cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Oauth and Curl

Labels:

Oauth and Curl

SteveCr
Explorer | Level 4
‎04-06-2018 09:33 AM
Go to solution

Hello all,

 

I'm developing a backup application which should have a degree of autonomy - configure once and run in the background kind of thing.  This is all in C++ with libcurl to do the network side of things.  I've been prototyping curl requests using the curl itself (following the examples in https://www.dropbox.com/developers/documentation/http/overview).

 

So far, everything looks good except for the initial https://www.dropbox.com/oauth2/authorize

At the moment, I'm stuck with pasting URLs into a browser to get the initial authorisation token.

 

However, once I have that, then I can manage to get an access token and then upload a file.

How long do access tokens last?  Is there an expiry time associated with them?

 

Does the redirect_uri mean I have to provide a functional myapp.com where oauth2/authorize sends the browser (with parameters state=abc&code=xyz).

- Some code on myapp.com then sends a request to https://www.dropbox.com/oauth2/token

- My application on the users' machine then queries myapp.com with state=abc to find out what the access token should be for further api.dropboxapi.com methods.

 

If this is so, does this mean that if myapp.com is down, then users cannot use my application?

 

I was hoping to implement something which only required dropbox to be online.

 

Thanks for any information,

Steve

Labels:
  • 0 Likes
  • 2 Replies
  • 3,023 Views
0 Likes
1 Accepted Solution

Accepted Solutions

chirstius
Dropbox Staff
‎04-06-2018 01:30 PM
Go to solution

Hey @SteveCr,

 

Have you looked over the information in the Oauth guide here:
https://www.dropbox.com/developers/reference/oauth-guide

You're not required to have a redirect URL, but it will change the Oauth flow for your users (they'll get a code they need to pass to your app). This is typically done for desktop or CLI apps - it sounds like from your post of your application runs locally (primarily?) so take a look at the guide and determine which flow is the best for your use case.

 

Tokens, once acquired, won't expire unless you explicitly revoke them. So after a user completes the flow, and you securely store their token, you would not need to worry about reauthentication. If your intention is to store the tokens in a central location and have your local app query it for the token on startup, your domain would need to be up and active. If you store the token locally, and use the desktop/CLI auth flow then that would not be required.

 

Hope that helps,

 

-Chuck

 

View solution in original post

2 Replies 2

chirstius
Dropbox Staff
‎04-06-2018 01:30 PM
Go to solution

Hey @SteveCr,

 

Have you looked over the information in the Oauth guide here:
https://www.dropbox.com/developers/reference/oauth-guide

You're not required to have a redirect URL, but it will change the Oauth flow for your users (they'll get a code they need to pass to your app). This is typically done for desktop or CLI apps - it sounds like from your post of your application runs locally (primarily?) so take a look at the guide and determine which flow is the best for your use case.

 

Tokens, once acquired, won't expire unless you explicitly revoke them. So after a user completes the flow, and you securely store their token, you would not need to worry about reauthentication. If your intention is to store the tokens in a central location and have your local app query it for the token on startup, your domain would need to be up and active. If you store the token locally, and use the desktop/CLI auth flow then that would not be required.

 

Hope that helps,

 

-Chuck

 

SteveCr
Explorer | Level 4
‎04-07-2018 07:15 AM
Go to solution

Hi Chuck,

 

Dropping the redirect_uri looks like something I can live with for now.

 

Knowing that the received token is permanent until revoked is a big help, since it's just a one-time setup thing.

 

Thanks,

Steve

 

0 Likes
Need more support?
Who's talking

Top contributors to this post

  • User avatar
    SteveCr Explorer | Level 4
  • User avatar
    chirstius Dropbox Staff
What do Dropbox user levels mean?