Greg-DB Dropbox Community Moderator

@"9krausec" Thanks for following up with the clarification. First, note that one "upload session" is required per file to be uploaded. So, you'd need to call files_upload_session_start once per file (so, 20 total in this case), and files_upload_session_append_v2 zero or more times per file (depending on each file's size).…

@"Vasilinka" I can't speak to Google's own definitions or usage, but for the purposes of Dropbox's OAuth app authorization flow, WebAuthenticationBroker is considered a kind of webview and is not supported.

The /2/sharing/list_shared_links endpoint will return existing shared links for files and folders in the connected account. Note that normal files don't have shared links created for them by default, so there won't be any returned for a file if one hasn't been explicitly created. Some special kinds of items though, such as…

Oh I see, thanks for clarifying. That's expected then. Technically, a password applies to a shared link, not a folder itself. And, supplying a shared link to the parent folder enables access to anything in that folder. Any shared links that may or may not exist for the items underneath, and the settings for those other…

I believe just the settings on the supplied shared link matter, not a parent folder. It may be worth double checking that you've set the password on the same shared link as you've supplied to the Embedder. Also, another thing to note is that it will not prompt for the password again if you've already supplied the password…

Are you signed in to the account that owns that shared link? If so it won't prompt for the password.

@"Vasilinka" You can find Google's post here: https://developers.googleblog.com/2016/08/modernizing-oauth-interactions-in-native-apps.html

No, unfortunately Dropbox doesn't offer an external interface for accessing this information, or any other more detailed information available, but I'll pass this along as a feature request. I can't promise if or when that might be implemented though.

Thanks! I can't make any promises, but I'll ask the team to see if we can suppress those. As a workaround, you can use the "Default levels" menu seen in your screenshot to hide different types of messages, such as warnings like this.

The files_export method is only meant for use with files actually within the connected account. It will not be able to find files that are not within the connected account, such as files that the account only has access to as a "received" file. I'll send this along as a feature request for a way to do this, but I can't…

Web views often don't use the same browser engine as the system browser installed on the system, and so get out of date and are prone to compatibility issues like this. The Dropbox OAuth app authorization flow is accordingly not supported in web views like this. You should only process it in a supported system browser. You…

I can't offer help for Django in particular, as that's made by Dropbox, but I'll be happy to offer whatever guidance I can in general. First, I'll send this along as a feature request to make DropboxOAuth2Flow serializable though I can't promise if or when that might be implemented. Anyway, you generally shouldn't need to…

Yes, you should use files_export to export files that can't be downloaded.

Thanks for the feedback! I'll share this with the team to see if we can improve the SDK documentation around this.

No, you don't really need to do so, since the refresh token doesn't change.

By setting the expiration to -1, that sample forces the client to perform a refresh immediately (e.g., in case the actual expiration of the current short-lived access token is not known, or the stored short-lived access token is presumed to be old). And no, when supplying a refresh token like this, the client will not…

No, unfortunately the Dropbox API doesn't offer a way to do that, but I'll pass this along as a feature request. I can't promise if or when that might be implemented though.

The team has received your feedback, but there currently are no plans to change this policy. I'll let you know if/when that changes.

@"9krausec" I posted a sample here that may be useful. Hope this helps!

You can find examples in the authorization documentation, such as how the authorization URL should be formed for /oauth2/authorize, as well as how calls to /oauth2/token would be made using curl.

@"vewert" Yes, that's correct. The the "Access token expiration" setting in the App Console is essentially a setting that controls the default behavior when token_access_type is not specifically set by the app during the authorization flow. The startOAuth2PKCE does set that though, so it will still return a short-lived…

Using the Dropbox API v2 Python SDK, you should be able to use the sharing_get_shared_link_metadata and sharing_get_shared_link_file/sharing_get_shared_link_file_to_file methods to get the metadata and file data, respectively, from a shared link, as long as the links settings allow it (e.g., it's publicly accessible), even…

@"vewert" No, just using the startOAuth2PKCE method will not change the "Access token expiration" setting in the App Console for any of your apps.

@"ppciesiolkiewicz" The Dropbox API doesn't offer a way to programmatically upload to an actual file request, but it does offer functionality that would enable you to build something like that. You would want to call /2/files/get_temporary_upload_link on your server and pass the resulting temporary upload link(s) down the…

You can create and use multiple short-lived access tokens for the same app-user pair at the same time. Creating a new one doesn't invalidate previous ones.

Are you using an app key for an app that hasn't been migrated to scopes yet? This can occur if so. (Apologies for the unhelpful error messages!) In order to set scopes during the app authorization flow like this, you'll need to use an app key for an app that is set to use scopes.

It looks like you're running the app authorization flow through a web view. Unfortunately, this is prone to compatibility issues with the Dropbox web site, as the browser engine used by web views like this tend to not get updated and break as web sites are updated. I recommend updating your app to send the app…

Long-lived access tokens and short-lived access tokens both work the same way, just with the exception that short-lived access tokens expire after a few hours, while long-lived access tokens don't. Otherwise, they serve the same purpose. That is, they each identify a particular app-account pair, and enable access to that…

Short-lived access tokens only last for a few hours, so if you need long-term access, you'd also need to plug in a refresh token. The refresh token can be used to get new short-lived access tokens on demand, without further manual interaction. The App Console doesn't offer the ability to get refresh tokens though, so you'd…

Unfortunately, "XBrowser" is not an officially supported browser for the Dropbox web site. You can find the list of supported browsers and versions for dropbox.com here. I'm afraid we can't offer support for any browsers/versions not on that list.