1

I want to use Dropbox for my file share application, using Core Dropbox APIs. I am using OAuth 2.0 APIs for authentication (Implicit Grant Method). The issue is, In order to obtain the access token, I need to be logged-in to dropbox account or it redirects me to Dropbox login page. I don't want my users to enter the login crediantials.

Is there any way to avoid login process, and directly get access token?? Or Alternatively can I do login using some login api in backend, without user iteraction??

here I am considering a single Dropbox account, whose all necessary crediantials are with me.

Thanks.

akhileshmoghe
  • 603
  • 8
  • 21

4 Answers4

2

Yes you can do this.

Do the following:

Go to https://www.dropbox.com/developers Click on "App Console" Click on "Create App" Select "Dropbox API app" Select "Files and Datastores" for the type of data. Answer the rest of the questions with your own preference for access

Here's the bit that you need. Once the app is setup, in the App Console, click on the app. On the main page for the app, in the OAUTH2 section, there's a button that says "Generate Access Token".

Click on this button, and it will generate a non-expiring access token that you can copy/paste and use in your app to give you access without having to do the Oauth2 authentication dance.

Here's an example of using the access token with curl to list files in a folder (and get other meta data).

curl https://api.dropbox.com/1/metadata/dropbox/YourFolder -H "Authorization:Bearer XYZ123"

Where XYZ123 is your access token you generated from the app console of the app.

As long as you include the Authorization: Bearer in the header of your request, you can use all the API calls in the Core API withouth having to supply an app ID, secret, or do the oauth2 authentication dance.

Severun
  • 2,893
  • 1
  • 16
  • 22
  • This worked for me with just one addition, in the API calls for another user you have to specify the HTTP header: "Dropbox-API-Select-User" : "dbmid:ABCDEFG......" for the given user. – Martin Laukkanen Dec 01 '17 at 15:47
0

Since you want to use your Dropbox account to store the files, there's no reason to bother other/your users with a login: just obtain an access_token for your client in the regular way (which requires you to login to Dropbox) store it in your application and use that access_token in your calls to the Dropbox APIs. Dropbox' access token never expires according to Dropbox Access Token Expiry so that should be all you need.

Community
  • 1
  • 1
Hans Z.
  • 50,496
  • 12
  • 102
  • 115
  • Yes Access Token never expires itself, but I have a specific requirement to disable the Access Token after sometime, so that file share URL is vailable for limited time only. To acquire the fresh Access Token, dropbox needs to be logged in, This specific condition I want to overcome, which needs user interaction. – akhileshmoghe Jan 07 '15 at 13:36
  • you're looking for a `refresh_token` which is something that is not supported by Dropbox – Hans Z. Jan 07 '15 at 13:41
  • But from Dropbox App Console, we can generate new Access Tokens every time, somehow I wnt to implement that functionality. – akhileshmoghe Jan 07 '15 at 13:44
  • It's not possible to programmatically get a new access token for the Dropbox API like this, but note that revoking a Dropbox API access token doesn't actually disable shared links anyway. There's currently no API calls for revoking shared links, but you can do so manually via: https://www.dropbox.com/links . – Greg Jan 07 '15 at 17:01
  • Giving others access to your account might not be a good idea: You could probably be made responsible for content someone else put there. Also this would allow any user to delete all content. – phobic Jan 07 '15 at 20:46
  • I'm assuming that the setup is such that the token is only available in the backend and not exposed to the user at any time. – Hans Z. Jan 07 '15 at 20:57
  • @Greg If I disable my previous Access Token, all shared links generated with that token will expire, that the reason I am thinking about getting new access token in intervals and disabling it afterwards. I guess, We can regenarate Access Token, but it brings up login steps to follow, and login screen scrapping is not reliable solution for it. I guess there is no reliable solution to bypass login activity in this case. Thanks for the support guys. – akhileshmoghe Jan 08 '15 at 07:06
  • I guess [OneDrive](https://onedrive.live.com/), [Google Drive](http://www.google.co.in/drive/), all these sevices are running on same principle. On these also I have to deal with login and user interaction at some step. Is there any services available like dropbox, where I can overcome above issues?? – akhileshmoghe Jan 08 '15 at 07:13
  • @HansZ. Yes, the architecture is such that token will be only handled by backend, not exposed to users. But this token is appended with https request with auth parameter, and this way it may get exposed, thats one reason I need to expire it and generate new one in intervals. – akhileshmoghe Jan 08 '15 at 07:17
  • @akhilesh1988: Google Drive offers a service account. You can only access it via the API, but there is no user interaction involved in the login process. Not sure if it implements revoking shared links though. Can't you simply delete the files? – phobic Jan 08 '15 at 18:01
  • @phobic Yes, I am looking at Soosle Drive Service account and APIs, I guess it will fulfill requirements here. I want to avoid re uploading of same file, want to simply unshare for the time being. – akhileshmoghe Jan 09 '15 at 04:56
0

As you have probably seen in the core api documentation, Dropbox does not offer this feature.

You can automate the process by simulating the user interaction with the website, though. This can be done with the requests module. I developed a solution for my project:

https://github.com/joe42/CloudFusion/blob/master/cloudfusion/store/dropbox/dropbox_store.py#L214

Maybe this can be done more easily using a solution like PhantomJS, though I did not know about it at that time.

phobic
  • 914
  • 10
  • 24
  • be aware that this type of screen scraping is bound to break sooner or later – Hans Z. Jan 07 '15 at 19:56
  • @Greg: Hmm, I disagree. But I guess our interpretation of the text does not really matter. I would be interested in the opinion of an expert in this area and the opinion of Dropbox concerning this. – phobic Jan 08 '15 at 11:41
0

Putting probable solution to my own question here: The main issue here was about re-generation of the Access Token at some intervals, that too without any user interaction, a backend stuff. After going through Dropbox APIs, I concluded there is no API exposed for re-generation of Access Token automatedly. But Google Drive do offer Service Account, which do not require user interaction.

akhileshmoghe
  • 603
  • 8
  • 21