We're making changes to the Community, so you may have received some notifications - thanks for your patience and welcome back. Learn more here.
Forum Discussion
CySDeveloper
3 years agoExplorer | Level 3
List files in app folder of user
Hi,
Please help as I am sort of stuck...
I am developing a dropbox app to load files in to our system that have been dropped into an application folder by some user.
So when configuring this th...
- 3 years ago
Any access token gives access to particular user content to be processed with particular access rights. It doesn't matter what type of client you have used (web or other).
Available content is restricted to selected application access (to entire account or to application folder only). Access rights are restricted to the selected scopes, if any. That's it.
Classical access token, used in API calls, doesn't need any additional application authentication despite of Dropbox always knows what application the particular token has been issued to. It denotes an user always. If you mean refresh token, then on refresh the application needs to authenticate again. If you are using SDK, normally you shouldn't care for that. Your SDK will take care.
CySDeveloper wrote:...
Or, and this might be an answer to my question, do i get a special access-token returned that is specifically for the application id/user combination?
To be honest, I'm not sure what exactly you mean here. Does the above cover your question?
CySDeveloper
Explorer | Level 3
yes i know they are mutually exclusive, my sentence was a bit convoluted.
It was trying to say that it made no sense to have an app with restricted access settings if in the end if the app wants to do anything with files in the application folder (of a user that installed the app and agreed to the restricted access) the app must connect using the access token of the user that was captured when he agreed to install the app and thus with FULL access to the user account.
Are you sure that all dropbox apps in the end access the files in the application folder with FULL access rights??
Здравко
3 years agoLegendary | Level 20
CySDeveloper wrote:...
Are you sure that all dropbox apps in the end access the files in the application folder with FULL access rights??
😁 I don't know what you mean "FULL access". You have access to one subfolder of App folder only. The one associated to your application. You can NOT perform anything outside this folder, which is just a single folder in user account. In addition, got restricted to selected scopes... Is this full access?! I don't think so.
There is another possibility. If your activities are restricted to what is possible to be performed with "App Authentication", then Yes, you can use such. Take in mind that such activities are strongly restricted to data that are in one or another way public. For example if you want to get a thumbnail of a file shared with share link or residing within a share folder or to list files in such folder... Most probably that's not what you are looking for.
- CySDeveloper3 years agoExplorer | Level 3
Sorry for the unclarity..
If i do a request in a front-end web client for authorization of the application.
Then the user has to login and approve the application, so when the approval comes back i get the access token from the user-login.
So when i store the access token and i use it I would have full access, as it is the token from the user login.
Or, and this might be an answer to my question, do i get a special access-token returned that is specifically for the application id/user combination?
- Здравко3 years agoLegendary | Level 20
Any access token gives access to particular user content to be processed with particular access rights. It doesn't matter what type of client you have used (web or other).
Available content is restricted to selected application access (to entire account or to application folder only). Access rights are restricted to the selected scopes, if any. That's it.
Classical access token, used in API calls, doesn't need any additional application authentication despite of Dropbox always knows what application the particular token has been issued to. It denotes an user always. If you mean refresh token, then on refresh the application needs to authenticate again. If you are using SDK, normally you shouldn't care for that. Your SDK will take care.
CySDeveloper wrote:...
Or, and this might be an answer to my question, do i get a special access-token returned that is specifically for the application id/user combination?
To be honest, I'm not sure what exactly you mean here. Does the above cover your question?
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,875 PostsLatest Activity: 2 months agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!