nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Child Item

Documentation for sharing authentication with webserver

tylerdev

I have looked everywhere and I'm not finding the documention on how to do what I need. All the documentation I've seen for the java sdk shows me how to prompt a user for permissions to get their oAuth2 access token. I can't do that. I need my webapp(javascript) to get the oAuth2 token and pass it to my java backend. Then all the api and file writting will be done by the java app. Can this be done? If so what is the proper way to authenticate the token in the java sdk when it comes from a REST call?

Can my webapp gather the oAuth2 token using the info found here? Then just send it encrypted to my java backend? That is what I was planning on doing but I can't find documentation for it. I have 2 drop box accounts. 1 business and 1 personal. I created the the app at dropbox/developers/apps/ on my business account and got my app key/secret, I named tha app, 'BusinessApp'. Then on my personal account I also went to dropbox/developers/apps/ and created a new app so that it would let me get an access token for testing its called 'PersonalApp'. Again, I only made the 'PersonalApp so that I would have a access key to test with, its not actually important because the access key will be coming from the web front-end anyway. Here is the code I came up with that is kind of working but not how I'd expect.

@POST
@Path("book/dropbox")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
public String backupDropbox(@Context HttpServletRequest request, @Context HttpServletResponse response, InputStream in) throws IOException {
	try {
		System.out.println("Inside backupDropbox.");

		//Get the oAuth2 token from the json passed in and decrypt it.
		JSONObject jsonO = ReadertoJSON.toJSON(in);
		String dropboxToken = "";
		if (jsonO.getBoolean("production")) {
			//String dropboxToken = Encrypter.decrypt(jsonO.getString("dropboxToken"));
		} else {
			//Since I'm still testing I grabbed an access token from my personal dropbox account
			dropboxToken = "***Access_Token_from_personal_account***";
		}

		//Dropbox client key and secret come from my business account which is not linked to my personal account.
		final String APP_KEY = "***App*Key***";
		final String APP_SECRET = "***App*Secret***";
		DbxAppInfo appInfo = new DbxAppInfo(APP_KEY, APP_SECRET);

		//Since I don't gather the oAuth token myself I create my client this way.  Seems to work.
		DbxRequestConfig config = new DbxRequestConfig("Penstra/1.0", Locale.getDefault().toString());
		DbxClient client = new DbxClient(config, dropboxToken);
		System.out.println("Linked account: " + client.getAccountInfo().displayName);

		//Create a little test file that I can upload to the business app's folder.
		java.io.File inputFile = new java.io.File("working-draft.txt");
		FileUtils.writeStringToFile(inputFile, "This is a test file that I am making for dropbox integration", Charset.defaultCharset());
		FileInputStream inputStream = new FileInputStream(inputFile);
		try {
			DbxEntry.File uploadedFile = client.uploadFile("/working-draft.txt", DbxWriteMode.add(), inputFile.length(), inputStream);
			System.out.println("Uploaded: " + uploadedFile.toString());
		} finally {
			inputStream.close();
		}

	} catch (Exception e) {
		System.out.println("error uploading to dropbox.");
		e.printStackTrace();
		return "{\"dropBoxBackup\": \"fail\"}";
	}

	return "{\"dropBoxBackup\": \"success\"}";
}

So that code above is kind of working. It doesn't throw any errors and the file does end up on my personal dropbox like I wanted. The behavior that I didn't expect was this. The 'BusinessApp' I made only has 'app folder' permissions. I expected when I uploaded the file it would create a folder called 'BusinessApp' and stick the file 'working-draft.txt' inside of it. That is not what happened, It created a folder called 'PersonalApp' and put the file in there. 'PersonalApp' is the name of the app I created to get an access key to test with, but the actual developer/api app is 'BusinessApp' I think it might be related to this code that creates the appInfo object:

final String APP_KEY = "***App*Key***";
final String APP_SECRET = "***App*Secret***";
DbxAppInfo appInfo = new DbxAppInfo(APP_KEY, APP_SECRET);

The DbxAppInfo object gets created without errors but then I never use that object again, its not attached to any of the objects used to actual create the DbxClient and its not used to upload the file. Like I said, I think this is all related to how I am authenticating the user that I want to upload the file to. If you can direct me on the proper way to capture a oAuth2 token on a web front-end and then pass that token to a java back-end for processing that would be most helpful. Thanks!

Find more posts tagged with

API

Abuse

Comments

Greg-DB

Thanks for the post. I'm not sure I fully understand your scenario, so let me know if I'm missing something.

For reference, the "app key and secret" identify a particular app. (I.e., you have one app key and secret pair for your 'BusinessApp', and a different' one for your 'PersonalApp'.)

An "access token" identifies a specific user-app pair, and enables access to that particular account, to the extent allowed by the app's permission.

The "Generate" button is a shortcut for getting an access token for that particular app for the account that owns the app. The normal process is to use the OAuth flow to allow any arbitrary app to connect to the app.

If you do want other users to be able to connect to your app, you should implement the OAuth flow, as shown in this example:

https://github.com/dropbox/dropbox-sdk-java/tree/master/examples/web-file-browser

You could technically implement the same OAuth flow client-side. In that case, you should get the access token (which is just a string) and pass it up to your server however you want. In any case, how you're using the access token looks right. Just make sure the access token is for the desired app and account pair.

Since you have a server app anyway though, it's recommend that you process it server-side to begin with, as in the sample above.

tylerdev

I think you answered my question exactly. Thank you.

The client side is going to do the oAuth flow and send my server the access token. That was the main thing I need to know. I think I was only getting it in that weird folder because I was using a personal app to test with. I'll let you know if I have any other issues.