The problem with Cordova / PhoneGap is that is isn't really a browser nor is it a server and to get a user oauth-authenticated requires browsing to the dropbox choser url. So, a dropbox app must initiate an external browser (a browser on the device, but outside of phonegap, so no cross communication is possible). The problem is that oauth authentication requires a redirect-url. However, there is no simple redirect-url that dropbox can go back to since PhoneGap isn't a browser nor a server (ie, has no url to get back to).
Two possible solutions to this problem. One could possibly use a localhost redirect-url and setup a static set of html files on the mobile device. These static html files (outside of cordova) could store the access key somewhere that cordova app could pick up later. However, this is getting increasing difficult for phonegap applications are being sandboxed, and these static files don't live in the same domain as the as the cordova app. (They live in the localhost domain not the named app domain)
The other solution, which I took, was to have the url-redirect go to a know internet surrogate-server. I pass a "state" parameter in the choser request with a unique-guid. The surrogate server simple saves the granted access key under the unique-guid. The Phone Gap application in the mean time is simply waiting for the user to be done with the external browser. When done, the phonegap makes an ajax call to the surrogate-server passing the unique-guid, and getting the access key back in return.
Both of these solutions seam rather complicated, but I've gotten the second solution to work. My question is, does anybody have a better answer?
Thanks for the post Randy! I'm not too familiar with Cordova/PhoneGap, and this is a bit outside the scope of Dropbox support, so I'm afraid I can't be of much help myself, but hopefully someone else here can chime in.
One thing I can note though, is that another possible (albeit non-ideal) solution is to use the "code" flow without specifying a redirect URI, in which case the user would need to copy and paste the authorization code from the Dropbox web site into your app: