Each OAuth 2.0 re-authentication asks for user's permission

serge30

Hello,

 

I'm developing JS SPA which uses Dropbox as a storage. It has no backend, thus I'm using OAuth 2.0 code flow with PKCE.

 

According to the documentation https://developers.dropbox.com/oauth-guide: 

 

If the token expires - throwing a 401 error - your application may simply re-authenticate as described above. If your token is expired, but the user is signed into Dropbox and their approval is still valid, the redirects will not require end-user input. A user’s approval remains valid until explicitly revoked.

 

But if I redirect user to auth link, it still requires user to accept application and grant permissions.

 

Can I configure Dropbox to ask user for permissions only first time? So further token refresh will be seamless for user.

 

--

Thanks,

Serhii

Greg-DB

There isn't anything additional you should/can configure for this. Dropbox will automatically redirect through the flow when it can, but there are some exceptions. For example, it will only do so when an https:// redirect URI is supplied; it won't automatically redirect to http://. Also, if the user has linked accounts, they won't be automatically redirected, as they need to select which account to use.