Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
Hi All
is it possible (in a test app) to login as user 1, view files etc, then log out and log in as user 2, view their files etc?
My app is using an OAuth2 flow in .net, its a windows forms app.
during the authentication routine, it opens a browser window and presents the login page. the access token is then kept to validate operations.
when logging out, i remove the access token (set to string.empty), in addition - ive also sent a TokenRevokeAsync request. after awaiting that event it loads up the login browser and immediately restores the previous access token.
Im using the Developer API for .net (official)
the method on the login form(browser) that is called, is:
Public Sub Start(ByVal appKey As String) Me.oauth2State = Guid.NewGuid().ToString("N") Dim authorizeUri = DropboxOAuth2Helper.GetAuthorizeUri(OAuthResponseType.Token, appKey, New Uri(RedirectUri), oauth2State, False, False) Me.Browser.Navigate(authorizeUri) End Sub
then:
Private Sub BrowserNavigating(ByVal sender As Object, ByVal e As NavigatingCancelEventArgs) If (Not e.Uri.ToString().StartsWith(RedirectUri, StringComparison.OrdinalIgnoreCase)) Then ' we need to ignore all navigation that isn't to the redirect uri. Return End If Try Dim Result As OAuth2Response = DropboxOAuth2Helper.ParseTokenFragment(e.Uri) If (Result.State <> Me.oauth2State) Then Return End If Me.AccessToken = Result.AccessToken Me.Uid = Result.Uid Me.Result = True Catch eww As ArgumentException ' There was an error in the URI passed to ParseTokenFragment Finally e.Cancel = True newAttempt = False Me.Browser.Navigate("about:blank") ' nav away Me.Hide() End Try End Sub
Could anyone suggest anything to make this work?
BTW: on first run, there is no credential stored so i know this is something to do with cached credentials.
You can certainly switch users by switching access tokens, as you're attempting to do. It sounds like the issue is that when you direct the user to authorize the app a second time, they're being automatically redirected back to your app, along with a (new) access token for that same account.
This can happen if the user is still logged in to the Dropbox web site and has already authorized the API app.
If instead you want to avoid this behavior and make sure the user has a chance to switch accounts, you can set the forceReapprove parameter to true on DropboxOAuth2Helper.GetAuthorizeUri:
Hi, I've tried that, it just auths them in to that same account but asks for permission to connect to their dropbox.
i've tried deleting local cookies, creating new browser controls (incase it was an IE caching issue) to no avail.
It's being cached in the app/api somewhere, if i close the app and reload it, its clean and prompts for login with no token, does the API cache the last key and return it instead of a new auth run?
Andy
Hi
The app is a Windows desktop app (wpf), process:
(the first time it auths in dropbox - it's fine) 2nd login auth attempt: If the credentials don't exist then user is directed to auth in dropbox, but dropbox immediately returns the authorize token from the previous user, if force is on in the connection - then dropbox shows the previous user info and asks for connection to their dropbox account.
the logout method i have - just clears the accesstoken, in the app, for the logged in user. I've tried calling the relevant endpoint to invalidate the token, but thats the wrong usage of that procedure as a new access token isnt required, just the most recent user logged in.
so it looks like either:
So just to be clear: Its the second login to dropbox browser auth routine that is returning the 1st token, not the second.
Maybe i need to do something to notify dropbox of the user logging out?
Any ideas?
Andy
@nairababayan It looks like the author of this thread stopped responding, but I suspect what you're seeing is due to the automatic redirect behavior of the Dropbox OAuth 2 app authorizatin flow.
From my response earlier:
If instead you want to avoid this behavior and make sure the user has a chance to switch accounts, you can set the forceReapprove parameter to true on DropboxOAuth2Helper.GetAuthorizeUri:
Note that the user will still need to manually log out and back in to the desired account on the Dropbox web site itself though, when they're presented with the choice to authorize the app.
If that doesn't seem to be the issue in your case, please open a new thread with the details of your particular problem so we can help you individually without spamming anyone else on this thread:
https://www.dropboxforum.com/t5/forums/postpage/board-id/101000014
Thanks!
@Greg-DB wrote:
If instead you want to avoid this behavior and make sure the user has a chance to switch accounts, you can set the forceReapprove parameter to true on DropboxOAuth2Helper.GetAuthorizeUri:
Note that the user will still need to manually log out and back in to the desired account on the Dropbox web site itself though, when they're presented with the choice to authorize the app.
This thread is now quite old but isn't better to set
forceReauthentication = true
in the API call so that the app presents the login screen and a different user has the chance to login? Semantically, forceReapprove only asks the user to re-approve the app's Dropbox access permissions.
@xtremebytes It depends on the use case, so it's up to the developer to decide what makes sense for their app. The newer `forceReauthentication` can be more inconvenient than `forceReapprove` though, since the user is forcibly signed out and has to sign in again. With `forceReapprove`, the user can still choose to switch accounts if they want/need. That being the case, I would generally recommend `forceReapprove` over `forceReauthentication`.
Hi there!
If you need more help you can view your support options (expected response time for a ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!