You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
Authentication for command line app
I'm writing an app in Python, that needs to access the Dropbox APIv2. However, if I follow the typical OAuth flow for user authentication, I will have to include my APP_KEY and APP_SECRET in the source code -practically sharing it with anyone willing to have a look.
What is the suggested way of authentication users in a similar setup?
- Greg-DB
Dropbox Staff
This is a general problem with using OAuth in client-side applications, since client-side apps like this can't keep secrets. OAuth 2 addresses this with the "token" or "implicit" flow. When using the token flow (as opposed to the "code" flow), the app doesn't need the app secret to get an access token for the user. You can find more information on the different flows in the documentation here:
https://www.dropbox.com/developers/documentation/http/documentation#authorization
For a client-side app like this, you should use the token flow. Also, you didn't mention if you're using it, but for reference, the official Dropbox Python SDK is mainly meant for server-side apps, where the secret can be kept secret, so it doesn't support the token flow.
Thank you Gregory.
Yes, I'm using the Dropbox Python SDK. Please consider supporting the token flow in a future release of the SDK.
Thanks again.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
