public static final class DbxWebAuth.Request.Builder extends java.lang.Object
|Modifier and Type||Method and Description|
Returns a new OAuth
Whether or not to allow non-users to sign up for a Dropbox account via the authorization page.
Whether or not to force the user to approve the app again if they've already done so.
Do not redirect the user after authorization has completed (default).
Where to redirect the user after authorization has completed.
Request the user authorize with the particular type of Dropbox account.
Up to 476 bytes of arbitrary data that will be passed back to your redirect URI.
public DbxWebAuth.Request.Builder withNoRedirect()
After a user authorizes the app using the authorization URL, a code will be
displayed that they must copy and paste into your app. If you want users to be
redirected after authorization back to your app, use
instead. Websites should always provide a redirect URI.
public DbxWebAuth.Request.Builder withRedirectUri(java.lang.String redirectUri, DbxSessionStore sessionStore)
This must be the exact URI registered in the App Console;
"localhost" must be listed if it is used for testing. All redirect URIs must be
HTTPS except for localhost URIs. If the redirect URI is omitted, the code will be
presented directly to the user and they will be invited to enter the information in
The given session store will be used for storing the Cross-Site Request Forgery
(CSRF) nonce generated during the authorization flow. To prevent CSRF attacks,
DbxWebAuth appends a nonce to each authorization request. When the authorization
flow is complete, the returned nonce is compared with the one in the store to ensure
the response is valid. A session store must be specified if a redirect URI is
redirectUri- URI to redirect authorization response, never
sessionStore- Session store to use for storing CSRF nonces across requests, never
java.lang.NullPointerException- if either redirectUri or sessionStore is
public DbxWebAuth.Request.Builder withState(java.lang.String state)
DbxWebAuth will always automatically append a nonce to the
state to protect against cross-site request forgery. This is true even if no state is
State should only be provided if a redirect URI is provided as well, otherwise
build() will throw an
state- additional state to pass back to the redirect URI, or
nullto pass back no additional state.
java.lang.IllegalArgumentException- if state is greater than 476 bytes
public DbxWebAuth.Request.Builder withRequireRole(java.lang.String requireRole)
public DbxWebAuth.Request.Builder withForceReapprove(java.lang.Boolean forceReapprove)
false (default), a user who has already approved the application may
be automatically redirected to the URI specified by
withRedirectUri(java.lang.String, com.dropbox.core.DbxSessionStore). If
true, the user will not be automatically redirected and will have to approve
the app again.
forceReapprove- whether to force a user to re-approve this app, or
nullfor default behavior
public DbxWebAuth.Request.Builder withDisableSignup(java.lang.Boolean disableSignup)
true (default is
false) users will not be able to sign up
for a Dropbox account via the authorization page. Instead, the authorization page
will show a link to install Dropbox (typically through a mobile app store). This is
only intended for use when necessary for compliance with App Store policies.
disableSignup- whether or not to allow users to sign up in the authorization flow, or
nullfor default behavior
public DbxWebAuth.Request.Builder withTokenAccessType(TokenAccessType tokenAccessType)
TokenAccessType.ONLINE, auth result only contains short live token. For
TokenAccessType.OFFLINE, auth result includes both short live token and refresh token. For
null, auth result is either legacy long live token or short live token only, depending on the app setting.
tokenAccessType- Whether or not to include refresh token in
public DbxWebAuth.Request.Builder withScope(java.util.Collection<java.lang.String> scope)
scope- Space-delimited scope string. Each scope corresponds to a group of API endpoints. To call one API endpoint you have to obtains the scope first otherwise you will get HTTP 401. Example: "account_info.read files.content.read"
public DbxWebAuth.Request.Builder withIncludeGrantedScopes(IncludeGrantedScopes includeGrantedScopes)
includeGrantedScopes- This field is optional. If not presented, Dropbox will give you the scopes in
withScope(Collection). Otherwise Dropbox server will return a token with all scopes user previously granted your app together with the new scopes.
public DbxWebAuth.Request build()
DbxWebAuth.Requestthat can be used in
DbxWebAuth.DbxWebAuth(DbxRequestConfig,DbxAppInfo)to authorize a user.