You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
Dropbox Authentication only with code
I need to create a React app that gives the possibility of uploading files on Dropbox, and I'm having some doubts about how to make the Dropbox Authentication with Javascript code. I don't want the user to be redirected to the "Authorization page" where he has to click on some button, but I want to get the permission to my App and my files only by code. I tried to use the official SDK but I got redirected to said authorization page. Is there a way to do that, with or without the official SDK? Or am I thinking it wrong and the authorization page actually appears just one time and the next ones I can get the authorization and the token just with my Javascript code?
sosnos We recommend using the latest version of the official Dropbox SDK. You can find the official API v2 Dropbox JavaScript SDK here, including the official documentation and examples. That does contain the 'getAuthenticationUrl' method, documented here. You can find an example of using that here.
- Greg-DB
Dropbox Staff
In order to get an access token for a user's account in order to interact with the user's Dropbox account programmatically, you do need to get authorization from the user at least once. An app gets authorization from the user by sending them through the OAuth app authorization flow. If the user authorizes the app, the app will receive an access token it can use to call the API, and optionally a refresh token. The app can store and re-use that, so it doesn't need to send the user through the authorization flow again.
Depending on what settings you use though, you may need to send the use through the authorization flow again occasionally to get a new access token. Please first read the OAuth Guide for information on the different options available and what kind of input they do or don't require from the user.
Sorry for the late reply, I understand now why I have to do the authorization step. I followed the Image Flipping code on GitHub and successfully got my user in, but I noticed it works with an old version of the Dropbox Javascript SDK; I tried to use the latest version but the code didn't go through because there's no "getAuthenticationURL" in the new SDK. Can I still use the old version or should I try to use the latest version?
- Greg-DB
sosnos We recommend using the latest version of the official Dropbox SDK. You can find the official API v2 Dropbox JavaScript SDK here, including the official documentation and examples. That does contain the 'getAuthenticationUrl' method, documented here. You can find an example of using that here.
In addition to what Greg said, I would add that there is a very good reason for requiring that the user go through the explicit authorization process on a web page at least once. If there were a way to accomplish the same thing without ever sending the user to a web page, it would then be possible for malicious app code to trick the user into devulging their Dropbox password to the app. If an app can see the user's Dropbox password then the app could send it to a malicious entity that could then break into the user's Dropbox and compromise their privacy. As it is, the app never sees the user's password. And the web page ensures that the user is fully informed as to why they are being asked for their password, and their security is protected.
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
