You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
Tech Dev Oldsmar
4 years agoHelpful | Level 6
Forced to make all users Team Admins? "You must be a team administrator to authorize this app"
Good morning:
Transitioning to short-lived token with a snag. The "no expiration" token currently used in the 10-person dev environment is working perfect to upload/download/save, etc.... file...
- 4 years ago
This error is about which scopes are being requested. For reference, scoped apps can use two main kinds of scopes: "Individual" and "Team".
Individual scopes enable access to functionality for an individual account, such as uploading and downloading files, creating folders, etc. They can be authorized by any kind of Dropbox account.
Team scopes enable access to functionality for entire Business teams, such as managing members, etc. They can only be authorized by team admins.
The error here is indicating that the app is requesting team scopes, but the user is not an admin and so cannot authorize that. If you want to allow non-admins to connect the app, you'll need to request only individual scopes.
If your app never needs to use team scopes, you can configure this by disabling the team scopes entirely from the app's Permissions settings (which are shown in your screenshot).
Alternatively, if your app does sometimes need to use team scopes, you can instead specify which scopes to request from a user on the fly by setting a particular set of scopes when constructing the authorization URL. That is, you can list the scopes to request in the 'scope' parameter on the /oauth2/authorize URL. (If you're using an SDK to process the flow, refer to the relevant SDK documentation for information on how to configure that.)
Greg-DB
Dropbox Staff
This error is about which scopes are being requested. For reference, scoped apps can use two main kinds of scopes: "Individual" and "Team".
Individual scopes enable access to functionality for an individual account, such as uploading and downloading files, creating folders, etc. They can be authorized by any kind of Dropbox account.
Team scopes enable access to functionality for entire Business teams, such as managing members, etc. They can only be authorized by team admins.
The error here is indicating that the app is requesting team scopes, but the user is not an admin and so cannot authorize that. If you want to allow non-admins to connect the app, you'll need to request only individual scopes.
If your app never needs to use team scopes, you can configure this by disabling the team scopes entirely from the app's Permissions settings (which are shown in your screenshot).
Alternatively, if your app does sometimes need to use team scopes, you can instead specify which scopes to request from a user on the fly by setting a particular set of scopes when constructing the authorization URL. That is, you can list the scopes to request in the 'scope' parameter on the /oauth2/authorize URL. (If you're using an SDK to process the flow, refer to the relevant SDK documentation for information on how to configure that.)
Tech Dev Oldsmar
4 years agoHelpful | Level 6
Hello Greg:
Worked! The .NET SDK DBX App has Teams rights but I only request individual rights in the authorization URL scope directive:
https://www.dropbox.com/oauth2/authorize?client_id=MY_CLIENT_ID&redirect_uri=MY_REDIRECT_URI&response_type=code&scope=account_info.write account_info.read files.metadata.write files.metadata.read files.content.write files.content.read
That allows a non-Team Admin to approve the app. When I need to actually use a Team feature (team_info.read team_data.member team_data.team_space files.team_metadata.write members.read groups.read) I create a teamClient.AsMember and everything seems to be fine. I tested it out to create a subfolder within a Team directory and no problem!
Thanks!
Anton
- Tech Dev Oldsmar2 years agoHelpful | Level 6
This was really helpful - thank you for sharing the fix. Didn't run into this until deployment with non-admins. For anyone in the odd position of needing this for a Windows Forms application here is how I built the authorizeURI:
// set the desired scopes var scopesList = new List<string> { "account_info.write", "account_info.read", "files.metadata.read", "files.metadata.write", "files.content.read", "files.content.write" }; string[] scopes = scopesList.ToArray(); var authorizeUri = DropboxOAuth2Helper.GetAuthorizeUri(OAuthResponseType.Code, Properties.Settings.Default.appKey, (string)null, tokenAccessType: TokenAccessType.Offline ,scopeList: scopes ); Process.Start(authorizeUri.ToString());
About Dropbox API Support & Feedback
Find help with the Dropbox API from other developers.
5,878 PostsLatest Activity: 8 hours agoIf you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.
For more info on available support options for your Dropbox plan, see this article.
If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!