cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

OAuth2 via Python SDK and Django

Labels:

OAuth2 via Python SDK and Django

foxo1
Explorer | Level 4
‎05-17-2021 04:29 PM

Hi again,

 

So I'm trying to implement the non-pkce authorization via the Python SDK using DropboxOAuth2Flow with redirects.

 

View 1 creates the initial auth_flow object.

 

 

def dp_auth_start(request):
   auth_flow = dropbox.DropboxOAuth2Flow(....use_pkce=False)
   return HttpRedirect(auth_flow.start())

 

 

 

View 2 is supposed to take in the servers reply after the user has authorized my app and then again ask for the access_token.

 

 

def dp_auth_accepted(request):
   auth_flow.finish(request.GET)
   ... continue with code here

 

 

 As expected view 2 will yield an error that auth_flow is undefined. Of course, because it has not been passed on from view 1 to view 2 and is not newly defined here.

 

So my question is a hybrid one:

1) How does the Python SDK account for object transfers in a Django setting? 

2) Is there a way that DropboxOAuth2Flow objects will be serializable in the future? This would make things super easy.

3) How would I pass a non-Django object that is not serializable from view 1 to view 2 in a feasible and secure way? I know I could use pickle but try not to (it's working but comes at a price I'm hardly willing to pay). 

 

I really appreciate any help you can provide!

Thanks a lot!

Labels:
  • 0 Likes
  • 2 Replies
  • 702 Views
0 Likes
2 Replies 2

Greg-DB
Dropbox Staff
‎05-18-2021 09:47 AM

I can't offer help for Django in particular, as that's made by Dropbox, but I'll be happy to offer whatever guidance I can in general.

 

First, I'll send this along as a feature request to make DropboxOAuth2Flow serializable though I can't promise if or when that might be implemented.

 

Anyway, you generally shouldn't need to serialize it though; you can just recreate it when needed. For instance, here's an example (albeit written for Flask, and for an older version of the Dropbox SDK, but the idea is the same) showing how the flow is recreated via the "get_flow" method, which is re-used in both steps.

foxo1
Explorer | Level 4
‎05-18-2021 10:45 PM

Hi @Greg-DB!

 

Thanks again for your reply - it works perfectly now without any pickling or weird dictionary.

For anyone out there I'd like to share my code to help you out if need be:

 

 

@login_required
def dropbox_authorization(request):
    auth_flow = dropbox.DropboxOAuth2Flow(
        _APP_KEY, 
        _REDIRECT_URI, 
        request.session,
        'dropbox-auth-csrf-token', 
        _APP_SECRET, 
        _LOCALE, 
        'offline',
        use_pkce=False)
    return HttpResponseRedirect(auth_flow.start())


@login_required
def dropbox_authorization_success(request):
    def _get_flow(request):
        return dropbox.DropboxOAuth2Flow(
            _APP_KEY,
            _REDIRECT_URI,
            request.session,
            'dropbox-auth-csrf-token',
            _APP_SECRET, 
            _LOCALE)

    result = _get_flow(request).finish(request.GET)
    request.user.dp_refresh_token = result.refresh_token
    request.user.save()
    request.session['access_token'], request.session['expires_at'] = result.access_token, result.expires_at.isoformat()

    return #to the view of your liking

 

Hope this helps!

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    foxo1 Explorer | Level 4
  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?