cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Redirect URI with variable loopback port

Redirect URI with variable loopback port

Zoë
Explorer | Level 3
Go to solution

Is there any way to register an OAuth2 redirect URI that will support using an unreserved (random) port over loopback/localhost?  For desktop applications that might not be installed system-wide (e.g., portable installs), app-declared custom URI scheme redirection and app-claimed HTTPS URI redirection aren't available, and creating a short-lived local HTTP server works well for other OAuth2 services.  Dropbox's URI matching appears to require a matching port too though.  Do we need to just register ~50,000 URIs for all the different ports?  Is there a better alternative?

 

 

1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
Go to solution

I'm afraid I don't have a great solution for you, as OAuth 2 redirect URIs for the Dropbox API are required to be pre-registered exactly. I'll be sure to pass this along as feedback though.


One thing you may be able to do instead is to use one static redirect URI but encode the necessary information in the 'state' parameter, and decode it as necessary after the redirect back to your app, to handle it as necessary:


https://www.dropbox.com/developers/documentation/http/documentation#authorization

 

Alternatively, you could forgo using a redirect URI entirely. With the "code" flow, you can omit redirect_uri and have the user copy and paste the code manually. (Or, for the "token" flow, you can use https://www.dropbox.com/1/oauth2/display_token as the redirect URI and have the user copy and paste the access token.)

View solution in original post

9 Replies 9

Greg-DB
Dropbox Staff
Go to solution

I'm afraid I don't have a great solution for you, as OAuth 2 redirect URIs for the Dropbox API are required to be pre-registered exactly. I'll be sure to pass this along as feedback though.


One thing you may be able to do instead is to use one static redirect URI but encode the necessary information in the 'state' parameter, and decode it as necessary after the redirect back to your app, to handle it as necessary:


https://www.dropbox.com/developers/documentation/http/documentation#authorization

 

Alternatively, you could forgo using a redirect URI entirely. With the "code" flow, you can omit redirect_uri and have the user copy and paste the code manually. (Or, for the "token" flow, you can use https://www.dropbox.com/1/oauth2/display_token as the redirect URI and have the user copy and paste the access token.)

Zoë
Explorer | Level 3
Go to solution

Thanks Greg.  I considered using a static redirect URI like you suggested, but that would require redirecting to our own website before redirecting to localhost for the real processing.  Since we're a desktop app, I'd rather we not be involved, especially since corporate firewalls might be set up to allow access to Dropbox but not our own site.

 

I've gone with the code flow for now and it's working, but I do hope the localhost URI matching is made more flexible in the future.

cspro
Explorer | Level 4
Go to solution
I'd like to upvote the ability to have an arbitrary port in the redirect_uri. This could be allowed only for localhost.

Without this, I don't see how we can move from doing oauth in an embedded browser window to using the system default browser as is recommended. It isn't possible to know what port will be free on a client system so that needs to be done at runtime.

If you look at the google oauth examples (https://github.com/googlesamples/oauth-apps-for-windows) they use a random port. From all of the Dropbox examples I've seen you use a fixed port which is inevitably going to fail on someones machine.

Skipping the redirect URI and having the user cut and paste the code is a non-starter for us. Our users would be very unhappy.

Greg-DB
Dropbox Staff
Go to solution
Thanks for the feedback! I'll send it along to the team.

qedi
New member | Level 2
Go to solution

I'm encountering the same problem, I tested many other sources like Google, Salesforce, Twitter, they all support variable port for localhost. This is very useful when changing embedded browser to system browser.

Greg-DB
Dropbox Staff
Go to solution

@qedi Thanks for the feedback!

nicocizik
New member | Level 2
Go to solution

I know this is an old thread but is there any update on this?  Does the Dropbox API support variable localhost loopback ports or are we still forced to have our users copy/paste a code or guess a random unused port when the app is registered?

 

Thanks

Greg-DB
Dropbox Staff
Go to solution

@nicocizik No, unfortunately I don't have an update on this feature request.

nicocizik
New member | Level 2
Go to solution

Thanks Greg, I appreciate the update.

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    nicocizik New member | Level 2
  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    qedi New member | Level 2
What do Dropbox user levels mean?