com.dropbox.core

Class DbxWebAuth

java.lang.Object

com.dropbox.core.DbxWebAuth

public class DbxWebAuth
extends Object

Does the OAuth 2 "authorization code" flow. (This SDK does not support the "token" flow.)

Eventually yields an access token, which can be used with DbxClient to make Dropbox API calls. You typically only need to do this for a user when they first use your application. Once you have an access token for that user, it remains valid for years.

Setup:

 String userLocale = ...
 DbxRequestConfig requestConfig = new DbxRequestConfig("text-edit/0.1", userLocale);
 DbxAppInfo appInfo = DbxAppInfo.Reader.readFromFile("api.app");
 String redirectUri = "http://my-server.com/dropbox-auth-finish"
 HttpSession session = request.getSession(true);
 String sessionKey = "dropbox-auth-csrf-token";
 DbxSessionStore csrfTokenStore = new DbxStandardSessionStore(session, sessionKey);
 DbxWebAuth webAuth = new DbxWebAuth(requestConfig, appInfo, redirectUri, csrfTokenStore);
 

Example, part 1 (doesn't include error handling code):

 // Start authorization.
 String authorizeUrl = auth.start();

 // Send user to Dropbox authorization page, which will redirect back to your
 // "callback URL" after the user authorizes your app (part 2, below).
 sendRedirect(authUrl);
 

Servlet Example, part 2 (handler for "http://my-server.com/dropbox-auth"; doesn't include error-handling code)

 // Load the request token we saved in part 1.
 DbxRequestToken requestToken = (RequestToken) session.getAttribute("dropbox-request-token");
 if (requestToken == null) return error("Couldn't find request token in session.");
 session.removeAttribute("dropbox-request-token");

 // Check 'oauth_token' to make sure this request is really from Dropbox.
 String key = request.getParameter("oauth_token");
 if (key == null) return error("Missing parameter 'oauth_token'.");
 if (!secureStringEquals(key, requestToken.key)) return error("Invalid 'oauth_token' parameter.");

 // Finish authorization to get an "access token".
 DbxAuthFinish authFinish;
 try {
     authFinish = auth.finish(requestToken);
 }
 DbxAccessToken accessToken = authResponse.accessToken;

 // Save the access token somewhere (probably in your database) so you
 // don't need to send the user through the authorization process again.
 ...

 // Now use the access token to make Dropbox API calls.
 DbxClient client = new DbxClient(requestConfig, authFinish.accessToken);
 ...
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	DbxWebAuth.BadRequestException Thrown when the parameters passed to your redirect URI are not well-formed.
static class	DbxWebAuth.BadStateException Thrown if all the parameters to your redirect URI are well-formed, but there's no CSRF token in the session.
static class	DbxWebAuth.CsrfException Thrown if the given 'state' parameter doesn't contain the expected CSRF token.
static class	DbxWebAuth.Exception The base class for authorization redirect errors.
static class	DbxWebAuth.NotApprovedException Thrown when Dropbox tells us that the user chose not to grant your app access to their Dropbox account (i.e.
static class	DbxWebAuth.ProviderException Thrown when Dropbox tells us that some other error occurred in the authorization process.

Constructor Summary

Constructors

Constructor and Description
DbxWebAuth(DbxRequestConfig requestConfig, DbxAppInfo appInfo, String redirectUri, DbxSessionStore csrfTokenStore)

Method Summary

Methods

Modifier and Type	Method and Description
DbxAuthFinish	finish(Map<String,String[]> queryParams) Call this after the user has visited the authorizaton URL and Dropbox has redirected them back to you (using the redirectUri you passed in to start(java.lang.String).
String	start() Start authorization.
String	start(String urlState) Start authorization.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DbxWebAuth

public DbxWebAuth(DbxRequestConfig requestConfig,
          DbxAppInfo appInfo,
          String redirectUri,
          DbxSessionStore csrfTokenStore)

Parameters:

appInfo - Your application's Dropbox API information (the app key and secret).

Method Detail

start

public String start(String urlState)

Start authorization. Returns a "authorization URL" on the Dropbox website that gives the lets the user grant your app access to their Dropbox account.

If they choose to grant access, they will be shown an "authorization code", which they need to copy/paste back into your app, at which point you can call finish(java.util.Map<java.lang.String, java.lang.String[]>) to get an access token.

start

public String start()

Start authorization. Returns a "authorization URL" on the Dropbox website that gives the lets the user grant your app access to their Dropbox account.

If they choose to grant access, they will be shown an "authorization code", which they need to copy/paste back into your app, at which point you can call finish(java.util.Map<java.lang.String, java.lang.String[]>) to get an access token.

finish

public DbxAuthFinish finish(Map<String,String[]> queryParams)
                     throws DbxException,
                            DbxWebAuth.BadRequestException,
                            DbxWebAuth.BadStateException,
                            DbxWebAuth.CsrfException,
                            DbxWebAuth.NotApprovedException,
                            DbxWebAuth.ProviderException

Call this after the user has visited the authorizaton URL and Dropbox has redirected them back to you (using the redirectUri you passed in to start(java.lang.String).

Parameters:

queryParams - The query parameters on the GET request to your redirectUri.

Throws:

DbxException

DbxWebAuth.BadRequestException

DbxWebAuth.BadStateException

DbxWebAuth.CsrfException

DbxWebAuth.NotApprovedException

DbxWebAuth.ProviderException