cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Are you interested in learning how media industry leaders use Dropbox Replay? Register for our webinar here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

OAuth options for Windows desktop apps

OAuth options for Windows desktop apps

Bradley_Smith
Explorer | Level 3

I notice that the Dropbox API has now officially dropped support for Internet Explorer, which means that any Windows desktop application that integrates with Dropbox is now faced with an uphill battle:

 

Previously, we could just use the Internet Explorer-based WebBrowser ActiveX control, which allowed us to hook into navigation events and parse the access token after the user completed the authentication/authorization process.

 

It looks like the only option available to us now is for our desktop applications to host an entire HTTP server and listen for requests to the redirect URI. The Dropbox API includes a C# example that does this using the HttpListener class. This uses http.sys, which (since Windows Vista) requires either an elevated process, or for a URL reservation to be made by an elevated user. Does the Dropbox team seriously expect desktop apps to require admin privileges in order to handle the OAuth flow?

 

Realistically, what are the options for handling OAuth in Windows desktop apps now? Hosting an HTTP server locally is hugely inefficient and resource-intensive, particularly if additional third-party dependencies are needed in order to avoid using http.sys. Is there perhaps a way to use a custom URI scheme to handle the redirect URI from the user's web browser? Or any other lightweight alternative?

1 Reply 1

Greg-DB
Dropbox Staff

Thanks for the feedback! I'll pass this along to the team to see if we can offer a simpler and more lightweight option in the future.

 

As it stands, the only official resources I can offer are the .NET SDK documentation and examples.

 

Alternatively, note that a redirect_uri isn't strictly required by the OAuth 2 flow when using 'response_type=code', so one option would be to omit that in which case the user would copy/paste the authorization code manually.

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?