Forum Discussion

Explorer | Level 3

6 years ago

Redirect on .GetCurrentAccountAsync()

Hi, I'm using the Dropbox Api 4.9.3 for .NET, and there is some weird behavior during/after authentication. What I do is: - open a WebBrowserDialog - get authorizeUri using DropboxOAuth2Helper....

API

Greg-DB
6 years ago
When using `OAuthResponseType.Token`, a redirect URI is required, as a security feature of OAuth 2. It's optional for `OAuthResponseType.Code` though, in which case the user can manually copy/paste the authorization code from the web site into the app. (Using a redirect URI streamlines the process by avoiding the need to have the user do that manually.)

By the way, I don't have full context on your app/platform of course, nor am I specifically familiar with the `WebBrowserDialog or `WebBrowserControl` classes you mentioned, but for reference for you if you haven't seen it, or for anyone else reading, our official documentation for processing this in the system browser via the .NET SDK can be found here.

Viggaaa

Explorer | Level 3

So, I scrambled together a small test-app trying to recreate the bug, but only partially successful so far.
What I currently have is another bug, which apparently is WinForms WebBrowserControls' fault, where getting authentication and immediately closing that browser opens the redirected url in browser. (something about the redirect via script opening the actual browser instead of staying in that WinForms control)

Side-question, is that redirect-url necessary? Using Helper.GetAuthorizeUri with the Token-Flow seems to require the redirect-url, but I don't see the practical necessity for it in our case where we just get authentication and close the browser.

I'll give it another look somewhere next week when I'm back at the office, to figure out why in our actual project that redirect does not happen until the .GetCurrentAccountAsync method is called (at a point where the webBrowser should have been disposed, afaik)

Greg-DB

Dropbox Staff

6 years ago

When using `OAuthResponseType.Token`, a redirect URI is required, as a security feature of OAuth 2. It's optional for `OAuthResponseType.Code` though, in which case the user can manually copy/paste the authorization code from the web site into the app. (Using a redirect URI streamlines the process by avoiding the need to have the user do that manually.)

By the way, I don't have full context on your app/platform of course, nor am I specifically familiar with the `WebBrowserDialog or `WebBrowserControl` classes you mentioned, but for reference for you if you haven't seen it, or for anyone else reading, our official documentation for processing this in the system browser via the .NET SDK can be found here.

Viggaaa
Explorer | Level 3
6 years ago
What I meant by the WebBrowser* was that Windows Forms control:
https://docs.microsoft.com/de-de/dotnet/api/system.windows.forms.webbrowser?view=netframework-4.8
We initially used it in combination with a text-box to do the Code Authentication-flow (where the user sees a code after log-in, and has to give it to the App somehow)
Now that we moved to this Token authentication-flow, there was little reason to keep the WebBrowser control, so we moved to a solution very similar to your documentation.
Some follow-up questions:
- The first example in that documentation uses
var authorizeUri = DropboxOAuth2Helper.GetAuthorizeUri(OAuthResponseType.Code, ApiKey, new Uri(RedirectUri), state: state);
and it took me forever to find the bug in my copy-paste:
shouldn't the first parameter be OAuthResponseType.Token ? ( https://github.com/dropbox/dropbox-sdk-dotnet/blob/b8f5c751f9df6765f4e2bbb98b39bc6bde5cfadc/dropbox-sdk-dotnet/Examples/SimpleTest/Program.cs#L229 got it right)
- There is no way to automatically close the redirect-url, is there? JavaScript isn't cutting it because it did not open that tab in first place, and opening url with a specific process and killing that process after that feels dirty. (that's actually what we unintentionally achieved with that WebBrowser control)
I'm fine with sprinkle-ing some HTML on that redirect-page, would just be a little cleaner if it closed itself.

Thanks for the answers so far, official documentation is a solid solution to avoid that initial bug I had.
- Greg-DB
  Dropbox Staff
  6 years ago
  I'm glad to hear you got this sorted out. Yes, that appears to be a mistake in the first code block there. Apologies for the confusion. I'll ask the team to fix that up.
  
  And that's correct, unfortunately we don't have a way to close the browser tab itself.

About Dropbox API Support & Feedback

Find help with the Dropbox API from other developers.

5,877 PostsLatest Activity: 7 hours ago

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!

Forum Discussion

Redirect on .GetCurrentAccountAsync()

About Dropbox API Support & Feedback

Related Content

API Redirect URI allow multiple ports on localhost

Http redirect url

Mismatched redirect URI

OAuth2 redirects to Dropbox.com instead of my redirect URI

Auth redirect url

Recent Discussions

Trying to download a file, but no file is being downloaded.

Dropbox internal error occured - Resolution

How to add the entire team to team folder by api

API Upload .HEIC and convert to JPG

Invalid Folder Name with Team API