cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
Want to know what we learned at IBC? Check out our learnings on media, remote working and more right here.

Discuss Dropbox Developer & API

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Node.js server-side auth

Labels:

Node.js server-side auth

koradev_shane
Explorer | Level 3
‎03-09-2023 04:58 PM
Go to solution

Hi,

 

I am building an application using Strapi where users can upload files to the Strapi server (no dropbox needed at this point). Every week, I need to backup the files from the server to dropbox. This should happen without user interaction.

 

How can I authenticate the Node server with my Dropbox app to be able to upload these files? From what I understand of the OAuth flow, user interaction is required to authenticate (visit auth URL, tap Agree/Allow, be redirected with the `code` value in query and then use dbx SDK to getAccessTokenWithCode).

Labels:
  • 0 Likes
  • 2 Replies
  • 1,683 Views
0 Likes
1 Accepted Solution

Accepted Solutions

Здравко
Legendary | Level 20
‎03-10-2023 04:07 AM
Go to solution
@koradev_shane wrote:

... From what I understand of the OAuth flow, user interaction is required to authenticate (visit auth URL, tap Agree/Allow, be redirected with the `code` value in query and then use dbx SDK to getAccessTokenWithCode).

Hi @koradev_shane,

Yes, you need to perform OAuth flow least once. It depend is your action is one time action (or multiple times in short period ~4 hours) or need to proceed for longer. If you need one time action - access token generated either from your application page or received with OAuth flow should be enough. If you need access for longer, you need offline access type through refresh token. The OAuth flow itself doesn't need to be performed on your server. You can perform such a flow on the machine you have used to make above post (or any other machine) and use received results on your server without anything like URL, agree etc. there. 😉 Take a look how you can perform simplistic OAuth flow by hand here.

Hope this helps.

View solution in original post

2 Replies 2

Здравко
Legendary | Level 20
‎03-10-2023 04:07 AM
Go to solution
@koradev_shane wrote:

... From what I understand of the OAuth flow, user interaction is required to authenticate (visit auth URL, tap Agree/Allow, be redirected with the `code` value in query and then use dbx SDK to getAccessTokenWithCode).

Hi @koradev_shane,

Yes, you need to perform OAuth flow least once. It depend is your action is one time action (or multiple times in short period ~4 hours) or need to proceed for longer. If you need one time action - access token generated either from your application page or received with OAuth flow should be enough. If you need access for longer, you need offline access type through refresh token. The OAuth flow itself doesn't need to be performed on your server. You can perform such a flow on the machine you have used to make above post (or any other machine) and use received results on your server without anything like URL, agree etc. there. 😉 Take a look how you can perform simplistic OAuth flow by hand here.

Hope this helps.

Greg-DB
Dropbox Staff
‎03-10-2023 08:30 AM
Go to solution

@koradev_shane Здравко is correct; you'll need to process the OAuth app authorization flow at least once per account. For long-term access, you should request "offline" access to get a refresh token. Refresh tokens don't expire and can be re-used repeatedly without manual user interaction. You can find more information in the following resources:

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    Greg-DB Dropbox Staff
  • User avatar
    Здравко Legendary | Level 20
What do Dropbox user levels mean?