Child Item

Keep getting new access token

I can successfully authenticate Dropbox in my Phonegap app the first time, but I keep getting a new one if the button is pressed again, why is that? Shouldn't it return the same token again?

And there is a blank screen which appears. I have seen many dirty solution to change the inappbrowser.js code itself. this is problematic, since the plugin can't be edited if I have to compile the app for multiple platforms from an online build service.

What is your suggestion for a proper implementation, where authorization happens only once if successful and stored indefinitely in the app without concern if the app cache is cleared by user and a blank page is also not displayed?

At present I have this basic implementation, in index.html

<button onclick="authenticateWithCordova()">Authenticate</button>
<script>
function authenticateWithCordova()
        {
            var dbx = new window.Dropbox.Dropbox({ clientId: 'xxxxxxxxxx' });
            dbx.authenticateWithCordova(AuthSuccess,AuthFail);

        }

        function AuthSuccess(accessToken)
        {   
            localStorage.accessToken = accessToken;
            console.log(accessToken);
        }

        function AuthFail()
        {
        alert("Auth Fail"); 
        }
</script>

Find more posts tagged with

API

Abuse

Comments

Greg-DB

You are not supposed to get the same access token on different app authorizations. Each time you go through the flow, you will get a different one. You generally should store and re-use the access token you get so that the user doesn't have to process the app authorization flow every time.

Can you elaborate on the issue you're referring to when you mention the "blank screen"?

good_boy

If the user is authorizing for the first time, the inappbrowser in Cordova opens the dropbox login web address which allows the user to login and authorize the app, which returns an access token.

But if the button is pressed again, the inappbrowser would open momentarily and then close immediately and return the new access token.

So to a user a blank screen is shown for 1-2 seconds, then it closes.

Greg-DB

Thanks! It sounds like you're referring to the behavior of the Dropbox OAuth app authorization flow where, if the user has already authorized your app, then they may be automatically redirected back to your app instead of having to provide explicit authorization again. (This is when the browser would presented momentarily, but then would be automatically dismissed since the authorization flow automatically completed.) If the user fully revokes the app's authorization, e.g., via https://www.dropbox.com/account/security , though, then they will not be automatically redirected.

Apps can also control this behavior using the 'force_reapprove' parameter on /authorize:

https://www.dropbox.com/developers/documentation/http/documentation#oauth2-authorize

This isn't currently implemented in the official JavaScript SDK, but I'll be sure to pass this along as a feature request.