Child Item

Authorization in UWP app

Our company, being an UWP app developer, has faced the following problem. After changing the authorization policy, the Dropbox no longer supports the OAuth app authorization flow in web views, we need to update our app to process the OAuth app authorization flow in the user's system browser.

We are currently using a Web Authentication Broker, which Microsoft recommends to use in such cases as a reliable and validated tool. Now this is not possible and we will have to develop our own solution for secure and reliable authentication.

Since this can be a long and laborious process for our company, our users will not be able to connect to their accounts during this entire long period.

We still do not understand what this Dropbox decision is connected with? Why it was necessary to prohibit the use of Web Authentication Broker, which will clearly hook a large number of UWP application developers and will not benefit users. With all this, an example of implementation still does not exist.

And also please explain what to do with the versions of our application for old versions of Windows, which we cannot update in any way, but users use them and write to us that Dropbox does not work?

Find more posts tagged with

API

Abuse

Comments

Greg-DB

Thanks for sharing this. You can find the current policy in the /oauth2/authorize documentation. This is in place for the sake of compatibility, as well as to comply with Google's policy for their sign in flow, which Dropbox offers as an authentication option.

I shared an example of how one might implement this in a UWP app here. (I'll also ask the team to release an official sample like that.)

As for existing apps, I recommend updating the implementation accordingly where possible. Where not possible, I'm afraid I don't have a good solution to offer, but I'll send this along to the team. I can't promise they'll be able to support that though.

VeraLable

Thank you for your reply and for your time. But I need note that Google authorization works perfectly through the Web Authentication Broker and there are no restrictions on its use.

And also that your own application in the Microsoft store violates your own recommendations and makes authorization without going to the browser (https://www.microsoft.com/store/productId/9WZDNCRFJ0PK).

This suggests an unequal playing field for developers of other applications.

We understand that you don't have to focus only on our requests, but the only thing we need to solve this problem is to return support for the Web Authentication Broker.

We are convinced this will be the best and easiest solution to the problem for our joint users.

Greg-DB

Thanks for the notes! I'll pass them along.

VeraLable

Hello, Greg!

Could you let us know when we can wait for a decision on our issue?

Greg-DB

The team has received your feedback, but there currently are no plans to change this policy. I'll let you know if/when that changes.