cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
We are making some updates so the Community might be down for a few hours on Monday the 11th of November. Apologies for the inconvenience and thank you for your patience. You can find out more here.

Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[python and Dropbox API] New users cannot access files in my /app/ folder

[python and Dropbox API] New users cannot access files in my /app/ folder

mooreppj
Explorer | Level 4
Go to solution

Good morning,

I have been developing an app for my company that uses Dropbox to store some files that should be read/written to when the user uses the auto-py-to-exe .exe I've made that is locally installed on our user's computers.   This is my first time using Dropbox's API so the finer points may have been lost so please be patient!

What I'm trying to do:

When a user opens my .exe, an access token for that user is generated using the OAuth flow as I understand it:

  • the .exe checks to see if an access token for a new user exists in the program's local cache on the user's PC.
  • If no access token is found, it asks the user to log into Dropbox through a web browser, accept access to the app (using the app's key), and get an authorization token.
  • The user then copys and pastes this authorization token into a text prompt the .exe provides. 
  • This authorization token is then exchanged with the app's secret key to obtain an access token for that user which is stored locally for future logins on the user's PC.
  • If this is successful, the user only has to do this one time and henceforth will go straight into the .exe without needing to do any more OAuth on their part.

This has been successful and the authorization tokens and access tokens seem to be generating valid dropbox.dropbox(<access code>) objects.  I can query these objects for different users and see that the tokens are valid for the app key/secret pair the .exe parses.  My understanding is that this access token is tied directly to the app on Dropbox.  As in; the root path for searching for files is the root path of the app itself: <Dropbox>/Apps/<My App>/.  This should be the same for every user who makes a call to the API using the access token that is generated and saved.

Next, I have my .exe copy files from my /app/ folder on Dropbox locally and create a backup.  I do this to limit the number of API calls my .exe has to do and allows the user to have a file from the /app/ and have a copy of their version.  When the user is finished, I have the user commit the file back to Dropbox if they've done any changes.  

What is not working?

My .exe does not find any files when users other than myself generate access tokens.  During debugging, I am able to call

DBX.files_list_folder(path="")

for my access token and obtain every file/folder in my <Dropbox>/Apps/<My App> folder.  Further, my .exe works as designed using my access token.

When others use the program (or in my case during debugging, I use a different dropbox account to get an access token not associated with my 'developer's' account) the files_list_folder(path="") returns with no files found.  Namely, I get an empty list for "entries", a cursor (a giant string), and the has_more property being False.

I'm running the exact same code for different access tokens and getting different results.  The only thing that seems to be different is that it works when the access token provided points to my personal account (who owns the app in Dropbox) so this is what I suspect the problem is.

I'm at a loss.  Is there something obvious I'm missing as to why other users who successfully have access to my App via OAuth can't see or obtain the files in the App folder they are making calls through?  I should note that on dropbox my app is in "Development" status and I don't want to go through the process of getting into "Production" status given the very small number of users.  Could this be the reason why no one can access these files?

Thanks for any and all information anybody can provide!

1 Accepted Solution

Accepted Solutions

Greg-DB
Dropbox Staff
Go to solution

Thanks for the detailed question! The "development"/"production" status wouldn't be the issue here, and most of the rest of your understanding is correct. (And if you don't need to connect to more than 50 users, you don't need production status regardless.)

It sounds like the issue here is that each user receives their own distinct "app folder". When a user authorizes an app with the "app folder" permission to access their account. Dropbox automatically creates a new app folder in the user's account. Dropbox then returns an access token specific to that app-user pair, which will only allow access to that user's own app folder. Each app folder starts empty, and the app folders for different users do not sync with each other.

If you want to start each user out with some content in their app folder, you'd need to have the app upload that file content when they first connect to the app.

Or, if you want all users of your app to connect to the same content and have that sync, you'd instead need to register and use an app with the "full Dropbox" permission and invite all of the users to a single shared folder that you've previously configured for them. Apps with the "full Dropbox" permission don't get app folders, and can instead access anything in the connected accounts, such as shared folders.

View solution in original post

2 Replies 2

Greg-DB
Dropbox Staff
Go to solution

Thanks for the detailed question! The "development"/"production" status wouldn't be the issue here, and most of the rest of your understanding is correct. (And if you don't need to connect to more than 50 users, you don't need production status regardless.)

It sounds like the issue here is that each user receives their own distinct "app folder". When a user authorizes an app with the "app folder" permission to access their account. Dropbox automatically creates a new app folder in the user's account. Dropbox then returns an access token specific to that app-user pair, which will only allow access to that user's own app folder. Each app folder starts empty, and the app folders for different users do not sync with each other.

If you want to start each user out with some content in their app folder, you'd need to have the app upload that file content when they first connect to the app.

Or, if you want all users of your app to connect to the same content and have that sync, you'd instead need to register and use an app with the "full Dropbox" permission and invite all of the users to a single shared folder that you've previously configured for them. Apps with the "full Dropbox" permission don't get app folders, and can instead access anything in the connected accounts, such as shared folders.

mooreppj
Explorer | Level 4
Go to solution

Hello Greg,

That was precisely the problem.  I had the app registered without the full dropbox permission.  Almost certainly what you said was occurring; each user who logged in was using access tokens pointing to their OWN app folders which obviously had no files in it.

Thank you very much, you've saved an absolute ton of time for me today.  Have a great weekend!

Need more support?
Who's talking

Top contributors to this post

  • User avatar
    mooreppj Explorer | Level 4
  • User avatar
    Greg-DB Dropbox Staff
What do Dropbox user levels mean?