You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
koradev_shane
2 years agoExplorer | Level 3
Node.js server-side auth
Hi,
I am building an application using Strapi where users can upload files to the Strapi server (no dropbox needed at this point). Every week, I need to backup the files from the server to dropbox. This should happen without user interaction.
How can I authenticate the Node server with my Dropbox app to be able to upload these files? From what I understand of the OAuth flow, user interaction is required to authenticate (visit auth URL, tap Agree/Allow, be redirected with the `code` value in query and then use dbx SDK to getAccessTokenWithCode).
koradev_shane wrote:... From what I understand of the OAuth flow, user interaction is required to authenticate (visit auth URL, tap Agree/Allow, be redirected with the `code` value in query and then use dbx SDK to getAccessTokenWithCode).
Hi koradev_shane,
Yes, you need to perform OAuth flow least once. It depend is your action is one time action (or multiple times in short period ~4 hours) or need to proceed for longer. If you need one time action - access token generated either from your application page or received with OAuth flow should be enough. If you need access for longer, you need offline access type through refresh token. The OAuth flow itself doesn't need to be performed on your server. You can perform such a flow on the machine you have used to make above post (or any other machine) and use received results on your server without anything like URL, agree etc. there. 😉 Take a look how you can perform simplistic OAuth flow by hand here.
Hope this helps.
- ЗдравкоLegendary | Level 20
koradev_shane wrote:... From what I understand of the OAuth flow, user interaction is required to authenticate (visit auth URL, tap Agree/Allow, be redirected with the `code` value in query and then use dbx SDK to getAccessTokenWithCode).
Hi koradev_shane,
Yes, you need to perform OAuth flow least once. It depend is your action is one time action (or multiple times in short period ~4 hours) or need to proceed for longer. If you need one time action - access token generated either from your application page or received with OAuth flow should be enough. If you need access for longer, you need offline access type through refresh token. The OAuth flow itself doesn't need to be performed on your server. You can perform such a flow on the machine you have used to make above post (or any other machine) and use received results on your server without anything like URL, agree etc. there. 😉 Take a look how you can perform simplistic OAuth flow by hand here.
Hope this helps.
- Greg-DBDropbox Staff
koradev_shane Здравко is correct; you'll need to process the OAuth app authorization flow at least once per account. For long-term access, you should request "offline" access to get a refresh token. Refresh tokens don't expire and can be re-used repeatedly without manual user interaction. You can find more information in the following resources:
- https://developers.dropbox.com/oauth-guide
- https://www.dropbox.com/developers/documentation/http/documentation#authorization
- https://dropbox.tech/developers/migrating-app-permissions-and-access-tokens#updating-access-token-type
- https://dropbox.tech/developers/using-oauth-2-0-with-offline-access
- https://github.com/dropbox/dropbox-sdk-js/blob/b5631e4b5b0e9eb6d3297e1ee57ad29a63d49898/examples/javascript/PKCE-backend/code_flow_example.js#L38
About Discuss Dropbox Developer & API
Make connections with other developers
795 PostsLatest Activity: 9 hours agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!