We are aware of the issue with the badge emails resending to everyone, we apologise for the inconvenience - learn more here.

Forum Discussion

Ivan_'s avatar
Ivan_
Helpful | Level 6
3 years ago

How to programmatically get the Authorization code without requiring the user approval in OAuth 2.0

Hi,

I need to get approve code programmatically without this form via c# code 

 

 this is my code

How it should be modified in order to get approve code automatically without user actions ?

Thanks in advance 


  • Ivan_ wrote:

    ...

    The problem is that this code does not work in my Application. It stops at Proce/ssCodeFlowAsync method and after that the eternal loading of response begins. Sometimes eternal loading begins at HandleJSRedirect and HandleOAuth2Redirect methods, I do not know what causes such behavior.

    ...


    Ivan_, the code is for one time use!!! Once you get your credentials (access token and refresh token) the code isn't valid anymore! You should keep received credentials (primary the refresh token) and reuse later when needed to construct client object. Why after the authentication (you have credentials already) are you calling still handlers designate for initial authentication? 🤔 I cannot see a reason.


  • Ivan_ wrote:

    ...

    I need to get approve code programmatically ...


    You can use redirect URL and listen to there. What actually are you using the 'http' object for? 😉


    Ivan_ wrote:

    ...

    How it should be modified in order to get approve code automatically without user actions ?

    ...


    It's not possible for user side authentication (or least not a good idea). It's only possible on server side with pre-authentication and embedded credentials into the server, if applicable in your case.

    • Ivan_'s avatar
      Ivan_
      Helpful | Level 6

      Hi Ð—дравко

      I tried to do this

      But I faced with such problem :

      Firstly I am sending the request in order to get Approve code 

      After I performed confirmation in browser that I am trusting source I get this thing in browser

      If look closely to URL it contains code that I need to extract automatically

      It looks exactly as code in browser during usual approve

       

      However when I copied it to request for generating token

      I receive error

       

       I do not know what I am doing wrong 

      If I execute this code

      It will give me approve code after confirmation in browser

       

       via which the token is generated successfully

      But when I try to do all same with only one difference, that after user's confirmation this approve code will be extracted by program, not by user manually via this code

      I get error that I described above

      To sum up : the only thing that I need to implement is to make automatic approve_code extraction, without making user to copy this code from browser manually after user approved that he trusts source 

       

    • Ivan_'s avatar
      Ivan_
      Helpful | Level 6

      Hi Ð—дравко

      I tried to do this

      But I faced with such problem :

      Firstly I am sending the request in order to get Approve code 

      After I performed confirmation in browser that I am trusting source I get this thing in browser

      If look closely to URL it contains code that I need to extract automatically

      It looks exactly as code in browser during usual approve

       

      However when I copied it to request for generating token

      I receive error

       

       I do not know what I am doing wrong 

      If I execute this code

      It will give me approve code after confirmation in browser

       

       via which the token is generated successfully

      But when I try to do all same with only one difference, that after user's confirmation this approve code will be extracted by program via this code

      I get error that I described above

      To sum up : the only thing that I need to implement is to make automatic approve code extraction, without making user to copy this code from browser manually

      • Здравко's avatar
        Здравко
        Legendary | Level 20

        Ivan_ wrote:

        ...

        After I performed confirmation in browser that I am trusting source I get this thing in browser

        If look closely to URL it contains code that I need to extract automatically ...


        Yes, that's a desired behavior. The code (together with state) is passed as a HTTP query parameter (as denoted in documentation too).

        In addition to what Greg said, can be noted that pointed examples use second redirection step (don't ask me why; seems confusing, but...🤷). It can be implemented much simpler, but somebody have decided so (you are not mandated to follow the examples 1 to 1 - just get the idea out of there). For some reason the second redirection step seems doesn't comes up and so you can see the URL you are seeing. There can be different reasons, but at the beginning take a look if you give back to the browser the JS code responsible for the second redirection step and why this step fails (if you think still to follow the examples 1 to 1 - with step for second redirection).

  • Greg-DB's avatar
    Greg-DB
    Icon for Dropbox Staff rankDropbox Staff

    Ivan_ Ð—дравко is correct, to receive the authorization code programmatically, you should use a redirect URI. You can find more information on how this process works in the OAuth Guide and authorization documentation.

     

    Also note that it is not possible to fully automate the OAuth process where the user chooses to authorize the app and the app then receives the resulting access token and optional refresh token. This needs to be done manually by the user at least once. If your app needs to maintain long-term access without the user manually re-authorizing it repeatedly, the app should request "offline" access so that it gets a refresh token. The refresh token doesn't expire and can be stored and used repeatedly to get new short-lived access tokens whenever needed, without the user manually reauthorizing the app

     

    For the official Dropbox API v2 .NET SDK in C#, you can find an example of getting and using an access token and refresh token, via a redirect URI, in the OauthBasic example (non-PKCE, meant for server-side apps) as well as in the OAuthPKCE example (PKCE, meant for client-side apps).

About Dropbox API Support & Feedback

Node avatar for Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,877 PostsLatest Activity: 12 months ago
325 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!