Dropbox custom URL scheme

squidlauncher64 · ‎11-15-2023

I am developing an expo app. It needs to redirect back to the app after users have given authentication. When I was using expo go for basic testing this seemed to work fine but now that I am testing a development build and eventually a production build my process does not seem to work. I can navigate to dropbox.com/oauth2/authorize but returning to the app after receiving permission from the user seems to be the issue.

In my app.json file I have:

"expo": {

"scheme": "myapp",

}

Here is how I build my redirect URI:

import * as AuthSession from 'expo-auth-session';

export function StartupAutheticationScreen() {

const dropboxRedirURI = AuthSession.makeRedirectUri({path: 'Auth'});

...

}

The authentication process works until i give permission. Once I click 'allow' I am not redirected to my app. Any help would be greatly appreciated. Thanks!

Здравко · ‎11-15-2023

Hi @squidlauncher64,

You're providing too few info for what actually you're going to do. Why at all you need special scheme for your application? In general Dropbox API supports only HTTPS scheme as redirect URI and HTTP if the host is 'localhost' only. On mobile devices are supported also 'db-<APP KEY>' schemes. As far as I know no other custom schemes are possible! Anyway, for web applications usually the classical web protocol is enough. 🤔 Or not?

squidlauncher64 · ‎11-15-2023

Thank you for replying! This is for an application for mobile devices. I would prefer to be directly routed back to the phone app to handle the access tokens. I guess I could reroute to a website domain I just think it would be cleaner this way. Dropbox did successfully reroute me to the 'expo go' app after authentication and I know that redirect URI was something along the lines of exp://127.0.0.1:19000. The problem is returning back to the app in development and production builds once authentication has completed.

Здравко · ‎11-15-2023

@squidlauncher64 wrote:
... This is for an application for mobile devices. I would prefer to be directly routed back to the phone app to handle the access tokens. ...

Yes, you can do it. That's exactly what 'db-<APP KEY>' scheme is for (where <APP KEY> is your application's key). Your application should be ready to handle redirect URI like 'db-<APP KEY>://1/connect'. And URL to start from is a bit different (https://www.dropbox.com/1/connect).

Good luck.

squidlauncher64 · ‎11-15-2023

Thank you for your response. I have attempted using 'db-<APP KEY>' with my actual app key and I am still not redirected to the mobile app. The allow button is greyed out. Do you have any other ideas?

Greg-DB · ‎11-16-2023

@squidlauncher64 It is possible to use a custom URI scheme with the Dropbox OAuth app authorization flow, using the code flow with PKCE. For example, I just tried this out with an authorization URL like this:

https://www.dropbox.com/oauth2/authorize?client_id=APPKEYHERE&response_type=code&redirect_uri=customscheme://redirect&code_challenge=CODECHALLENGEVALUEHERE&code_challenge_method=plain

Dropbox did then return the redirect to the "customscheme://redirect" redirect URI, as you can see in this screenshot:

I don't actually have an installed app registered for the "customscheme://" scheme though, so my browser accordingly reported the NS_ERROR_UNKNOWN_PROTOCOL error for that network request, and the "Allow" button is left disabled.

It sounds like that's what's happening in your case; Dropbox is attempting to perform the redirect requested, but your system was unable to process that URL scheme for whatever reason.

Exactly how you register your custom URL scheme will depend on your platform, but that's outside the scope of Dropbox API support so I can't offer insight on that. You may need to refer to the documentation or support resources for your platform for information on how to set that up.

Здравко · ‎11-16-2023

@squidlauncher64 wrote:
... I have attempted using 'db-<APP KEY>' with my actual app key and I am still not redirected to the mobile app. ...

Hm...🤔 I just tried it out too:

... and finally as a result (after hitting Allow) I got:

Here oauth_token_secret is authentication code actually (the one masked in green).

If you got something different, post screenshots of the exact steps.

Greg-DB · ‎11-16-2023

Please note that the /1/connect page is only meant for use by the official Dropbox SDK(s) and is not documented or intended for third party implementations. When implementing the OAuth app authorization yourself, please use /oauth2/authorize, documented here, e.g., as shown in my previous message.

Здравко · ‎11-16-2023

@Greg-DB wrote:
Please note that the /1/connect page ... is not documented or intended for third party implementations. ...

Hm...🤔 Really? In such a case what's something not "intended for third party implementations" doing inside official Dropbox SDK (public accessible and documented) that's intended for third party implementations? 🧐 Isn't strange enough? 😁

Greg-DB · ‎11-16-2023

@Здравко To clarify, that is meant for the implementation in the official Dropbox SDK(s), and third parties can certainly use the official Dropbox SDKs, but third parties are not meant to re-implement the functionality using /1/connect themselves.

Dropbox custom URL scheme

Dropbox custom URL scheme

Top contributors to this post