The terms “app key”, “app secret”, "authorization code”, “access token”, and “refresh token” describe distinct objects which are not interchangeable.In either case, setting redirect_uri is not expected when calling /oauth2/token with grant_type=refresh_token. If the app does not set redirect_uri on the /oauth2/authorize URL, it must not set redirect_uri when calling /oauth2/token with grant_type=authorization_code to exchange the resulting authorization code. If the app sets redirect_uri when configuring the /oauth2/authorize URL, it must also set the same redirect_uri when calling /oauth2/token with grant_type=authorization_code to exchange the resulting authorization code. While the use of a redirect URI is optional, apps must be consistent in specifying or not specifying it during a given authorization flow.When using response_type=code, a redirect URI is optional, regardless of using offline access or not (or using PKCE or not).Server-side apps should use response_type=code and client-side apps should use response_type=code with PKCE.The use of response_type=code is necessary for offline access response_type=token does not support offline access. However, response_type=token is considered legacy and no longer recommended. Dropbox supports both response_type=code and response_type=token.Here’s an example of calling this endpoint using curl: Here’s an example of what the “online” flow looks like:Ĭonstruct the /oauth2/authorize URL like the following and direct the user there:Īfter the user has authorized your app, they’ll be sent to your redirect URI, with a few query parameters:Įxchange the resulting authorization code for an access token, by calling the /oauth2/token endpoint. If a user has previously authorized an app, re-authorization is typically a single click or automatically redirected. If the app needs further access after the short-lived access token expires, the app can send the user through the app authorization flow again. In that case, the app receives a short-lived access token when the user processes the authorization flow. For example, a web app that only interacts with a user’s Dropbox files when the user is actively interacting with the app would only need “online” access. If you don't need to call any team endpoints (e.g., if you just need to call file endpoints, such as files_list_folder ), I recommend this solution instead for simplicity and security.If your app only needs access for a short period of time, or only needs to operate when the user is present, then you only need to use “online” access. You can find more information on scopes in the OAuth Guide. The access token without the team scopes will be specific to the particular account (Business or not) and so will not require the additional header. In the Python SDK, you can set the header using DropboxTeam.as_user.Īlternatively, if you just want to connect to a particular account, you can disable any team scopes and get a new access token without them. The value should be the 'team_member_id' for whichever member you wish to act on behalf of, such as returned by team_members_list/ team_members_list_continue, or team_members_get_info, etc. To do this, you'd need to specify the 'Dropbox-API-Select-User' header. So, when using a team-scoped access token to access user-specific endpoints, such as files_list_folder, you will need to specify which member of the team you want to operate on behalf of. For reference, when using any "team scopes", the resulting access token is connected to an entire Dropbox Business team, not an individual account. Member_id = This error message you're getting is referring to specifying what account on the Business team to operate on behalf of. When getting the member ID, would you use something like: I do not see in the documentation how to set the "select_user" or "Dropbox-API-Select-User" parameters in the python API. Since your API app key has team member file access permissions, you can operate on a team member\'s Dropbox by providing the "Dropbox-API-Select-User" HTTP header or "select_user" URL parameter to specify the exact user. I get the following error: BadInputError('1cac57bc6ffa43f2ab66041af9f4dec7', 'Error in call to API function "files/list_folder": This API function operates on a single Dropbox account, but the OAuth 2 access token you provided is for an entire Dropbox Business team. Hi Greg, when I use this with the shared folders namespace ID :ĭbx = dropbox.Dropbox(token).with_path_root(_id("6951349920"))
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |