cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community
English
Announcements
We are making some updates so the Community might be down for a few hours on Monday the 11th of November. Apologies for the inconvenience and thank you for your patience. You can find out more here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: IOS ASWebAuthenticationSession for OAuth

Labels:

IOS ASWebAuthenticationSession for OAuth

RTS S.
Helpful | Level 6
‎03-19-2019 06:50 PM
Go to solution

Previously I used a WKWebView  browser control to perform the OAUth. This allowed me to trap the redirect URL to obtain the access code. My redirect URL was http://localhost/Auth

Now I am using the Native browser interface ASWebAuthenticationSession This requires that you use an APPLICATION specific callback URL scheme for your redirect uri. i.e. MyAppName://Auth

The Dropbox APP console allows me to specifiy this as the Redirect URL but gives an error when I try to call the  oauth2/authrize endpoint using this as the redirect_uri

Labels:
  • 1 Likes
  • 6 Replies
  • 5,757 Views
1 Accepted Solution

Accepted Solutions

RTS S.
Helpful | Level 6
‎03-20-2019 12:23 PM
Go to solution

Thanks, I used the Code flow as it looked more secure.

It would seem that custom URL schemes would be as secure as LOCALHOST ... both of which can only work on the user's device.

 

 

 

View solution in original post

0 Likes
6 Replies 6

Greg-DB
Dropbox Staff
‎03-20-2019 08:35 AM
Go to solution

Can you share the full URL of the page displaying the error, as well as the text of the error itself? Thanks in advance! 

0 Likes

RTS S.
Helpful | Level 6
‎03-20-2019 11:34 AM
Go to solution 
    static let CLIENT_ID = "......"
    static let CLIENT_SECRET = "...."
    static let REDIRECT_URL = "myapp://Auth"
    static let OAUTH_URL = "https://www.dropbox.com/1/oauth2/authorize"
    
    override func OAuthURL() -> String {
      return String(format:"%@?redirect_uri=%@&response_type=code&client_id=%@&force_reapprove=true",
                    DropboxOAuthInfo.OAUTH_URL,
                    HTTP.urlEncode(DropboxOAuthInfo.REDIRECT_URL),
                    DropboxOAuthInfo.CLIENT_ID)
    }
0 Likes

RTS S.
Helpful | Level 6
‎03-20-2019 11:39 AM
Go to solution

The image did not get attached ... here it is as a link:

Screen Capture

0 Likes

Greg-DB
Dropbox Staff
‎03-20-2019 11:46 AM
Go to solution

Thanks! Based on the code you shared, I see that you're using the "code" flow (i.e., 'response_type=code'). For the code flow, only "https://" is allowed in the redirect URI (unless on localhost), so "myapp://" wouldn't be allowed.

Instead, for client-side applications like this, you should use the "token" flow, i.e., 'response_type=token'. That does allow custom URL schemes in redirect URIs, such as "myapp://". 

For more information on how to use the token flow, please refer to the /oauth2/authorize documentation.

0 Likes

RTS S.
Helpful | Level 6
‎03-20-2019 12:23 PM
Go to solution

Thanks, I used the Code flow as it looked more secure.

It would seem that custom URL schemes would be as secure as LOCALHOST ... both of which can only work on the user's device.

 

 

 

0 Likes

Eddyfc
New member | Level 2
‎05-02-2019 07:07 PM
Go to solution
{"swagger": "2.0", "basePath": "/", "paths": {"/model/metadata": {"get": {"responses": {"200": {"des
0 Likes
Need more support?