We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.

Forum Discussion

aplowman's avatar
aplowman
Explorer | Level 4
6 years ago

Authorisation flow for a Python client console app

I am trying to integrate Dropbox into my Python console application. I understand there are two types of authorisation flows: "code" and "token". Since my app is a client app, I don't want to have to...
API
  • Greg-DB's avatar
    Greg-DB
    6 years ago

    No, the Dropbox API only supports the "token" and "code" OAuth 2 flows, both of which require user interaction in the browser. 

    So in your case, given the interaction is with a remote machine, it sounds like having the user copy/paste the token may be the most reasonable option. You can use this page as your redirect URI for that if you want: https://www.dropbox.com/1/oauth2/display_token

Greg-DB's avatar
Greg-DB
Icon for Dropbox Staff rankDropbox Staff

That's correct, using the "token" flow is preferred for client-side applications like this, as it doesn't require the use of the app secret.

As you mentioned though, the access token is returned on the URL fragment of the required redirect URI, so it's not acessible to the server. So, to get the access token back to a console app, you'll need to retrieve the access token via another means. Some options are:

  • display the access token on your redirect URI page, and have the user manually copy and paste it into the app 
  • run some JavaScript on your redirect URI page to get the access token from the fragment and send it to your app via a mechanism of your choosing (e.g., some other HTTPS/AJAX request)
aplowman's avatar
aplowman
Explorer | Level 4
6 years ago

Thanks for your reply. I'll try out these solutions!

This is a tricky situation for my app, since it will be mainly used on a remote cluster, where users connect via SSH and there is no desktop environment. I'm guessing there are no ways to authorise wholly in the command line?

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff
    6 years ago

    No, the Dropbox API only supports the "token" and "code" OAuth 2 flows, both of which require user interaction in the browser. 

    So in your case, given the interaction is with a remote machine, it sounds like having the user copy/paste the token may be the most reasonable option. You can use this page as your redirect URI for that if you want: https://www.dropbox.com/1/oauth2/display_token

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,877 PostsLatest Activity: 12 months ago
325 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!