We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.

Forum Discussion

sosnos's avatar
sosnos
Explorer | Level 4
5 years ago

Dropbox Authentication only with code

I need to create a React app that gives the possibility of uploading files on Dropbox, and I'm having some doubts about how to make the Dropbox Authentication with Javascript code. I don't want the user to be redirected to the "Authorization page" where he has to click on some button, but I want to get the permission to my App and my files only by code. I tried to use the official SDK but I got redirected to said authorization page. Is there a way to do that, with or without the official SDK? Or am I thinking it wrong and the authorization page actually appears just one time and the next ones I can get the authorization and the token just with my Javascript code?

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    In order to get an access token for a user's account in order to interact with the user's Dropbox account programmatically, you do need to get authorization from the user at least once. An app gets authorization from the user by sending them through the OAuth app authorization flow. If the user authorizes the app, the app will receive an access token it can use to call the API, and optionally a refresh token. The app can store and re-use that, so it doesn't need to send the user through the authorization flow again. 

     

    Depending on what settings you use though, you may need to send the use through the authorization flow again occasionally to get a new access token. Please first read the OAuth Guide for information on the different options available and what kind of input they do or don't require from the user. 

    • sosnos's avatar
      sosnos
      Explorer | Level 4

      Sorry for the late reply, I understand now why I have to do the authorization step. I followed the Image Flipping code on GitHub and successfully got my user in, but I noticed it works with an old version of the Dropbox Javascript SDK; I tried to use the latest version but the code didn't go through because there's no "getAuthenticationURL" in the new SDK.  Can I still use the old version or should I try to use the latest version?

  • Robert S.138's avatar
    Robert S.138
    Helpful | Level 7

    In addition to what Greg said, I would add that there is a very good reason for requiring that the user go through the explicit authorization process on a web page at least once.  If there were a way to accomplish the same thing without ever sending the user to a web page, it would then be possible for malicious app code to trick the user into devulging their Dropbox password to the app.  If an app can see the user's Dropbox password then the app could send it to a malicious entity that could then break into the user's Dropbox and compromise their privacy.  As it is, the app never sees the user's password.  And the web page ensures that the user is fully informed as to why they are being asked for their password, and their security is protected.