Forum Discussion

Helpful | Level 6

7 years ago

API secret in dropbox.oauth.DropboxOAuth2FlowNoRedirect and redistribution

Hi,

I am writing a simple app in the form of a python script which follows the OAuth2 procedure for the user to link and use their own account. Now, the DropboxOAuth2FlowNoRedirect() method requires both the app key *and* secret to be passed and I can't seem to reconciliate this with replies to similar questions, where it was specified that only the key is really needed. How would I go to redistribute the app without embedding (or revealing) the app key?

API

Greg-DB
7 years ago
The Dropbox OAuth 2 app authorization implementation supports two different flows:
- the "code" flow: this flow requires both the app key and secret
- the "token" flow: this flow only requires the app key

The `DropboxOAuth2FlowNoRedirect` class in the Dropbox Python SDK uses the "code" flow, so it requires the app key and secret.

The Python SDK doesn't implement the "token" flow unfortunately, but I'll pass this along as a feature request.

That being the case, to distribute a client-side Python app without including the app secret, you'd need to implement the token flow yourself, either by modifying the SDK or without using the SDK at all. Note that the token flow requires a redirect URI though, so you'd need to use a local redirect URI.

Greg-DB
Dropbox Staff
7 years ago
The Dropbox OAuth 2 app authorization implementation supports two different flows:
- the "code" flow: this flow requires both the app key and secret
- the "token" flow: this flow only requires the app key

The `DropboxOAuth2FlowNoRedirect` class in the Dropbox Python SDK uses the "code" flow, so it requires the app key and secret.

The Python SDK doesn't implement the "token" flow unfortunately, but I'll pass this along as a feature request.

That being the case, to distribute a client-side Python app without including the app secret, you'd need to implement the token flow yourself, either by modifying the SDK or without using the SDK at all. Note that the token flow requires a redirect URI though, so you'd need to use a local redirect URI.
- salven
  Helpful | Level 6
  7 years ago
  Thank you, Greg, that helps a lot.
- Manotai M.
  New member | Level 2
  7 years ago
  การทำงานversionเก่ามีผลต่อการใช้งานในDropboxของฉัน
  - Greg-DB
    Dropbox Staff
    7 years ago
    Manotai M. If you're having trouble with Dropbox itself, you can contact support here:
    
    https://www.dropbox.com/support
    
    [This thread is now closed. If you have a similar or new question, you can ask here]

About Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,876 PostsLatest Activity: 4 hours ago

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!

Forum Discussion

API secret in dropbox.oauth.DropboxOAuth2FlowNoRedirect and redistribution

About Dropbox API Support & Feedback

Related Content

Simple Node script not working with clientId /secret

Using refresh token without client secret

App Code and App Secret Input php curl

Photos with friends, secret family recipes, pet videos, team projects - how are you using Dropbox?

is there any Java sdk method to generate access token on the run by taking app key and app secret??

Recent Discussions

Dropbox internal error occured - Resolution

How to add the entire team to team folder by api

API Upload .HEIC and convert to JPG

Invalid Folder Name with Team API

Zapier - 409 error path/not found