nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Child Item

What if I want the User to login each time

sanjayssk

I don't want to keep my own user membership db and login logic for my web app. My web app is going to be only for Dropbox and I want to rely on Dropbox Login only. Otherwise, saving the access token means, I have to associate it with the Email of the user. That means, I have to have my own login system asking Email of the user first before using the access token for Dropbox. I want to avoid all that login system.

That means, the web app will work the following way:

1) There is no membership db or cookie so it remembers nothing about a user.

2) Every time, the user wants to access it, he clicks on a "Login to Dropbox" button.

3) Since Dropbox handles auto-login, the "Allow" screen comes up from Dropbox. Clicking on Allow starts the web app with its own folder.

That means, the app goes through the Oauth2 initial logic (2 steps) to get authorization code and then get access token each time.

Questions:

1) Is this 2-click usage acceptable behavior for a web app as per your policy?

2) If not, is there any scheme by which I can eliminate just Step 3? Then the user just clicks the Login button and the web app starts.

Thanks.

Find more posts tagged with

API

Abuse

Accepted answers

Greg-DB

This is sort of already possible. If you send the user through the app authorization flow again, they may (e.g., as long as your app's redirect URI uses https://) be automatically redirected, without having to click "Allow", if they've already authorized the app. You can find a note about this under "force_reapprove" in the documentation:

https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize

Note that this still will return a new access token to your app though.

All comments

sanjayssk

Just to clarify, I will be saving the access token in the Session only but not in any db.

Greg-DB

1) Unfortunately we can't provide any absolute guarantee of your app's compliance based on a description, so you should be sure to review all the guidelines and terms before developing an app:

https://www.dropbox.com/developers/reference/tos
https://www.dropbox.com/developers/reference/devguide
https://www.dropbox.com/developers/reference/branding

2) To avoid having the user go through the Dropbox app authorization flow each time, you would need to store the access token in their session/cookies and re-use it when they return.

sanjayssk

>>To avoid having the user go through the Dropbox app authorization flow each time, you would need to store the access token in their session/cookies and re-use it when they return.<<

I have no problem in saving the access token in the DB against the Email. But next time when the user comes to use the App, I want Dropbox to authenticate the user, just for Login, before I use the saved access token. In other words, the user should then login to Dropbox but should not be presented with Allow dialog and should not generate another access token. Is that possible? I want to use the saved access token for a user next time only if he is authenticated by Dropbox.

Thanks,

Sanjay

sanjayssk

Apparently, many may want this feature. For example, here is a thread on SO that has exactly a similar question with no solution so far.
https://stackoverflow.com/questions/12275100/is-there-a-way-to-use-dropbox-for-authentication-without-re-authorization

Greg-DB

https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize

Note that this still will return a new access token to your app though.

sanjayssk

That's exactly what I want. That means, I can just save a flag in the cookie that says it was approved once. And use it to switch on that option. Switch it off only if the user wants to switch the dropbox accounts by some other action.

>>Note that this still will return a new access token to your app though.

That's OK. Will it create a problem for Dropbox system itself to have too many access tokens generated? Or does it automatically recycle by invalidating the old one?

Thanks,

Sanjay

Greg-DB

There isn't a limit to the number of access tokens that can be created for an app-user pair, and I'm not aware of any issues arising from creating many. Dropbox won't automatically recycle/invalidate them.

sanjayssk

Finally, I was able to test it with https and it works perfectly. In fact, if I follow this approach, it works automatically, asking for login only once and then navigating automatically. This is great.

Thanks,

Sanjay