cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Oauth Dialogue Flow

Oauth Dialogue Flow

horton
Helpful | Level 5
Go to solution

Hi,

 

We are developing a new collaboration app using the Full Dropbox API.

 

Currently, the Oauth dialogue/flow includes two warning/authorization pages:

 

Page 1. "Before you connect this app ..." The user must click a Continue button.

Page 2. "AppName would like to: Edit, View/Manage, View ... etc." The user must click an Allow button.

 

This is obviously a lot of friction for the user. Is there anyway we can use just one warning/auth page? Does one of these pages disappear once we have production status?

 

Thoughts and guidance would be much appreciated.

1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
Go to solution

The shorter version is shown for apps with legacy non-scoped permissions, where the app requests non-granular access.

 

The longer version is shown for apps with the new scoped permission, where the app can request access on a more granular level.

 

Dropbox will eventually migrate everything to the new scopes permission, in order to enable more granular permissions for all apps. You can find more information on the migration here. You can also find more information on using scopes in the OAuth Guide and authorization documentation.

 

You can't revert a scoped app to a legacy non-scoped permission, but you can reduce the size of that text by removing any scopes that your app doesn't need. You can either disable scopes for your app entirely, via the "Permissions" tab on the app's page on the App Console, or on the fly by requesting only the minimal set of needed scopes using the 'scope' parameter on /oauth2/authorize.

View solution in original post

5 Replies 5

Greg-DB
Dropbox Staff
Go to solution

Yes, that first page does not show if the app has production status.

horton
Helpful | Level 5
Go to solution

Thx Greg.

horton
Helpful | Level 5
Go to solution

@Greg-DB  ... a follow-up question.

 

On our staging server, the Dropbox warning/authorization is short. The page reads: AppName would like access to the files and folders in your Dropbox. Learn more

 

On our production server, the warning/authorization is longer. The page reads: AppName would like to:

  • Edit content of your Dropbox files and folders, view content of your Dropbox files and folders, and view and edit information about your Dropbox files and folders
  • View and manage your Dropbox file requests and Dropbox sharing settings and collaborators
  • View basic information about your Dropbox account such as your username, email, and country

Because it is better UX, we would like to use the shorter, staging server text on our production server? Is this possible? If so, please explain how?

 

 

Greg-DB
Dropbox Staff
Go to solution

The shorter version is shown for apps with legacy non-scoped permissions, where the app requests non-granular access.

 

The longer version is shown for apps with the new scoped permission, where the app can request access on a more granular level.

 

Dropbox will eventually migrate everything to the new scopes permission, in order to enable more granular permissions for all apps. You can find more information on the migration here. You can also find more information on using scopes in the OAuth Guide and authorization documentation.

 

You can't revert a scoped app to a legacy non-scoped permission, but you can reduce the size of that text by removing any scopes that your app doesn't need. You can either disable scopes for your app entirely, via the "Permissions" tab on the app's page on the App Console, or on the fly by requesting only the minimal set of needed scopes using the 'scope' parameter on /oauth2/authorize.

ericavedua
New member | Level 2
Go to solution
Looking forward for more convenient when it comes flow auth. THANKS
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    ericavedua New member | Level 2
  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    horton Helpful | Level 5
What do Dropbox user levels mean?