nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Child Item

Authentication for command line app

Panayotis V.1

I'm writing an app in Python, that needs to access the Dropbox APIv2. However, if I follow the typical OAuth flow for user authentication, I will have to include my APP_KEY and APP_SECRET in the source code -practically sharing it with anyone willing to have a look.

What is the suggested way of authentication users in a similar setup?

Find more posts tagged with

API

Abuse

Comments

Greg-DB

This is a general problem with using OAuth in client-side applications, since client-side apps like this can't keep secrets. OAuth 2 addresses this with the "token" or "implicit" flow. When using the token flow (as opposed to the "code" flow), the app doesn't need the app secret to get an access token for the user. You can find more information on the different flows in the documentation here:

https://www.dropbox.com/developers/documentation/http/documentation#authorization

For a client-side app like this, you should use the token flow. Also, you didn't mention if you're using it, but for reference, the official Dropbox Python SDK is mainly meant for server-side apps, where the secret can be kept secret, so it doesn't support the token flow.

Panayotis V.1

Thank you Gregory.

Yes, I'm using the Dropbox Python SDK. Please consider supporting the token flow in a future release of the SDK.

Thanks again.