You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
.NET API - Authorization issue
Hi all,
We have an app that relies on the business API. It creates groups, members, team folders, etc. As a team administrator, I can run it and it's working properly. My problem is that the targeted users are not able to run it. They receive an error message during the authentication flow saying that they need to be team administrator to allow the app to run. But in real life, they DO have access to the administration interface on the web, using their own dropbox account. And they can do manually all the exact same operations conducted by the app. For what I understand, they have all the required permissions, but because they are not technically "team admin", the application won't run.
For testing purposes, I created a mini-app only requiring the "groups.write" permission in the Team Scopes section. All my users have this permission because they do manage groups in their everyday life. But again: they are not team admin and can't run this (very limited) app.
Giving these users a full admin access is not an option for the top management (I've asked). I was told that they have sufficient rights and that the application should use only their current rights. Did I miss something? And if not, what is the workaround?
Thanks for your help!
Ghislain
- DB-Des
Dropbox Engineer
Only team admins are able to authorize apps with team scopes enabled. If you want to allow non-admins to connect to an app with team scopes enabled, you can request individual-only scopes by adding the necessary scopes in the
scopeparameter when constructing the Authorization URL.Alternatively, if your app does not need team scopes, you can configure this by disabling the team scopes entirely from the app's Permissions settings from within the App Console. Just as mentioned above, if an individual-only scoped app will sometimes need to use team scopes, you can specify which scopes to request by setting the particular set of scopes in the
scopeparameter when constructing the Authorization URL.I hope you find this information helpful!
Thank you for this information. But it's really hard to find out how to implement the scopelist parameter with the .NET SDK. I was unable to find working examples on the internet. Anyway, I decided to change the approach. We will use a generic admin user in conjonction with a refresh token, so that the users don't have to approve the app with their own rights.
Best regards,
Ghislain
Just to be more explicit on the difficulty I met with your suggestion: when some team scopes are being left checked in the application permission page, I keep on receiving error messages telling me I must be team admin to authorize the app. When I uncheck all the team items and provide a scope list, I get an error 400 as follows:
-------------------------------------------------------------------------
It seems the app you were using submitted a bad request. If you would like to report this error to the app's developer, include the information below.
More details for developersNo scope requested can be granted for this app.
-------------------------------------------------------------------------
When I search for information about this error message, I find that I need to declare all the scopes in the settings. It's a vicious circle!
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
