cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Help us get a better understanding of what this Community means to you by taking our quick survey over here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
1
Ask
2
Comments

Re: can i pass the email and password in the url of dropbox to automatically login to the dropbox

Re: can i pass the email and password in the url of dropbox to automatically login to the dropbox

Ch M1
Explorer | Level 3

Hi,

with the auth url "https://www.dropbox.com/oauth2/authorize/?client_id=<key>&token_access_type=offline&response_type=co... it require user login my dropbox account first, and then return a code. it is not make sense. If every user can login my account, why we need the secret key ?? With a request link to upload far more make sense of my requirement. however, my app not able to receive return info with request link. how can I have the code return secretly or without login??

ChM1_1-1663948273549.png

 

 

ChM1_0-1663948084799.png

 

1 Accepted Solution

Accepted Solutions

Re: can i pass the email and password in the url of dropbox to automatically login to the dropbox

Greg-DB
Dropboxer

The app key and app secret, also known as client ID and secret, identify the app itself, not any particular account, and do not themselves enable access to any account.

 

The OAuth app authorization flow is a way for arbitrary end-users to allow apps to connect to their accounts. It is not possible to fully automate the OAuth process where the user chooses to authorize the app and the app then receives the resulting access token and optional refresh token. This needs to be done manually by the user at least once. If your app needs to maintain long-term access without the user manually re-authorizing it repeatedly, the app should request "offline" access so that it gets a refresh token. The refresh token doesn't expire and can be stored and used repeatedly to get new short-lived access tokens whenever needed, without the user manually reauthorizing the app.

 

The app key/secret and OAuth flow do not allow other users to access your account. Access/refresh tokens and user credentials (username and password) enable access to accounts. As long as you do not distribute your access/refresh tokens or username/password, other users would not have a way to access your own account.

 

It sounds like you want your users to always connect to your own account only. The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. While it is technically possible to always connect to just one account for all users, we do not officially support this, for various technical and security reasons.

View solution in original post

2 Replies 2

Re: can i pass the email and password in the url of dropbox to automatically login to the dropbox

Greg-DB
Dropboxer

The app key and app secret, also known as client ID and secret, identify the app itself, not any particular account, and do not themselves enable access to any account.

 

The OAuth app authorization flow is a way for arbitrary end-users to allow apps to connect to their accounts. It is not possible to fully automate the OAuth process where the user chooses to authorize the app and the app then receives the resulting access token and optional refresh token. This needs to be done manually by the user at least once. If your app needs to maintain long-term access without the user manually re-authorizing it repeatedly, the app should request "offline" access so that it gets a refresh token. The refresh token doesn't expire and can be stored and used repeatedly to get new short-lived access tokens whenever needed, without the user manually reauthorizing the app.

 

The app key/secret and OAuth flow do not allow other users to access your account. Access/refresh tokens and user credentials (username and password) enable access to accounts. As long as you do not distribute your access/refresh tokens or username/password, other users would not have a way to access your own account.

 

It sounds like you want your users to always connect to your own account only. The API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. While it is technically possible to always connect to just one account for all users, we do not officially support this, for various technical and security reasons.

Re: can i pass the email and password in the url of dropbox to automatically login to the dropbox

Ch M1
Explorer | Level 3

Thank you very much for your replying. I spent a lot of time for exploring this issue. Your last sentence make sense every thing. I am looking for a storage with one account for all users. Looks like Dropbox is not designed for this purpose. 

Who's talking

Top contributors to this post

  • User avatar
    Ch M1 Explorer | Level 3
  • User avatar
    Greg-DB Dropboxer
What do Dropbox user levels mean?
Need more support?