Child Item

No Redirect URI

I am new to oAuth 2.0. I have read that a redirect URI is neccessary for an implict flow authentication and authorization.

However, I have registered my Android app in Dropbox app console and have not provided a redirect URI. Still, apps user can authorize app and the app obtains an access token and everything works fine.

If redirect URI is blank, how is this all working ?? Does dropbox android sdk com.dropbox.core:dropbox-core-sdk:2.1.1 fills in a default with something like http://localhost ?

Please explain this. I am very much confused on this point.

Find more posts tagged with

API

Abuse

Comments

Greg-DB

You're correct that the OAuth 2 implicit flow requires a redirect URI. When using the API v2 Java SDK in an Android app, the SDK automatically uses a local redirect URI, based on your app key.

You can see how this works in the code:

https://github.com/dropbox/dropbox-sdk-java/blob/7ecc15cf0f51d6ae2ba5cdb334aac2c2f3474b87/src/main/java/com/dropbox/core/android/Auth.java#L12

https://github.com/dropbox/dropbox-sdk-java/blob/7ecc15cf0f51d6ae2ba5cdb334aac2c2f3474b87/src/main/java/com/dropbox/core/android/AuthActivity.java#L207
https://github.com/dropbox/dropbox-sdk-java/blob/7ecc15cf0f51d6ae2ba5cdb334aac2c2f3474b87/src/main/java/com/dropbox/core/android/AuthActivity.java#L227

aishwarya k.

Hi Greg, Thanks for the reply. I have looked earlier also at the codes you mentioned, but couldn't find any reference to redirect URI there (as a default or anything). What am I missing here? Regards, Aish

Greg-DB

The SDK uses a default URI, so it doesn't need to be explicitly provided. My third link shows where the SDK checks that the app is registered for the default URI though (db-<app_key>).