We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.
Forum Discussion
Node.js server-side auth
Hi,
I am building an application using Strapi where users can upload files to the Strapi server (no dropbox needed at this point). Every week, I need to backup the files from the server to dropbox. This should happen without user interaction.
How can I authenticate the Node server with my Dropbox app to be able to upload these files? From what I understand of the OAuth flow, user interaction is required to authenticate (visit auth URL, tap Agree/Allow, be redirected with the `code` value in query and then use dbx SDK to getAccessTokenWithCode).
koradev_shane wrote:... From what I understand of the OAuth flow, user interaction is required to authenticate (visit auth URL, tap Agree/Allow, be redirected with the `code` value in query and then use dbx SDK to getAccessTokenWithCode).
Hi koradev_shane,
Yes, you need to perform OAuth flow least once. It depend is your action is one time action (or multiple times in short period ~4 hours) or need to proceed for longer. If you need one time action - access token generated either from your application page or received with OAuth flow should be enough. If you need access for longer, you need offline access type through refresh token. The OAuth flow itself doesn't need to be performed on your server. You can perform such a flow on the machine you have used to make above post (or any other machine) and use received results on your server without anything like URL, agree etc. there. 😉 Take a look how you can perform simplistic OAuth flow by hand here.
Hope this helps.
koradev_shane wrote:... From what I understand of the OAuth flow, user interaction is required to authenticate (visit auth URL, tap Agree/Allow, be redirected with the `code` value in query and then use dbx SDK to getAccessTokenWithCode).
Hi koradev_shane,
Yes, you need to perform OAuth flow least once. It depend is your action is one time action (or multiple times in short period ~4 hours) or need to proceed for longer. If you need one time action - access token generated either from your application page or received with OAuth flow should be enough. If you need access for longer, you need offline access type through refresh token. The OAuth flow itself doesn't need to be performed on your server. You can perform such a flow on the machine you have used to make above post (or any other machine) and use received results on your server without anything like URL, agree etc. there. 😉 Take a look how you can perform simplistic OAuth flow by hand here.
Hope this helps.
- Greg-DB
Dropbox Staff
koradev_shane Здравко is correct; you'll need to process the OAuth app authorization flow at least once per account. For long-term access, you should request "offline" access to get a refresh token. Refresh tokens don't expire and can be re-used repeatedly without manual user interaction. You can find more information in the following resources:
- https://developers.dropbox.com/oauth-guide
- https://www.dropbox.com/developers/documentation/http/documentation#authorization
- https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens#updating-access-token-type
- https://dropbox.tech/developers/using-oauth-2-0-with-offline-access
- https://github.com/dropbox/dropbox-sdk-js/blob/b5631e4b5b0e9eb6d3297e1ee57ad29a63d49898/examples/javascript/PKCE-backend/code_flow_example.js#L38
About Discuss Dropbox Developer & API
Make connections with other developers
