Package com.dropbox.core

Class DbxPKCEWebAuth

java.lang.Object

com.dropbox.core.DbxPKCEWebAuth

public class DbxPKCEWebAuth
extends java.lang.Object

This class does the OAuth2 "authorization code" flow with Proof Key for Code Exchange(PKCE). PKCE allows "authorization code" flow without "client_secret". It enables "native application", which is ensafe to hardcode client_secret in code, to use "authorization code". If you application has a server, please use regular DbxWebAuth instead. PKCE is more secure than "token" flow. If authorization code is compromised during transmission, it can't be used to exchange for access token without random generated code_verifier, which is stored inside SDK. DbxPKCEWebAuth and DbxWebAuth has the same interface and slightly different behavior:

1. The constructor should take DbxAppInfo without app secret.
2. Two step of OAuth2: authorize(DbxWebAuth.Request) and finishFromRedirect(String, DbxSessionStore, Map), should be called on the same object.

See Also:

https://tools.ietf.org/html/rfc7636 and new dropbox oauth guide

Constructor Summary

Constructors

Constructor	Description
DbxPKCEWebAuth(DbxRequestConfig requestConfig, DbxAppInfo appInfo)	Creates a new instance that will perform the OAuth2 PKCE authorization flow using the given OAuth request configuration.

Method Summary

Modifier and Type	Method	Description
java.lang.String	authorize(DbxWebAuth.Request request)	Starts authorization and returns an "authorization URL" on the Dropbox website that let the user grant your app access to their Dropbox account.
DbxAuthFinish	finishFromCode(java.lang.String code)	Call this after the user has visited the authorizaton URL and copy/pasted the authorization code that Dropbox gave them, with the SAME DbxPKCEWebAuth instance that generated the authorization URL.
DbxAuthFinish	finishFromRedirect(java.lang.String redirectUri, DbxSessionStore sessionStore, java.util.Map<java.lang.String,java.lang.String[]> params)	Call this after the user has visited the authorizaton URL and Dropbox has redirected them back to your native app, with the SAME DbxPKCEWebAuth instance that generated the authorization URL.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DbxPKCEWebAuth

public DbxPKCEWebAuth(DbxRequestConfig requestConfig,
                      DbxAppInfo appInfo)

Creates a new instance that will perform the OAuth2 PKCE authorization flow using the given OAuth request configuration.

Parameters:

requestConfig - HTTP request configuration, never null.

appInfo - Your application's Dropbox API information (the app key), never null.

Throws:

java.lang.IllegalStateException - if appInfo contains app secret.

Method Detail

authorize

public java.lang.String authorize(DbxWebAuth.Request request)

Starts authorization and returns an "authorization URL" on the Dropbox website that let the user grant your app access to their Dropbox account.

If a redirect URI was specified (DbxWebAuth.Request.Builder.withRedirectUri(java.lang.String, com.dropbox.core.DbxSessionStore)). The redirect URI should bring user back to your app on end device. Call finishFromRedirect(java.lang.String, com.dropbox.core.DbxSessionStore, java.util.Map<java.lang.String, java.lang.String[]>) using the same DbxPKCEWebAuth instance with the query parameters received from the redirect.

If no redirect URI was specified (DbxWebAuth.Request.Builder.withNoRedirect()), then users who grant access will be shown an "authorization code". The user must copy/paste the authorization code back into your app, at which point you can call finishFromCode(String) with the same DbxPKCEWebAuth instance from to get an access token.

Parameters:

request - OAuth 2.0 web-based authorization flow request configuration

Returns:

Authorization URL of website user can use to authorize your app.

finishFromCode

public DbxAuthFinish finishFromCode(java.lang.String code)
                             throws DbxException

Call this after the user has visited the authorizaton URL and copy/pasted the authorization code that Dropbox gave them, with the SAME DbxPKCEWebAuth instance that generated the authorization URL.

Throws:

DbxException - if the instance is not the same one used to generate authorization URL, or if an error occurs communicating with Dropbox.

See Also:

DbxWebAuth.finishFromCode(String)

finishFromRedirect

public DbxAuthFinish finishFromRedirect(java.lang.String redirectUri,
                                        DbxSessionStore sessionStore,
                                        java.util.Map<java.lang.String,java.lang.String[]> params)
                                 throws DbxException,
                                        DbxWebAuth.BadRequestException,
                                        DbxWebAuth.BadStateException,
                                        DbxWebAuth.CsrfException,
                                        DbxWebAuth.NotApprovedException,
                                        DbxWebAuth.ProviderException

Call this after the user has visited the authorizaton URL and Dropbox has redirected them back to your native app, with the SAME DbxPKCEWebAuth instance that generated the authorization URL.

Throws:

BadRequestException - If the redirect request is missing required query parameters, contains duplicate parameters, or includes mutually exclusive parameters (e.g. "error" and "code").

DbxWebAuth.BadStateException - If the CSRF token retrieved from sessionStore is null or malformed.

DbxWebAuth.CsrfException - If the CSRF token passed in params does not match the CSRF token from sessionStore. This implies the redirect request may be forged.

DbxWebAuth.NotApprovedException - If the user chose to deny the authorization request.

DbxWebAuth.ProviderException - If an OAuth2 error response besides "access_denied" is set.

DbxException - if the instance is not the same one used to generate authorization URL, or if an error occurs communicating with Dropbox.

DbxWebAuth.BadRequestException