Child Item

OAuth2 via Python SDK and Django

Hi again,

So I'm trying to implement the non-pkce authorization via the Python SDK using DropboxOAuth2Flow with redirects.

View 1 creates the initial auth_flow object.

def dp_auth_start(request):
   auth_flow = dropbox.DropboxOAuth2Flow(....use_pkce=False)
   return HttpRedirect(auth_flow.start())

View 2 is supposed to take in the servers reply after the user has authorized my app and then again ask for the access_token.

def dp_auth_accepted(request):
   auth_flow.finish(request.GET)
   ... continue with code here

As expected view 2 will yield an error that auth_flow is undefined. Of course, because it has not been passed on from view 1 to view 2 and is not newly defined here.

So my question is a hybrid one:

1) How does the Python SDK account for object transfers in a Django setting?

2) Is there a way that DropboxOAuth2Flow objects will be serializable in the future? This would make things super easy.

3) How would I pass a non-Django object that is not serializable from view 1 to view 2 in a feasible and secure way? I know I could use pickle but try not to (it's working but comes at a price I'm hardly willing to pay).

I really appreciate any help you can provide!

Thanks a lot!

Find more posts tagged with

API

Abuse

Comments

Greg-DB

I can't offer help for Django in particular, as that's made by Dropbox, but I'll be happy to offer whatever guidance I can in general.

First, I'll send this along as a feature request to make DropboxOAuth2Flow serializable though I can't promise if or when that might be implemented.

Anyway, you generally shouldn't need to serialize it though; you can just recreate it when needed. For instance, here's an example (albeit written for Flask, and for an older version of the Dropbox SDK, but the idea is the same) showing how the flow is recreated via the "get_flow" method, which is re-used in both steps.

foxo1

Hi @Greg-DB!

Thanks again for your reply - it works perfectly now without any pickling or weird dictionary.

For anyone out there I'd like to share my code to help you out if need be:

@login_required
def dropbox_authorization(request):
    auth_flow = dropbox.DropboxOAuth2Flow(
        _APP_KEY, 
        _REDIRECT_URI, 
        request.session,
        'dropbox-auth-csrf-token', 
        _APP_SECRET, 
        _LOCALE, 
        'offline',
        use_pkce=False)
    return HttpResponseRedirect(auth_flow.start())


@login_required
def dropbox_authorization_success(request):
    def _get_flow(request):
        return dropbox.DropboxOAuth2Flow(
            _APP_KEY,
            _REDIRECT_URI,
            request.session,
            'dropbox-auth-csrf-token',
            _APP_SECRET, 
            _LOCALE)

    result = _get_flow(request).finish(request.GET)
    request.user.dp_refresh_token = result.refresh_token
    request.user.save()
    request.session['access_token'], request.session['expires_at'] = result.access_token, result.expires_at.isoformat()

    return #to the view of your liking

Hope this helps!