Class DbxWebAuth


  • public class DbxWebAuth
    extends java.lang.Object
    Does the OAuth 2 "authorization code" flow. (This SDK does not support the "token" flow.)

    Eventually yields an access token, which can be used with DbxClientV2 to make Dropbox API calls. You typically only need to do this for a user when they first use your application. Once you have an access token for that user, it remains valid for years.

    Redirect example

    One-time setup typically done on server initialization:

         DbxRequestConfig requestConfig = new DbxRequestConfig("text-edit/0.1");
         DbxAppInfo appInfo = DbxAppInfo.Reader.readFromFile("api.app");
         DbxWebAuth auth = new DbxWebAuth(requestConfig, appInfo);
    
         String redirectUri = "http://my-server.com/dropbox-auth-finish";
     

    Part 1

    Handler for "http://my-server.com/dropbox-auth-start":

         HttpServletRequest request = ...
         HttpServletResponse response = ...
    
         // Select a spot in the session for DbxWebAuth to store the CSRF token.
         HttpSession session = request.getSession(true);
         String sessionKey = "dropbox-auth-csrf-token";
         DbxSessionStore csrfTokenStore = new DbxStandardSessionStore(session, sessionKey);
    
         // Build an auth request
         DbxWebAuth.Request authRequest = DbxWebAuth.newRequestBuilder()
             .withRedirectUri(redirectUri, csrfTokenStore)
             .build();
    
         // Start authorization.
         String authorizePageUrl = auth.authorize(authRequest);
    
         // Redirect the user to the Dropbox website so they can approve our application.
         // The Dropbox website will send them back to "http://my-server.com/dropbox-auth-finish"
         // when they're done.
         response.sendRedirect(authorizePageUrl);
     

    Part 2

    Handler for "http://my-server.com/dropbox-auth-finish":

         HttpServletRequest request = ...
         HttpServletResponse response = ...
    
         // Fetch the session to verify our CSRF token
         HttpSession session = request.getSession(true);
         String sessionKey = "dropbox-auth-csrf-token";
         DbxSessionStore csrfTokenStore = new DbxStandardSessionStore(session, sessionKey);
         String redirectUri = "http://my-server.com/dropbox-auth-finish";
    
         DbxAuthFinish authFinish;
         try {
             authFinish = auth.finishFromRedirect(redirectUri, csrfTokenStore, request.getParameterMap());
         } catch (DbxWebAuth.BadRequestException ex) {
             log("On /dropbox-auth-finish: Bad request: " + ex.getMessage());
             response.sendError(400);
             return;
         } catch (DbxWebAuth.BadStateException ex) {
             // Send them back to the start of the auth flow.
             response.sendRedirect("http://my-server.com/dropbox-auth-start");
             return;
         } catch (DbxWebAuth.CsrfException ex) {
             log("On /dropbox-auth-finish: CSRF mismatch: " + ex.getMessage());
             response.sendError(403, "Forbidden.");
             return;
         } catch (DbxWebAuth.NotApprovedException ex) {
             // When Dropbox asked "Do you want to allow this app to access your
             // Dropbox account?", the user clicked "No".
             ...
             return;
         } catch (DbxWebAuth.ProviderException ex) {
             log("On /dropbox-auth-finish: Auth failed: " + ex.getMessage());
             response.sendError(503, "Error communicating with Dropbox.");
             return;
         } catch (DbxException ex) {
             log("On /dropbox-auth-finish: Error getting token: " + ex.getMessage());
             response.sendError(503, "Error communicating with Dropbox.");
             return;
         }
         String accessToken = authFinish.getAccessToken();
    
         // Save the access token somewhere (probably in your database) so you
         // don't need to send the user through the authorization process again.
         ...
    
         // Now use the access token to make Dropbox API calls.
         DbxClientV2 client = new DbxClientV2(requestConfig, accessToken);
         ...
     

    No Redirect Example

         DbxRequestConfig requestConfig = new DbxRequestConfig("text-edit/0.1");
         DbxAppInfo appInfo = DbxAppInfo.Reader.readFromFile("api.app");
         DbxWebAuth auth = new DbxWebAuth(requestConfig, appInfo);
    
         DbxWebAuth.Request authRequest = DbxWebAuth.newRequestBuilder()
             .withNoRedirect()
             .build();
         String authorizeUrl = auth.authorize(authRequest);
         System.out.println("1. Go to " + authorizeUrl);
         System.out.println("2. Click \"Allow\" (you might have to log in first).");
         System.out.println("3. Copy the authorization code.");
         System.out.print("Enter the authorization code here: ");
    
         String code = System.console().readLine();
         if (code != null) {
             code = code.trim();
             DbxAuthFinish authFinish = webAuth.finishFromCode(code);
             DbxClientV2 client = new DbxClientV2(requestConfig, authFinish.getAccessToken());
         }