public class DbxWebAuth extends Object
Eventually yields an access token, which can be used with DbxClientV2
to make Dropbox API calls. You typically only need to do this
for a user when they first use your application. Once you have an access token for that user, it
remains valid for years.
One-time setup typically done on server initialization:
DbxRequestConfig
requestConfig = new DbxRequestConfig("text-edit/0.1");DbxAppInfo
appInfo = DbxAppInfo.Reader.readFromFile("api.app"); DbxWebAuth auth = new DbxWebAuth(requestConfig, appInfo); String redirectUri = "http://my-server.com/dropbox-auth-finish";
Handler for "http://my-server.com/dropbox-auth-start":
HttpServletRequest
request = ...HttpServletResponse
response = ... // Select a spot in the session for DbxWebAuth to store the CSRF token.HttpSession
session = request.getSession(true); String sessionKey = "dropbox-auth-csrf-token";DbxSessionStore
csrfTokenStore = new DbxStandardSessionStore(session, sessionKey); // Build an auth requestDbxWebAuth.Request
authRequest = DbxWebAuth.newRequestBuilder() .withRedirectUri(redirectUri, csrfTokenStore) .build(); // Start authorization. String authorizePageUrl = auth.authorize
(authRequest); // Redirect the user to the Dropbox website so they can approve our application. // The Dropbox website will send them back to "http://my-server.com/dropbox-auth-finish" // when they're done. response.sendRedirect(authorizePageUrl);
Handler for "http://my-server.com/dropbox-auth-finish":
HttpServletRequest
request = ...HttpServletResponse
response = ... // Fetch the session to verify our CSRF tokenHttpSession
session = request.getSession(true); String sessionKey = "dropbox-auth-csrf-token";DbxSessionStore
csrfTokenStore = new DbxStandardSessionStore(session, sessionKey); String redirectUri = "http://my-server.com/dropbox-auth-finish";DbxAuthFinish
authFinish; try { authFinish = auth.finishFromRedirect
(redirectUri, csrfTokenStore, request.getParameterMap()); } catch (DbxWebAuth.BadRequestException ex) { log("On /dropbox-auth-finish: Bad request: " + ex.getMessage()); response.sendError(400); return; } catch (DbxWebAuth.BadStateException ex) { // Send them back to the start of the auth flow. response.sendRedirect("http://my-server.com/dropbox-auth-start"); return; } catch (DbxWebAuth.CsrfException ex) { log("On /dropbox-auth-finish: CSRF mismatch: " + ex.getMessage()); response.sendError(403, "Forbidden."); return; } catch (DbxWebAuth.NotApprovedException ex) { // When Dropbox asked "Do you want to allow this app to access your // Dropbox account?", the user clicked "No". ... return; } catch (DbxWebAuth.ProviderException ex) { log("On /dropbox-auth-finish: Auth failed: " + ex.getMessage()); response.sendError(503, "Error communicating with Dropbox."); return; } catch (DbxException ex) { log("On /dropbox-auth-finish: Error getting token: " + ex.getMessage()); response.sendError(503, "Error communicating with Dropbox."); return; } String accessToken = authFinish.getAccessToken(); // Save the access token somewhere (probably in your database) so you // don't need to send the user through the authorization process again. ... // Now use the access token to make Dropbox API calls.DbxClientV2
client = new DbxClientV2(requestConfig, accessToken); ...
DbxRequestConfig
requestConfig = new DbxRequestConfig("text-edit/0.1");DbxAppInfo
appInfo = DbxAppInfo.Reader.readFromFile("api.app"); DbxWebAuth auth = new DbxWebAuth(requestConfig, appInfo);DbxWebAuth.Request
authRequest = DbxWebAuth.newRequestBuilder() .withNoRedirect() .build(); String authorizeUrl = auth.authorize(authRequest); System.out.println("1. Go to " + authorizeUrl); System.out.println("2. Click \"Allow\" (you might have to log in first)."); System.out.println("3. Copy the authorization code."); System.out.print("Enter the authorization code here: "); String code = System.console().readLine(); if (code != null) { code = code.trim();DbxAuthFinish
authFinish = webAuth.finishFromCode
(code);DbxClientV2
client = new DbxClientV2(requestConfig, authFinish.getAccessToken()); }
Modifier and Type | Class and Description |
---|---|
static class |
DbxWebAuth.BadRequestException
Thrown when the parameters passed to your redirect URI are not well-formed.
|
static class |
DbxWebAuth.BadStateException
Thrown if all the parameters to your redirect URI are well-formed, but there's no CSRF token
in the session.
|
static class |
DbxWebAuth.CsrfException
Thrown if the given 'state' parameter doesn't contain the expected CSRF token.
|
static class |
DbxWebAuth.Exception
The base class for authorization redirect errors.
|
static class |
DbxWebAuth.NotApprovedException
Thrown when Dropbox tells us that the user chose not to grant your app access to their
Dropbox account (i.e.
|
static class |
DbxWebAuth.ProviderException
Thrown when Dropbox tells us that some other error occurred in the authorization process.
|
static class |
DbxWebAuth.Request
OAuth web-based authorization flow request.
|
Modifier and Type | Field and Description |
---|---|
static String |
ROLE_PERSONAL
Role representing the personal account associated with a user.
|
static String |
ROLE_WORK
Role representing the team account associated with a user.
|
Constructor and Description |
---|
DbxWebAuth(DbxRequestConfig requestConfig,
DbxAppInfo appInfo)
Creates a new instance that will perform the OAuth2 authorization flow using the given OAuth
request configuration.
|
DbxWebAuth(DbxRequestConfig requestConfig,
DbxAppInfo appInfo,
String redirectUri,
DbxSessionStore sessionStore)
Deprecated.
|
Modifier and Type | Method and Description |
---|---|
String |
authorize(DbxWebAuth.Request request)
Starts authorization and returns a "authorization URL" on the Dropbox website that gives the
lets the user grant your app access to their Dropbox account.
|
DbxAuthFinish |
finish(Map<String,String[]> queryParams)
Deprecated.
use
finishFromRedirect(..) instead. |
DbxAuthFinish |
finishFromCode(String code)
Call this after the user has visited the authorizaton URL and copy/pasted the authorization
code that Dropbox gave them.
|
DbxAuthFinish |
finishFromRedirect(String redirectUri,
DbxSessionStore sessionStore,
Map<String,String[]> params)
Call this after the user has visited the authorizaton URL and Dropbox has redirected them
back to you at the redirect URI.
|
static DbxWebAuth.Request.Builder |
newRequestBuilder()
Returns a new request builder with default values (e.g.
|
String |
start(String urlState)
Deprecated.
|
public static final String ROLE_WORK
DbxWebAuth.Request.Builder.withRequireRole(java.lang.String)
.public static final String ROLE_PERSONAL
DbxWebAuth.Request.Builder.withRequireRole(java.lang.String)
.@Deprecated public DbxWebAuth(DbxRequestConfig requestConfig, DbxAppInfo appInfo, String redirectUri, DbxSessionStore sessionStore)
DbxWebAuth(DbxRequestConfig,DbxAppInfo)
and authorize(com.dropbox.core.DbxWebAuth.Request)
insteadrequestConfig
- HTTP request configuration, never null
.appInfo
- Your application's Dropbox API information (the app key and secret), never
nulL
.redirectUri
- Where to redirect the user after authorization has completed, never null
.sessionStore
- Session store to use for storing CSRF nonces across requests, never null
.public DbxWebAuth(DbxRequestConfig requestConfig, DbxAppInfo appInfo)
requestConfig
- HTTP request configuration, never null
.appInfo
- Your application's Dropbox API information (the app key and secret), never
null
.@Deprecated public String start(String urlState)
DbxWebAuth(DbxRequestConfig,DbxAppInfo)
and authorize(com.dropbox.core.DbxWebAuth.Request)
instead. If a redirect URI was specified, then users will be redirected to the redirect URI after
completing the authorization flow. Call finishFromRedirect(..)
with the query parameters
received from the redirect.
If no redirect URI was specified, then users who grant access will be shown an
"authorization code". The user must copy/paste the authorization code back into your app, at
which point you can call finishFromCode(String)
to get an access token.
urlState
- additional state to add to the flow that will be returned upon redirectIllegalArgumentException
- if urlState exceeds maximum size of 476 bytesIllegalStateException
- if this instance was not created using the deprecated DbxWebAuth(DbxRequestConfig,DbxAppInfo,String,DbxSessionStore)
constructorpublic String authorize(DbxWebAuth.Request request)
If a redirect URI was specified (DbxWebAuth.Request.Builder.withRedirectUri(java.lang.String, com.dropbox.core.DbxSessionStore)
), then users
will be redirected to the redirect URI after completing the authorization flow. Call finishFromRedirect(java.lang.String, com.dropbox.core.DbxSessionStore, java.util.Map<java.lang.String, java.lang.String[]>)
with the query parameters received from the redirect.
If no redirect URI was specified (DbxWebAuth.Request.Builder.withNoRedirect()
), then users who
grant access will be shown an "authorization code". The user must copy/paste the
authorization code back into your app, at which point you can call finishFromCode(String)
to get an access token.
request
- OAuth 2.0 web-based authorization flow request configurationIllegalStateException
- if this DbxWebAuth
instance was created using the
deprecated DbxWebAuth(DbxRequestConfig,DbxAppInfo,String,DbxSessionStore)
constructor.public DbxAuthFinish finishFromCode(String code) throws DbxException
code
- The authorization code shown to the user when they clicked "Allow" on the
authorization, page on the Dropbox website, never null
.DbxException
- if an error occurs communicating with Dropbox.public DbxAuthFinish finishFromRedirect(String redirectUri, DbxSessionStore sessionStore, Map<String,String[]> params) throws DbxException, DbxWebAuth.BadRequestException, DbxWebAuth.BadStateException, DbxWebAuth.CsrfException, DbxWebAuth.NotApprovedException, DbxWebAuth.ProviderException
redirectUri
- The original redirect URI used by authorize(com.dropbox.core.DbxWebAuth.Request)
, never null
.sessionStore
- Session store used by authorize(com.dropbox.core.DbxWebAuth.Request)
to store CSRF tokens, never
null
.params
- The query parameters on the GET request to your redirect URI, never null
.BadRequestException
- If the redirect request is missing required query parameters,
contains duplicate parameters, or includes mutually exclusive parameters (e.g. "error"
and "code"
).DbxWebAuth.BadStateException
- If the CSRF token retrieved from sessionStore
is null
or malformed.DbxWebAuth.CsrfException
- If the CSRF token passed in params
does not match the CSRF
token from sessionStore
. This implies the redirect request may be forged.DbxWebAuth.NotApprovedException
- If the user chose to deny the authorization request.DbxWebAuth.ProviderException
- If an OAuth2 error response besides "access_denied"
is
set.DbxException
- If an error occurs communicating with Dropbox.DbxWebAuth.BadRequestException
@Deprecated public DbxAuthFinish finish(Map<String,String[]> queryParams) throws DbxException, DbxWebAuth.BadRequestException, DbxWebAuth.BadStateException, DbxWebAuth.CsrfException, DbxWebAuth.NotApprovedException, DbxWebAuth.ProviderException
finishFromRedirect(..)
instead.redirectUri
you passed in to start(java.lang.String)
.queryParams
- The query parameters on the GET request to your redirectUri
.IllegalStateException
- if this instance was not created using the deprecated DbxWebAuth(DbxRequestConfig,DbxAppInfo,String,DbxSessionStore)
constructorBadRequestException
- If the redirect request is missing required query parameters,
contains duplicate parameters, or includes mutually exclusive parameters (e.g. "error"
and "code"
)DbxWebAuth.BadStateException
- If the CSRF token retrieved from sessionStore
is missing or
malformed. Missing tokens often imply the user session has expired.DbxWebAuth.CsrfException
- If the CSRF token passed in params
does not match the CSRF
token from sessionStore
. This implies the redirect request may be forged.DbxWebAuth.NotApprovedException
- If the user chose to deny the authorization requestDbxWebAuth.ProviderException
- If an OAuth 2.0 error response besides "access_denied"
is
set.DbxException
- If an error occurs communicating with DropboxDbxWebAuth.BadRequestException
public static DbxWebAuth.Request.Builder newRequestBuilder()