We're making changes to the Community, so you may have received some notifications - thanks for your patience and welcome back. Learn more here.
Forum Discussion
App
I have a Dropbox App in development. It needs to upload and download files for a given client account. This account is not my account that files are being uploaded and dowloaded to, it's the client...
When using the Dropbox OAuth app authorization flow, the resulting access token (and refresh token, if requested) will be connected to whichever account was signed in and authorized the app during the app authorization flow. Any API calls made with that access token will be made for that particular account.
So, when you process the app authorization flow while signed in to your account, the app receives an access token for your account. To get an access token for your client's account, they should process the app authorization flow for your app while signed in to their account.
Thanks Greg.
I think I am missing one thing. The App already has full access, The App connects with oauth2 flow and I can query my acocunt. The part I think I am missing is during the OAuth2 flow. Where in the Auth call or Token call am I specifying the other account. How does the call to the API know which account is requesting an auth token for the first time? For instance, in another product, the user is made to log in or sign up for an account prior to allowing the App to have access. Does the same go for Dropbox? Is it the logging into Dropbox during the oAuth2 request, if the client is not already logged in, the thing that identfies which account is requesting access? Same would go for if the client is already logged in to Dropbox. Being logged into Dropbox identifies the account and I don't have to actually pass anything extra to the Apps already working oAuth2 flow. Note, this is first time not returning clients.
Greg-DB
Dropbox Staff
Dropbox StaffWhen using the Dropbox OAuth app authorization flow, the resulting access token (and refresh token, if requested) will be connected to whichever account was signed in and authorized the app during the app authorization flow. Any API calls made with that access token will be made for that particular account.
So, when you process the app authorization flow while signed in to your account, the app receives an access token for your account. To get an access token for your client's account, they should process the app authorization flow for your app while signed in to their account.
Thanks Greg.
That is the answer. Much appreciated. Take care.
