-28-2022 06:14 AM
Go to solution

Sorry for the unclarity..

If i do a request in a front-end web client for authorization of the application.

Then the user has to login and approve the application, so when the approval comes back i get the access token from the user-login.

So when i store the access token and i use it I would have full access, as it is the token from the user login.

 

Or, and this might be an answer to my question,  do i get a special access-token returned that is specifically for the application id/user combination?

0 Likes

Здравко
Legendary | Level 20
‎02-28-2022 06:46 AM
Go to solution

Any access token gives access to particular user content to be processed with particular access rights. It doesn't matter what type of client you have used (web or other).

Available content is restricted to selected application access (to entire account or to application folder only). Access rights are restricted to the selected scopes, if any. That's it.

Classical access token, used in API calls, doesn't need any additional application authentication despite of Dropbox always knows what application the particular token has been issued to. It denotes an user always. If you mean refresh token, then on refresh the application needs to authenticate again. If you are using SDK, normally you shouldn't care for that. Your SDK will take care.

 

@CySDeveloper wrote:

...

Or, and this might be an answer to my question,  do i get a special access-token returned that is specifically for the application id/user combination?

To be honest, I'm not sure what exactly you mean here. Does the above cover your question?

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Здравко Legendary | Level 20
  • User avatar
    CySDeveloper Explorer | Level 3
What do Dropbox user levels mean?